Disassemble raw x64 machine code

64-bit objdump disassembly
Voo picture Voo · Sep 28, 2013 · Viewed 6.9k times · Source

What is the right architecture to get objdump to disassemble raw x64 code? You would think -m x86-64 should work from reading the help, but it doesn't. I tried with both the cygwin64 version:

$ objdump --version
GNU objdump (GNU Binutils) 2.23.52.20130604

as well as the version in my Fedora 18 x64 install (2.23.51.0.1-3.fc18 20120806) but I only get can't use supplied machine x86-64. Also tried with amd64 and x64 but that didn't work either.

The command is basically objdump -b binary -D -m ??? file

Answer

Voo picture Voo · Sep 28, 2013

And as usual writing down the question already gives you some rather good ideas what else to try..

Anyhow the right machine architecture is: i386:x86-64.

The full command is:

objdump -b binary -D -m i386:x86-64 <file>

If you want to disassemble code that expects to be loaded at a specific address, you can add the --adjust-vma <load-address> flag.

Related questions

How do I register a DLL file on Windows 7 64-bit?

I have tried to use the following code: cd c:\windows\system32 regsvr32.exe dllname.ax But this is not working for me. How can I register a DLL file on Windows 7 with a 64-bit processor?

Read More
How can I tell if I'm running in 64-bit JVM or 32-bit JVM (from within a program)?

How can I tell if the JVM in which my application runs is 32 bit or 64-bit? Specifically, what functions or properties I can used to detect this within the program?

Read More
"An attempt was made to load a program with an incorrect format" even when the platforms are the same

I'm calling functions from a 32-bit unmanaged DLL on a 64-bit system. What I get is: BadImageFormatException: An attempt was made to load a program with an incorrect format. (Exception from HRESULT: 0x8007000B) At first, I had my projects …

Read More