Decompiling EXE to ASM

assembly antivirus disassembly
Athiwat Chunlakhan picture Athiwat Chunlakhan · Oct 22, 2009 · Viewed 16k times · Source

I want to make a basic antivirus for my free time. Basically I learned about the basic structure of the EXE(windows) file. How do I extract the ASM code from the file and the PE header?

Answer

Todd Stout picture Todd Stout · Oct 22, 2009

You can install Cygwin and use objdump to decompile an exe into asm. Be sure you select the binutils when installing cygwin. After installing cygwin, you can run the following from a bash shell:

objdump -Slx yourpgm.exe

Related questions

What's the purpose of the LEA instruction?

For me, it just seems like a funky MOV. What's its purpose and when should I use it?

Read More
Is it possible to "decompile" a Windows .exe? Or at least view the Assembly?

A friend of mine downloaded some malware from Facebook, and I'm curious to see what it does without infecting myself. I know that you can't really decompile an .exe, but can I at least view it in Assembly or attach …

Read More
How do you get assembler output from C/C++ source in gcc?

How does one do this? If I want to analyze how something is getting compiled, how would I get the emitted assembly code?

Read More