FWdasm is a free command line disassembler intended to be used to examine executable files. It is designed to be scriptable and able to quickly pull out specific information about an executable in a format that is easily parsed in an automated fashion. It is also able to dump large amounts of information in nicely formatted tables and cross-referenced assembly for manual analysis. Currently, only Microsoft PE executables are supported but support for other executable formats including ELF and analysis of raw binary streams (e.g. shellcode) will be added in the future.
The following sample output was generated by running FWdasm on itself using the following command line parameters:
C:>fwdasm -vf fwdasm.exe -Ccos all -qlixSabfgTRdvvvv > out.txt sample-output.zip The parameters are described on the download page below. Note that there are multiple ‘v’ parameters passed. This increases the verbosity of the output and is intended for producing human friendly output. If no ‘v’ parameters are specified, output is in a format suitable for text parsing. Tables are output in csv format that can be imported into a spreadsheet application. Assembly is output without cross-reference information. As ‘v’ parameters are added, tabular data is formatted in SQL-like output tables, and the assembly code is more and more annotated with offsets, call and branch target cross-references, string table references and external library calls. FWdasm is free and can be downloaded here.
- Reversing: Secrets of Reverse Engineering
- The IDA Pro Book: The Unofficial Guide to the World’s Most Popular Disassembler
- The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System
- Identifying Malicious Code Through Reverse Engineering (Advances in Information Security)