I saw an old StackOverflow thread linked from Hacker News asking how to whether it’s worthwhile to learn assembly language and how to go about doing so. I’d like to take a stab at the last question.
The fastest way to learn an assembly language is to reverse engineer something. Seriously, start with something that you know (like a C program that you wrote yourself) and take it apart. The good news is that assembly language is very simple and you will get a lot of practice in a short amount of time with RE.
So here’s how you do it:
- Take a simple program in C and build it with your tool chain, whether GNU gcc on Linux, Xcode on Mac, or MSVC on Windows. Also, make sure to turn on debugging symbols during compilation (this will help annotate the disassembly).
- On Linux, use objdump:
objdump -d program_binary
- On Mac, use otool:
otool -tV program_binary
- On Windows: I admit, I’m a bit fuzzy on this one– I’m quite certain there’s a standard MSVC tool that prints the assembly listing.
Anyway, look at the disassembled code and find the main() function. Work from there. Whatever the first instruction is, look it up on Google. You’ll likely find various CPU manuals that will explain the simple operation of the instruction. Look up the next unfamiliar instruction, then the next. Trust me, you’ll become an ASM expert in no time.
Good luck!
“#
# On Windows: I admit, I’m a bit fuzzy on this one– I’m quite certain there’s a standard MSVC tool that prints the assembly listing.”
I think a debugger is the right choice for this. It lets you see the C and ASM together and step through and figure out what each line of ASM is doing.
gcc -S for really lazy (or corresponding switch for MSVC)
On MS-DOS: there is the ‘debug’ command..
“On Windows: I admit, I’m a bit fuzzy on this one”
Put a breakpoint, run the debugger and then when it’s stopped press Atl+8 to see the assembly.
On Windows (MSVC): “dumpbin /disasm file.exe”, or “cl /FAs file.cpp”.
But if you want to _actually_ RE instead of just staring at the listing, there’s no much alternative to IDA Pro, in my opinion.
DUMPBIN! Thanks, igorsk– that’s the utility I was thinking of all along.