Schadenfroh
Elite Member
It would be greatly appreciated if someone knew of a good disassembler to use on Windows 32-bit Executables. I require knowing the order of system calls in an executable, specifically for the purpose of determining the potential maliciousness of the executable.
I have tried Win32 Program disassembler, but I have noticed anomalies in the disassembly (like jumps to addresses that do not exist, issues that were discovered while writing a program to trace the assembly code's possible paths during execution).
I have also tried BinUtil's objdump, but I am unable to ascertain the system calls from the disassembly that it produces (no calls match the address where the system calls are located) with Win32 executables (unless I am using the incorrect arguments).
What I need in a disassembler:
Any ideas?
Thanks in advance!
I have tried Win32 Program disassembler, but I have noticed anomalies in the disassembly (like jumps to addresses that do not exist, issues that were discovered while writing a program to trace the assembly code's possible paths during execution).
I have also tried BinUtil's objdump, but I am unable to ascertain the system calls from the disassembly that it produces (no calls match the address where the system calls are located) with Win32 executables (unless I am using the incorrect arguments).
What I need in a disassembler:
- Able to be automated (going to disassemble hundreds of executables) to write the results to a text file
- Able to identify where the system calls take place (objective)
- Freeware for educational institutions / purposes
Any ideas?
Thanks in advance!
