0

Yesterday, I got caught a problem on re-asselembling the disassembly.
My experiment was like below. : 

1. Disassemble binary_A into A.s  
2. Re-assemble A.s into binary_A'



I expected binary_A and binary_A' to be completely identical.
However, it wasn't !


1. disassembly of binary_A was : 

53                  #  push %ebx
83 ec 08            #  sub $0x8,%esp
81 c3 4b 1d 00 00   #  add $0x1d4b,%ebx
8b 83 fc ff ff ff   #  mov -0x4(%ebx),%eax      <= Here
85 c0               #  test %eax,%eax



2. I parsed it and made A.s file: 

push %ebx
sub $0x8,%esp
add $0x1d4b,%ebx
mov -0x4(%ebx),%eax
test %eax,%eax



3. finally I re-assembled it into binary_A' (Look carefully at the arrow): 

53                  #  push %ebx
83 ec 08            #  sub $0x8,%esp
81 c3 4b 1d 00 00   #  add $0x1d4b,%ebx
8b 43 fc            #  mov -0x4(%ebx),%eax     <= Here!
85 c0               #  test %eax,%eax



Here is my problem :
I want binary_A and binary_A' to be completely identical.
However, it wasn't because mov eax, DWORD PTR [ebx - 0x4]is assembled in a different way.

Question :
Can I direct assembler to use specific encoding?
(using assembler directive or sth like that?)

Improve this question
10
  • On linux, I used GNU assembler using as command. Commented Jul 24, 2018 at 6:05
  • @MichaelPetch Code shown in the body is result of gdb. However, the real code is written in att style. Below is the actual code that I used. push %ebx; sub $0x8,%esp; add $0x1d4b,%ebx; mov -0x4(%ebx),%eax; test %eax,%eax Commented Jul 24, 2018 at 6:25
  • 2
    @최지원 you could have edited your previous question with the additional info. Also this AT&T source can be part of your new question, just use edit. And generally don't expect after binary->disasm->asm steps to receive identical binary, that's not common target for the common tools, so unless you are using some kind of specific disassembler+assembler pair (and I'm not aware of such, but I never needed that, when I was doing some binary patching, I was usually patching binary directly), which is targetted to maintain binary identity, it will break on many spots (with ordinary tools). Commented Jul 24, 2018 at 6:30
  • BTW, did you try the advice from comments from previous question? {disp32} mov -4(%ebx), %eax was the one for AT&T. Commented Jul 24, 2018 at 6:42
  • 3
    Of course I forgot that the old versions of binutils support the instruction suffix .d32. This should work mov.d32 -0x4(%ebx),%eax Commented Jul 24, 2018 at 7:18
Related questions
38
Jumping to the next "instruction" using gdb
958
Why does C++ code for testing the Collatz conjecture run faster than hand-written assembly?
3
(VC++) Runtime Check for Uninitialized Variables: How is the test Implemented?
Load 6 more related questions Show fewer related questions

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.