Codisasm is an X86 disassembler which deals with self-modifying codes and overlapping instructions.
CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions, Paper presented at CCS 2015
Codisasm is developed under Mac OS X and Linux, but is set-up to be highly portable.
The GIT repository for Codisasm is hosted on INRIA forge.
If you have GIT installed, you should do the following to get the initial copy of the repository:
git clone https://scm.gforge.inria.fr/anonscm/git/codisasm/codisasm.git cd codisasm
The README file contains all inforamtion to compile, run and test the disassembler Codisasm.
We also provide a server to generate traces and memory dumps of x86 code:
A normal workflow to use Codisasm is
1/ Send a code foo.exe to http://Codisasm.lhs.loria.fr
2/ Download the set of traces and memory dumps
3/ Disassemble each wave. For example, the disassembly of wave 2 should be
./codisasmv2 -i PATH/foo.exe.bin_wave2 -c PATH/fooe.exe.bin_wave2_CFG.out -l PATH/foo.exe.bin_wave2.asm