Codisasm

Codisasm is an X86 disassembler which deals with self-modifying codes and overlapping instructions.

CoDisasm: Medium Scale Concatic Disassembly of Self-Modifying Binaries with Overlapping Instructions, Paper presented at CCS 2015

Codisasm is developed under Mac OS X and Linux, but is set-up to be highly portable.

The GIT repository for Codisasm is hosted on INRIA forge.

If you have GIT installed, you should do the following to get the initial copy of the repository:

git clone https://scm.gforge.inria.fr/anonscm/git/codisasm/codisasm.git
cd codisasm

The README file contains all inforamtion to compile, run and test the disassembler Codisasm.

We also provide a server to generate traces and memory dumps of x86 code:
http://Codisasm.lhs.loria.fr

A normal workflow to use Codisasm is
1/ Send a code foo.exe to http://Codisasm.lhs.loria.fr
2/ Download the set of traces and memory dumps
3/ Disassemble each wave. For example, the disassembly of wave 2 should be

./codisasmv2 -i PATH/foo.exe.bin_wave2 -c PATH/fooe.exe.bin_wave2_CFG.out -l PATH/foo.exe.bin_wave2.asm