Menu
▾
▴
Re: [Capstone-users] Capstone / NetBeans 8.0.2 Help
|
From: Nguyen A. Q. <aq...@gm...> - 2015-01-23 15:38:15
|
On Fri, Jan 23, 2015 at 11:15 PM, GROETZ, MICHAEL A CTR USAF AFMC AFRL/RYWA <mic...@us...> wrote: > When I try to disassemble Test.exe, I get the following: > > 0x1000: pop r10 > 0x1002: npop > 0x1003 add byte ptr [rbx], a1 > 0x1005: add byte ptr [rbx], a1 > > i can see that you are trying to disasm Test.exe, but dont expect to see its code: you are actually reading from the beginning of Test.exe, where the PE header is. the actual code is way behind that. and by default, Capstone stops at the first ever illegal code, so you only see 4 assembly instructions like above. thanks. |
