xrefs and disassembly output

  • Andrew Griffiths


    When disassembly a PIC library I came across an interesting cirumstance. Output as per below (slightly formatted, however)

    51c ! e85bffffff          call    signal
    521 ! 83c410            add     esp, 10h
    524 ! 83ec08            sub     esp, 8
    527 ! 68cefaedfe       push   0feedfaceh
    52c ! 6a02               push    2
    52e ! e8                  db      0e8h
    52f ! 49                  dec     ecx
    530 ! ff                   db      0ffh
    531 !                                                    
    ... ! loc_531:           ;xref j5af
    ... ! ff                    db      0ffh
    532 ! ff83c41083ec  inc dword ptr [ebx-137cef3ch]
    538 ! 08680b           or      [eax+0bh], ch
    53b ! dbee               fucomi  st, st(6)
    53d ! 0f6a03            punpckhdq       mm0, [ebx]

    Having a look inside the help files don't give me a key command to use to format the instruction @ 0x52e as a assembly instruction (it should be a call signal.) As far as I can see, there doesn't appear to be a command to tell hte to format that as a command as opposed to with xref info in it (and breaking the disassembly)

    The library that I was disassembing is at http://vortex.labs.pulltheplug.com/libcrypt2.so (there is a basic obfuscation xor in there, which causes the xref or so).

    Oh well, thats my 2c.

    Thanks in advance,
    Andrew Griffiths

    • Sebastian Biallas

      You can remove the (errornous?) xref by placing the cursor at "531" and pressing DEL.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks