| Usageperdr [options] <executable>
Options are similar to Posix semantic | -- | end option (useful if filename start with -) | | --help | print help screen | | -v, --version | print version | | -b, --bytes | show bytes on disassembly | | -p, --show-priority | show disassembler priority | | --raw-dump | don't disassemble, print only raw bytes | | --extract-icon-resource | extract icon into separate files (resicoX.ico) | | --no-entry-code | do not assume entry point points to code | | --disable-3dnow | disable 3DNow! disassembly (even enhanced) | | --disable-enh3dnow | disable enhanced 3DNow! disassembly | | --disable-pentium3 | disable Pentium III disassembly | | --disable-athlon | disable Athlon disassembly | | -h, --show-headers | show short headers | | -H, --full-headers | show full headers | | -i, --show-imports | show imports | | --show-relocations | show relocations | | -e, --show-exports | show exports | | -r, --show-resources | show resources | | -R, --raw-resources | show resources in raw format | | -c, --show-code | show code or dump | | --show-cref | show call references | | --show-Uref | show unconditional jump references | | --show-Cref | show conditional jump references | | --show-refs | show all references |
This reverse the executable to screen Priority | "secure code": | | entry point | code executed by entry point | | safe export | code executed by known export (not yet implemented) | | safe heuristics | code executed by heuristics (very sure code) | | "not secure": | | export | code executed by export (mm.. not all export are code) | | heuristics | code executed by heuristics (not very sure, like a single call found) | | constant | only a constant in code | | filler | only printed for completion | | none | this is not code | | check only | wow! If you find there is a bug |
Work to doBUG:
- This program assume that code segment contain only code
- More check
TO DO:
- Data analysis completing
- String checking completing
- More option (no code analysis, some check skipping, etc)
- Resource analysis and dumping
- Relocation analysis and test on data pointers
- Heuristic motor completing
- Some instruction process are incomplete (complex reference)
- Unknown bytes analysis (not only code)
- Print of some type (float or MMX). Now only in raw mode (binary) |
