Any way to get the mnemonics from the machine code?

Question

I have a simple program program in assembly

.text
.globl _start
_start:
        movl $1, %eax
        movl $1, %ebx
        int $0x80

I have assembled it. I have dumped the content of it as below

root@bt:~# objdump -d out     
out:     file format elf32-i386
Disassembly of section .text:

08048054 <_start>:
 8048054:       b8 01 00 00 00          mov    $0x1,%eax
 8048059:       bb 01 00 00 00          mov    $0x1,%ebx
 804805e:       cd 80                   int    $0x80

Now my question is, can I get back the mnemonics given only the below machine code \xb8\x01\x00\x00\x00\xbb\x01\x00\x00\x00\xcd\x80

Answer 1

This is fairly well documented in How do I disassemble raw x86 code?

To do your specific example, this worked for me (on a Linux machine, with the GNU toolchain):

printf '\xb8\x01\x00\x00\x00\xbb\x01\x00\x00\x00\xcd\x80' > /tmp/binary
objdump -D -b binary -mi386 /tmp/binary

With this as the short documentation for the options:

           [-D|--disassemble-all]
           [-b bfdname|--target=bfdname]
           [-m machine|--architecture=machine]

i386 specify the target. I had to remove the addr16 and data16 from the original example command, as otherwise this won't work.

Answer 2

You just need to tell objdump you want to operate on a plain binary file:

$ hexdump -vC binaryFile
00000000  b8 01 00 00 00 bb 01 00  00 00 cd 80              |............|
0000000c
$ objdump -D -b binary -m i386 binaryFile 

binaryFile:     file format binary


Disassembly of section .data:

00000000 <.data>:
   0:   b8 01 00 00 00          mov    $0x1,%eax
   5:   bb 01 00 00 00          mov    $0x1,%ebx
   a:   cd 80                   int    $0x80