• My home page
• My contact me

How to disassemble Win32 DLLs and EXEs under linux

Step by step

1. You have to get a good binutils version source tarball (e.g. from ftp.gnu.org). I used 2.9. 2.9.1 is supposed to be OK. Versions like 2.9.5.0.29 are linux specific and support for other targets is (sometimes) broken.
2. See the file README in the base directory of the package for help on configure and make.
3. You now have two alternatives:
   • Configure with --enable-targets=all which will allow you to disassemble any file format for any architecture binutils knows about. It is probably a good idea to --enable-commonbfdlib so that the resulting binaries aren't gigantic.
   • Configure with --target=i586-pc-cygwin which will allow you to disassemble only MS-Windows files.
4. Make.
5. Run the resulting objdump (it's in the binutils/ directory, or you can install it) on your file.

   $ ./objdump --disassemble /mnt/c/windows/system/driver.dll
   	

Misc

The BFD target for MS-Windows95/98 DLLs/EXEs is pei-i386. Objdump detects this format automagically so you don't need to bother about it.

Much of the junk in the windows/ directory of even Win98 is 16-bit code. Objdump can't disassemble it.