How to disassemble Win32 DLLs and EXEs under linux
Step by step
- You have to get a good binutils version source tarball (e.g.
from ftp.gnu.org). I used 2.9. 2.9.1 is supposed to be OK. Versions
like 188.8.131.52.29 are linux specific and support for other targets
is (sometimes) broken.
- See the file README in the base directory of the
package for help on configure and make.
- You now have two alternatives:
- Configure with --enable-targets=all which will allow
you to disassemble any file format for any architecture
binutils knows about. It is probably a good idea to
--enable-commonbfdlib so that the resulting binaries aren't
- Configure with --target=i586-pc-cygwin which
will allow you to disassemble only MS-Windows files.
- Run the resulting objdump (it's in the binutils/
directory, or you can install it) on your file.
$ ./objdump --disassemble /mnt/c/windows/system/driver.dll
The BFD target for MS-Windows95/98 DLLs/EXEs is
pei-i386. Objdump detects this format automagically so you don't
need to bother about it.
Much of the junk in the windows/ directory of even Win98 is
16-bit code. Objdump can't disassemble it.