I am writing program in FASM assembler, and want to see what code is generated after all macro expansions. One usually can disasseble binary with objdump -d, but for binary, generated by fasm, it outputs only following:
$ cat true.fasm
format ELF64 executable
sys_exit = 60
entry $
mov eax, sys_exit
xor edi, edi
syscall
$ fasm true.fasm
$ objdum -d ./true
out/true: file format elf64-x86-64
What I can do is to load binary into gdb, start it with starti and decode instructions with x/10i $rip, which is sub-optimal. Is there non-interactive command that can do the same?
You can easly using radare2, using pdf command that means disassemble :
% cat test.asm
format ELF64 executable
sys_exit = 60
entry $
mov rax, sys_exit
xor rdi, rdi
syscall
% ./fasm test.asm
flat assembler version 1.73.04 (16384 kilobytes memory) 1 passes, 132 bytes.
% file test
test: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
% r2 -AA test
[x] Analyze all flags starting with sym. and entry0 (aa)
[x] Analyze function calls (aac)
[x] Analyze len bytes of instructions for references (aar)
[x] Check for objc references
[x] Check for vtables
[x] Type matching analysis for all functions (aaft)
[x] Propagate noreturn information
[x] Use -AA or aaaa to perform additional experimental analysis.
[x] Finding function preludes
[x] Enable constraint types analysis for variables
-- In visual mode press 'c' to toggle the cursor mode. Use tab to navigate
[0x00400078]> pdf
;-- segment.LOAD0:
;-- rip:
┌ 12: entry0 ();
│ 0x00400078 48c7c03c0000. mov rax, 0x3c ; '<' ; 60 ; [00] -rwx segment size 12 named LOAD0
│ 0x0040007f 4831ff xor rdi, rdi
└ 0x00400082 0f05 syscall
[0x00400078]>