IDA Free: https://hex-rays.com/ida-free/#download
While there is IDA Pro which supports 68 families of processors and over Over 45 file formats (and for commercial use), I found that (also suggested by others) IDA Free is enough for personal use, as it supports x86/x64 processors, and the well known PE, ELF, Mach-O file formats.
In case you miss my previous "First time using WinDbg" topic, you can visit:
https://forum.lowyat.net/topic/5348191
As pointed out by @junyian, WinDbg is debugger while IDA Free is disassembler.
Let's start disassembling my own msgbox.exe (written in FASM). Go!
Output of my msgbox.exe
Click "IDA Freeware".
Click "New" (Disassemble a new file).
After select 'msgbox.exe', I see this window. I just click OK without changing the default settings.
Voila, this is the main window I see.
The disassembled code as follows:
CODE
; Attributes: noreturn
public start
start proc near
push 40h; '@' ; uType
push offset Caption ; "LYN Codemaster"
push offset Text ; "Apa khabar semua, marilah kita bersama-"...
push 0 ; hWnd
call ds:MessageBoxA
push eax ; uExitCode
call ds:ExitProcess
start endp
And my original source code is:
CODE
start:
push 0x40
push title
push message
push 0
call [MessageBox]
push eax
call [ExitProcess]
I think the disassembled code is brilliant, which annotated with data value contents, and as with any full-featured disassembler, the Win32 API function call is in human-readable name (e.g. ds:MessageBoxA), not just memory address.
The IDA Free auto-detects my msgbox.exe as 32-bit (x86) instruction set, because I think PE format has header field specifying whether the executable is in which processor mode (e.g. 0x14C for IMAGE_FILE_MACHINE_I386).
Now I click Windows menu, and then "Imports" (Alt+F6):
This is the window for import table:
It also matches the source code:
CODE
section '.idata' import readable writable
library kernel,'KERNEL32.DLL',\
user,'USER32.DLL'
import kernel,\
ExitProcess,'ExitProcess'
import user,\
MessageBox,'MessageBoxA'
But I don't know how to find out the resource section, because my 'msgbox.exe' comes with manifest.xml to make the message box in XP style.
This is the end of my session in IDA Free with you all.
Any feedbacks are welcomed, particularily the famous rockstar malware analyst @KLKS and @junyian!