ArkDasm is a 64-bit interactive disassembler. Supported file types: PE64, raw binary files.

ArkDasm 是一个 64 位交互式反汇编器。支持的文件类型：PE64、原始二进制文件。

http://www.arkdasm.com/

http://www.arkdasm.com/

You can examine imports, exports, debug symbols (if you have .pdb file), flip code to data, data to code (look at keyboards shortcuts in readme.pdf) has support for bookmarks, adding comments also you can save the database to work on it later...

您可以检查导入、导出、调试符号（如果您有 .pdb 文件）、将代码翻转到数据、数据到代码（查看 readme.pdf 中的键盘快捷键）支持书签、添加注释也可以将数据库保存到稍后再做...

I use objdump -d. :-) Does that not work for you?

我用objdump -d. :-) 这对你不起作用吗？

If you're working with Windows files and have Visual Studio, you can use the dumpbin tool.

如果您正在处理 Windows 文件并拥有 Visual Studio，则可以使用 dumpbin 工具。

dumpbin /disasm ntoskrnl.exe /out:ntoskrnl.asm

It won't display exports inline either, but you can see them separately with the /exports switch. Then you can make a little script to parse the exports and replace the addresses in the assembly listing with names.

它也不会内联显示导出，但您可以使用 /exports 开关单独查看它们。然后，您可以编写一个小脚本来解析导出并将程序集列表中的地址替换为名称。

GNU binutilshas objdump, which should work:

GNU binutils有objdump，它应该可以工作：

-d

--disassemble

Display the assembler mnemonics for the machine instructions from objfile. This option only disassembles those sections which are expected to contain instructions.

-D

--disassemble-all

Like -d, but disassemble the contents of all sections, not just those expected to contain instructions. If the target is an ARM architecture this switch also has the effect of forcing the disassembler to decode pieces of data found in code sections as if they were instructions.

-d

- 拆卸

显示来自 objfile 的机器指令的汇编助记符。此选项仅反汇编那些预期包含指令的部分。

-D

--disassemble-all

类似于 -d，但反汇编所有部分的内容，而不仅仅是那些预期包含指令的部分。如果目标是 ARM 体系结构，则此开关还具有强制反汇编程序解码代码段中的数据片段的效果，就好像它们是指令一样。

It will already be installed on most Linux distributions that have GCC or other development tools installed, and Windows versions are available via e.g. Cygwin.

它已经安装在大多数安装了 GCC 或其他开发工具的 Linux 发行版上，Windows 版本可通过例如Cygwin 获得。

http://www.duxcore.com/products.html

http://www.duxcore.com/products.html

http://www.duxcore.com/fs_files/VisualDuxDbgSetup.zip

http://www.duxcore.com/fs_files/VisualDuxDbgSetup.zip

Visual DuxDebugger is a 64-bit debugger disassembler for Windows.

Visual DuxDebugger 是适用于 Windows 的 64 位调试器反汇编程序。

Main features Fully support 64-bit native processes Fully support 64-bit .NET processes Full code analysis Full memory analysis Code edition Memory edition Module export formats (EXE/DLL/CSV) Debug multiple processes Debug multiple child processes

主要特性 完全支持64位原生进程 完全支持64位.NET进程 全代码分析 全内存分析 代码编辑 内存编辑 模块导出格式（EXE/DLL/CSV） 调试多个进程 调试多个子进程

Minimum Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Pentium 4 3.0 GHz

最低要求操作系统：Windows 7 64 位/Windows Server 2008 R2 处理器：Pentium 4 3.0 GHz

Recommended Requirements O.S: Windows 7 64-bit / Windows Server 2008 R2 Processor: Dual Core 2.5 GHz Display: 1920 x 1080

推荐要求操作系统：Windows 7 64 位/Windows Server 2008 R2 处理器：双核 2.5 GHz 显示：1920 x 1080

WinDbg will dump the export table and let you poke around

WinDbg 会转储导出表，让你四处看看

windbg.exe -z \path\to\someinteresting.exe
x someinteresting!*
uf someinteresting!AnExportedFunction