大家好,欢迎来到IT知识分享网。
objdump命令的常见用法
1 objdump简介
1.1 简介
objdump 是一个在类Unix系统中广泛使用的命令行工具,它是GNU Binutils套件的一部分,主要用于显示编译后的对象文件、可执行文件、共享库等二进制文件的详细信息。objdump 是一个极其灵活和多功能的工具,对软件开发者、安全研究人员以及任何想要深入了解二进制文件内部结构的人来说都非常有用。
1.2 主要功能
- 反汇编:
将机器码转换回汇编语言。使用 -d 或 -D 选项可以实现这一功能,有时会结合 -S 选项来混合显示源代码和对应的汇编代码。
- 文件头信息
使用 -f 选项可以显示文件的格式、体系结构、入口点等基本信息。
- 节头部信息
- 重定位信息
-r 选项展示了文件中的重定位条目,这对于理解链接过程非常有帮助。
- 动态信息
对于动态链接的可执行文件或库,-p, -R, -T, 和 -D 等选项可以分别显示其程序头表、需要的动态库、动态符号表及动态反汇编信息。
- 调试信息
-g 选项可以展示调试信息,如果编译时包含了调试信息的话。
- 不同格式和架构支持
objdump 支持多种二进制格式(如 ELF, COFF, Mach-O)和处理器架构,并且可以通过选项指定不同的反汇编风格或架构。
2 objdump命令
rlk@rlk:~$ objdump --help Usage: objdump <option(s)> <file(s)> Display information from object <file(s)>. At least one of the following switches must be given: -a, --archive-headers Display archive header information -f, --file-headers Display the contents of the overall file header -p, --private-headers Display object format specific file header contents -P, --private=OPT,OPT... Display object format specific contents -h, --[section-]headers Display the contents of the section headers -x, --all-headers Display the contents of all headers -d, --disassemble Display assembler contents of executable sections -D, --disassemble-all Display assembler contents of all sections --disassemble=<sym> Display assembler contents from <sym> -S, --source Intermix source code with disassembly --source-comment[=<txt>] Prefix lines of source code with <txt> -s, --full-contents Display the full contents of all sections requested -g, --debugging Display debug information in object file -e, --debugging-tags Display debug information using ctags style -G, --stabs Display (in raw form) any STABS info in the file -W[lLiaprmfFsoRtUuTgAckK] or --dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames, =frames-interp,=str,=loc,=Ranges,=pubtypes, =gdb_index,=trace_info,=trace_abbrev,=trace_aranges, =addr,=cu_index,=links,=follow-links] Display DWARF info in the file --ctf=SECTION Display CTF info from SECTION -t, --syms Display the contents of the symbol table(s) -T, --dynamic-syms Display the contents of the dynamic symbol table -r, --reloc Display the relocation entries in the file -R, --dynamic-reloc Display the dynamic relocation entries in the file @<file> Read options from <file> -v, --version Display this program's version number -i, --info List object formats and architectures supported -H, --help Display this information The following switches are optional: -b, --target=BFDNAME Specify the target object format as BFDNAME -m, --architecture=MACHINE Specify the target architecture as MACHINE -j, --section=NAME Only display information for section NAME -M, --disassembler-options=OPT Pass text OPT on to the disassembler -EB --endian=big Assume big endian format when disassembling -EL --endian=little Assume little endian format when disassembling --file-start-context Include context from start of file (with -S) -I, --include=DIR Add DIR to search list for source files -l, --line-numbers Include line numbers and filenames in output -F, --file-offsets Include file offsets when displaying information -C, --demangle[=STYLE] Decode mangled/processed symbol names The STYLE, if specified, can be `auto', `gnu', `lucid', `arm', `hp', `edg', `gnu-v3', `java' or `gnat' --recurse-limit Enable a limit on recursion whilst demangling. [Default] --no-recurse-limit Disable a limit on recursion whilst demangling -w, --wide Format output for more than 80 columns -z, --disassemble-zeroes Do not skip blocks of zeroes when disassembling --start-address=ADDR Only process data whose address is >= ADDR --stop-address=ADDR Only process data whose address is < ADDR --prefix-addresses Print complete address alongside disassembly --[no-]show-raw-insn Display hex alongside symbolic disassembly --insn-width=WIDTH Display WIDTH bytes on a single line for -d --adjust-vma=OFFSET Add OFFSET to all displayed section addresses --special-syms Include special symbols in symbol dumps --inlines Print all inlines for source line (with -l) --prefix=PREFIX Add PREFIX to absolute paths for -S --prefix-strip=LEVEL Strip initial directory names for -S --dwarf-depth=N Do not display DIEs at depth N or greater --dwarf-start=N Display DIEs starting with N, at the same depth or deeper --dwarf-check Make additional dwarf internal consistency checks. --ctf-parent=SECTION Use SECTION as the CTF parent --visualize-jumps Visualize jumps by drawing ASCII art lines --visualize-jumps=color Use colors in the ASCII art --visualize-jumps=extended-color Use extended 8-bit color codes --visualize-jumps=off Disable jump visualization objdump: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 srec symbolsrec verilog tekhex binary ihex plugin objdump: supported architectures: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel i386:x64-32:intel i386:nacl i386:x86-64:nacl i386:x64-32:nacl iamcu iamcu:intel l1om l1om:intel k1om k1om:intel The following i386/x86-64 specific disassembler options are supported for use with the -M switch (multiple options should be separated by commas): x86-64 Disassemble in 64bit mode i386 Disassemble in 32bit mode i8086 Disassemble in 16bit mode att Display instruction in AT&T syntax intel Display instruction in Intel syntax att-mnemonic Display instruction in AT&T mnemonic intel-mnemonic Display instruction in Intel mnemonic addr64 Assume 64bit address size addr32 Assume 32bit address size addr16 Assume 16bit address size data32 Assume 32bit data size data16 Assume 16bit data size suffix Always display instruction suffix in AT&T syntax amd64 Display instruction in AMD64 ISA intel64 Display instruction in Intel64 ISA Report bugs to <http://www.sourceware.org/bugzilla/>. rlk@rlk:~$ 3 objdump测试程序
3.1 C语言测试程序
// objdump_test.c #include <stdio.h> void greet() {
printf("Hello, World!\n"); } int main() {
greet(); return 0; } 3.2 编译方法
此编译命令在显示调试信息时更全面 gcc -o objdump_test objdump_test.c or 该命令在编译完通过objdump反汇编之后只关注当前测试程序包含的内容 gcc -c objdump_test.c -o objdump_test 4 objdump命令解释和演示
4.1 objdump -d
反汇编可执行部分
rlk@rlk:test$ objdump -d objdump_test objdump_test: file format elf64-x86-64 Disassembly of section .text: 0000000000000000 <greet>: 0: 55 push %rbp 1: 48 89 e5 mov %rsp,%rbp 4: 48 8d 3d 00 00 00 00 lea 0x0(%rip),%rdi # b <greet+0xb> b: e8 00 00 00 00 callq 10 <greet+0x10> 10: 90 nop 11: 5d pop %rbp 12: c3 retq 0000000000000013 <main>: 13: 55 push %rbp 14: 48 89 e5 mov %rsp,%rbp 17: b8 00 00 00 00 mov $0x0,%eax 1c: e8 00 00 00 00 callq 21 <main+0xe> 21: b8 00 00 00 00 mov $0x0,%eax 26: 5d pop %rbp 27: c3 retq rlk@rlk:test$ 4.2 objdump -a
显示档案头信息
rlk@rlk:test$ objdump -a objdump_test objdump_test: file format elf64-x86-64 objdump_test rlk@rlk:test$ 4.3 objdump -f
显示文件头信息
rlk@rlk:test$ objdump -f objdump_test objdump_test: file format elf64-x86-64 architecture: i386:x86-64, flags 0x00000011: HAS_RELOC, HAS_SYMS start address 0x0000000000000000 rlk@rlk:test$ 4.4 objdump -p
显示私有头信息
rlk@rlk:test$ objdump -p objdump_test objdump_test: file format elf64-x86-64 rlk@rlk:test$ 4.5 objdump -D
反汇编所有节区
rlk@rlk:test$ objdump -D objdump_test objdump_test: file format elf64-x86-64 Disassembly of section .text: 0000000000000000 <greet>: 0: 55 push %rbp 1: 48 89 e5 mov %rsp,%rbp 4: 48 8d 3d 00 00 00 00 lea 0x0(%rip),%rdi # b <greet+0xb> b: e8 00 00 00 00 callq 10 <greet+0x10> 10: 90 nop 11: 5d pop %rbp 12: c3 retq 0000000000000013 <main>: 13: 55 push %rbp 14: 48 89 e5 mov %rsp,%rbp 17: b8 00 00 00 00 mov $0x0,%eax 1c: e8 00 00 00 00 callq 21 <main+0xe> 21: b8 00 00 00 00 mov $0x0,%eax 26: 5d pop %rbp 27: c3 retq Disassembly of section .rodata: 0000000000000000 <.rodata>: 0: 48 rex.W 1: 65 6c gs insb (%dx),%es:(%rdi) 3: 6c insb (%dx),%es:(%rdi) 4: 6f outsl %ds:(%rsi),(%dx) 5: 2c 20 sub $0x20,%al 7: 57 push %rdi 8: 6f outsl %ds:(%rsi),(%dx) 9: 72 6c jb 77 <main+0x64> b: 64 21 00 and %eax,%fs:(%rax) Disassembly of section .comment: 0000000000000000 <.comment>: 0: 00 47 43 add %al,0x43(%rdi) 3: 43 3a 20 rex.XB cmp (%r8),%spl 6: 28 55 62 sub %dl,0x62(%rbp) 9: 75 6e jne 79 <main+0x66> b: 74 75 je 82 <main+0x6f> d: 20 37 and %dh,(%rdi) f: 2e 35 2e 30 2d 36 cs xor $0x362d302e,%eax 15: 75 62 jne 79 <main+0x66> 17: 75 6e jne 87 <main+0x74> 19: 74 75 je 90 <main+0x7d> 1b: 32 29 xor (%rcx),%ch 1d: 20 37 and %dh,(%rdi) 1f: 2e cs 20: 35 .byte 0x35 21: 2e 30 00 xor %al,%cs:(%rax) Disassembly of section .eh_frame: 0000000000000000 <.eh_frame>: 0: 14 00 adc $0x0,%al 2: 00 00 add %al,(%rax) 4: 00 00 add %al,(%rax) 6: 00 00 add %al,(%rax) 8: 01 7a 52 add %edi,0x52(%rdx) b: 00 01 add %al,(%rcx) d: 78 10 js 1f <.eh_frame+0x1f> f: 01 1b add %ebx,(%rbx) 11: 0c 07 or $0x7,%al 13: 08 90 01 00 00 1c or %dl,0x1c000001(%rax) 19: 00 00 add %al,(%rax) 1b: 00 1c 00 add %bl,(%rax,%rax,1) 1e: 00 00 add %al,(%rax) 20: 00 00 add %al,(%rax) 22: 00 00 add %al,(%rax) 24: 13 00 adc (%rax),%eax 26: 00 00 add %al,(%rax) 28: 00 41 0e add %al,0xe(%rcx) 2b: 10 86 02 43 0d 06 adc %al,0x60d4302(%rsi) 31: 4e 0c 07 rex.WRX or $0x7,%al 34: 08 00 or %al,(%rax) 36: 00 00 add %al,(%rax) 38: 1c 00 sbb $0x0,%al 3a: 00 00 add %al,(%rax) 3c: 3c 00 cmp $0x0,%al 3e: 00 00 add %al,(%rax) 40: 00 00 add %al,(%rax) 42: 00 00 add %al,(%rax) 44: 15 00 00 00 00 adc $0x0,%eax 49: 41 0e rex.B (bad) 4b: 10 86 02 43 0d 06 adc %al,0x60d4302(%rsi) 51: 50 push %rax 52: 0c 07 or $0x7,%al 54: 08 00 or %al,(%rax) ... rlk@rlk:test$ 4.6 objdump -S
混合源代码与反汇编
rlk@rlk:test$ objdump -S objdump_test objdump_test: file format elf64-x86-64 Disassembly of section .text: 0000000000000000 <greet>: 0: 55 push %rbp 1: 48 89 e5 mov %rsp,%rbp 4: 48 8d 3d 00 00 00 00 lea 0x0(%rip),%rdi # b <greet+0xb> b: e8 00 00 00 00 callq 10 <greet+0x10> 10: 90 nop 11: 5d pop %rbp 12: c3 retq 0000000000000013 <main>: 13: 55 push %rbp 14: 48 89 e5 mov %rsp,%rbp 17: b8 00 00 00 00 mov $0x0,%eax 1c: e8 00 00 00 00 callq 21 <main+0xe> 21: b8 00 00 00 00 mov $0x0,%eax 26: 5d pop %rbp 27: c3 retq rlk@rlk:test$ 4.7 objdump -s
显示section内容
rlk@rlk:test$ objdump -s objdump_test objdump_test: file format elf64-x86-64 Contents of section .text: 0000 e5 488d3d00 000000e8 00000000 UH..H.=......... 0010 905dc355 4889e5b8 00000000 e .].UH........... 0020 00b80000 00005dc3 ......]. Contents of section .rodata: 0000 48656c6c 6f2c2057 6f726c64 2100 Hello, World!. Contents of section .comment: 0000 00 3a 62756e74 e .GCC: (Ubuntu 7. 0010 352e302d 6e e 5.0-6ubuntu2) 7. 0020 352e3000 5.0. Contents of section .eh_frame: 0000 00000000 017a5200 0 .........zR..x.. 0010 1b0c0708 1c000000 1c000000 ................ 0020 00000000 00410e10 d .........A....C. 0030 064e0c07 0 1c000000 3c000000 .N..........<... 0040 00000000 00410e10 d .........A....C. 0050 06500c07 0 .P...... rlk@rlk:test$ 4.8 objdump -t
显示符号表内容
rlk@rlk:test$ objdump -t objdump_test objdump_test: file format elf64-x86-64 SYMBOL TABLE: 0000000000000000 l df *ABS* 0000000000000000 objdump_test.c 0000000000000000 l d .text 0000000000000000 .text 0000000000000000 l d .data 0000000000000000 .data 0000000000000000 l d .bss 0000000000000000 .bss 0000000000000000 l d .rodata 0000000000000000 .rodata 0000000000000000 l d .note.GNU-stack 0000000000000000 .note.GNU-stack 0000000000000000 l d .eh_frame 0000000000000000 .eh_frame 0000000000000000 l d .comment 0000000000000000 .comment 0000000000000000 g F .text 0000000000000013 greet 0000000000000000 *UND* 0000000000000000 _GLOBAL_OFFSET_TABLE_ 0000000000000000 *UND* 0000000000000000 puts 0000000000000013 g F .text 0000000000000015 main rlk@rlk:test$ 4.9 objdump -g
显示调试信息
rlk@rlk:test$ objdump -g objdump_test objdump_test: file format elf64-x86-64 Contents of the .eh_frame section (loaded from objdump_test): 00000000 0000000000000014 00000000 CIE Version: 1 Augmentation: "zR" Code alignment factor: 1 Data alignment factor: -8 Return address column: 16 Augmentation data: 1b DW_CFA_def_cfa: r7 (rsp) ofs 8 DW_CFA_offset: r16 (rip) at cfa-8 DW_CFA_nop DW_CFA_nop 00000018 000000000000001c 0000001c FDE cie=00000000 pc=0000000000000000..0000000000000013 DW_CFA_advance_loc: 1 to 0000000000000001 DW_CFA_def_cfa_offset: 16 DW_CFA_offset: r6 (rbp) at cfa-16 DW_CFA_advance_loc: 3 to 0000000000000004 DW_CFA_def_cfa_register: r6 (rbp) DW_CFA_advance_loc: 14 to 0000000000000012 DW_CFA_def_cfa: r7 (rsp) ofs 8 DW_CFA_nop DW_CFA_nop DW_CFA_nop 00000038 000000000000001c 0000003c FDE cie=00000000 pc=0000000000000013..0000000000000028 DW_CFA_advance_loc: 1 to 0000000000000014 DW_CFA_def_cfa_offset: 16 DW_CFA_offset: r6 (rbp) at cfa-16 DW_CFA_advance_loc: 3 to 0000000000000017 DW_CFA_def_cfa_register: r6 (rbp) DW_CFA_advance_loc: 16 to 0000000000000027 DW_CFA_def_cfa: r7 (rsp) ofs 8 DW_CFA_nop DW_CFA_nop DW_CFA_nop rlk@rlk:test$ 4.10 objdump -h
显示各个section的头信息
rlk@rlk:test$ objdump -h objdump_test objdump_test: file format elf64-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .text 00000028 0000000000000000 0000000000000000 00000040 20 CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE 1 .data 00000000 0000000000000000 0000000000000000 00000068 20 CONTENTS, ALLOC, LOAD, DATA 2 .bss 00000000 0000000000000000 0000000000000000 00000068 20 ALLOC 3 .rodata 0000000e 0000000000000000 0000000000000000 00000068 20 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .comment 00000024 0000000000000000 0000000000000000 00000076 20 CONTENTS, READONLY 5 .note.GNU-stack 00000000 0000000000000000 0000000000000000 0000009a 20 CONTENTS, READONLY 6 .eh_frame 00000058 0000000000000000 0000000000000000 000000a0 23 CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA rlk@rlk:test$ 4.11 objdump -r
显示重定位条目
rlk@rlk:test$ objdump -r objdump_test objdump_test: file format elf64-x86-64 RELOCATION RECORDS FOR [.text]: OFFSET TYPE VALUE 0000000000000007 R_X86_64_PC32 .rodata-0x0000000000000004 000000000000000c R_X86_64_PLT32 puts-0x0000000000000004 000000000000001d R_X86_64_PLT32 greet-0x0000000000000004 RELOCATION RECORDS FOR [.eh_frame]: OFFSET TYPE VALUE 0000000000000020 R_X86_64_PC32 .text 0000000000000040 R_X86_64_PC32 .text+0x0000000000000013 rlk@rlk:test$ 4.12 objdump -s -j .text
查看特定section的信息
rlk@rlk:test$ objdump -s -j .text objdump_test objdump_test: file format elf64-x86-64 Contents of section .text: 0000 e5 488d3d00 000000e8 00000000 UH..H.=......... 0010 905dc355 4889e5b8 00000000 e .].UH........... 0020 00b80000 00005dc3 ......]. rlk@rlk:test$ objdump -s -j .rodata objdump_test objdump_test: file format elf64-x86-64 Contents of section .rodata: 0000 48656c6c 6f2c2057 6f726c64 2100 Hello, World!. rlk@rlk:test$ 免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://haidsoft.com/118812.html
