Develop practical commands and tools-small talk C language (16)

Source: Internet
Author: User

[Mac 10.7.1 lion intel-based x64 gcc4.2.1]

Q: Sometimes I remember writing a variable or something in the text form in a directory, but I forgot to write it in a file. How can I find it?

A: This requires the grep command. It is very powerful, especially when developing or looking for somewhere. For example, a directory contains some files:

In addition, some files contain the main string. Now you need to find them:

Unfortunately, in mac10.7.1, A grep parameter-R seems to be invalid and cannot be searched in subdirectories recursively; however, it is OK in cygwin; it is not found in the bug list, but the practice is indeed ineffective. It may be a bug.

The grep version used in the above test is 2.5.1.

Of course, it also supports many parameters, such as-I case-insensitive and-e egrep extension.

Q: I often encounter a process, but I want to close it later. The PS-AX command gets a bunch of processes, which is not easy to find. How can I quickly locate it?

A: You can also use the grep command above. For example, you need to check whether the HTTPd process has been started by the system:

Q: What should I do if I need to analyze the internal structure of a generated executable file?

A: The otool command is exceptionally powerful. It supports many parameters to help you display executable files, including intermediate files, libraries, and other files at a glance.

Q: What should I do if I need to view the Mach header of an executable file?

A: You can use the-H parameter. Write a simple code and save it as hello. C:

#include <stdio.h>int main(){    int i = 2;    printf("%d\n", i);    return 0;}

Use gcc-O hello. C to compile and get hello. It will analyze Hello:

It corresponds to the system's mach header file structure to get its specific meaning. Similarly, you can use the-l command to obtain the load commands of the Mach-o Format File.

Q: What should I do if I want to obtain dynamic libraries that an executable file depends on?

A: You can use the-l parameter of the otool command. Use the above Hello file,

Q: What should I do if I want to know the code segment of an executable file?

A: You can use the-t parameter of the otool command. Use the preceding Executable File hello,

However, it is in binary format.

Q: How can I display the above binary form assembly form code?

A: You can use the-V command or the-V command (there is a difference between the two ).

xichenMac:c_simple xichen$ otool -Vt hellohello:(__TEXT,__text) sectionstart:0000000100000eb0pushq$0x000000000100000eb2movq%rsp,%rbp0000000100000eb5andq$0xf0,%rsp0000000100000eb9movq0x08(%rbp),%rdi0000000100000ebdleaq0x10(%rbp),%rsi0000000100000ec1movl%edi,%edx0000000100000ec3addl$0x01,%edx0000000100000ec6shll$0x03,%edx0000000100000ec9addq%rsi,%rdx0000000100000eccmovq%rdx,%rcx0000000100000ecfjmp0x100000ed50000000100000ed1addq$0x08,%rcx0000000100000ed5cmpq$0x00,(%rcx)0000000100000ed9jne0x100000ed10000000100000edbaddq$0x08,%rcx0000000100000edfcallq_main0000000100000ee4movl%eax,%edi0000000100000ee6callq0x100000f2e; symbol stub for: _exit0000000100000eebhlt0000000100000eecnop0000000100000eednop0000000100000eeenop0000000100000eefnop_main:0000000100000ef0pushq%rbp0000000100000ef1movq%rsp,%rbp0000000100000ef4subq$0x10,%rsp0000000100000ef8movl$0x00000002,0xf4(%rbp)0000000100000effmovl0xf4(%rbp),%eax0000000100000f02xorb%cl,%cl0000000100000f04leaq0x00000055(%rip),%rdx0000000100000f0bmovq%rdx,%rdi0000000100000f0emovl%eax,%esi0000000100000f10movb%cl,%al0000000100000f12callq0x100000f34; symbol stub for: _printf0000000100000f17movl$0x00000000,0xf8(%rbp)0000000100000f1emovl0xf8(%rbp),%eax0000000100000f21movl%eax,0xfc(%rbp)0000000100000f24movl0xfc(%rbp),%eax0000000100000f27addq$0x10,%rsp0000000100000f2bpopq%rbp0000000100000f2cretxichenMac:c_simple xichen$ 

We can see that the corresponding compilation has come out.

Q: How can I view the number of strings in the _ text segment?

A: You can use the-SV _ text _ cstring parameter. Modify hello. C as follows:

#include <stdio.h>int g_i = 0xAA;const int g_j = 0xBB;char *str = "hello";int main(){    int i = 2;    printf("%d\n", i);    return 0;}

Compile to hello.

As you can see, the global STR corresponding Hello \ 0 and printf output % d \ n \ 0 strings are displayed

Q: What should I do if I want to view the data (_ data) in Data Partition _ data?

A: You can use the-SV _ DATA parameter. Use the preceding hello,

The global variable g_ I corresponding to the first four bytes is displayed here. If you use otool-d hello, the data in the _ Data Partition of Hello will be viewed.

Q: How can I view the data corresponding to global const variable g_ I?

A: You can use the-SV _ text _ const parameter to view the information.

The data of the 0xbb variable is displayed here.

Q: I only want to view the Assembly form of a function. What should I do?

A: You can use the-p parameter to specify the function to be viewed. As follows:

The above shows the Assembly Form of the main function in Hello (note that although the main function is in the code, it may be changed in the symbol table of the executable file, which depends on the compiler ).

Q: Some executable files support code in more than one hardware architecture. How can I check the Code contained?

A: You can use the file command to view details. As shown above, view the above Hello file information:

It can be seen that it is a 64-bit Executable File running on the x64 platform.

Q: How can I compile an executable file that is common and can contain several types of architecture code?

A: Use the-arch Parameter Function of GCC. Still use the above hello. C code:

Run the file command again:

As you can see, the file contains two types of architecture system code.

Q: I have seen many reverse tools that can modify specific target files for specific purposes. Can I modify the hello file to achieve desired execution results?

A: Yes. I am not good at modifying assembly code. We can modify data segments to view results.

Modify the above hello. C Code as follows:

#include <stdio.h>int g_i = 0xAA;const int g_j = 0xBB;char *str = "hello";int main(){    int i = 2;    printf("%s %d\n", str, i);    return 0;}

Compile to hello. and view the execution result:

Next we will use VI to modify the hello string of the executable file to iello, and finally view the execution effect. Use VI to open the hello file and locate the location of the hello string:

Modify h of hello to I:

Save and execute Hello:

As you can see, the execution result has changed.

Q: How can I check the size of each segment in a target file?

A: You can use the SIZE command.

Q: Sometimes, you need to check which strings can be printed in the target file. How can I check them?

A: You can use the strings command.

Q: How do I remove many compiled programs that contain symbol tables or debugging information?

A: You can use the Strip command.

After using the Strip command:

We can see that there is indeed less symbolic information.

Q: What is the above mentioned nm command?

A: You can view the symbolic information contained in the target file.

Xichen

12:50:52

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.