Different perspectives, so how to use objdump depends on your choice!
Because most computers use the Harvard structure, data and commands are stored separately in the program organization form, so when we compile, assemble, connect, (symbol desorption, segment relocation ). In order to make the program better executed, the final generated target file contains enough information for fear of being discriminated against and not executed. Therefore, in the face of binary target files, it is difficult for me to find or see any useful information. Therefore, the practical significance of the objdump tool is so fascinating, only when you want to explore the organizational form of a target file can you understand it.
For more details, refer to Chapter 7 of the second part of the book "understanding computers in depth". Although the Logic Thinking of the author is different from that of the author, you may like it.
--------------- Objdump is a GCC tool used to view the structure of the target file or executable target file ----------
The following three commands are enough for those who like to explore the relationship between the target file and the source code.
Objdump-x OBJ organizes (divided into several blocks) the data of the target file in the form of some classification information.
Objdump-t obj: symbol table of the target file output
Objdump-H OBJ
Objdump-J. Text/. Data-s OBJ outputs the information of the specified segment, which is probably
The following is an online excerpt.
★Preparations before testing
CP/usr/lib/Libpcap. A/home/SCZ/src
Nm-s Libpcap. A | more
Ar TV Libpcap.
Ar XV Libpcap. A inet. o
Nm-s inet. o
View the display of nm-S by man nm.
Man manual of the objdump command
Objdump-display binary file information
Objdump
[-A] [-B bfdname |
-- Target = bfdname] [-C] [-- debugging]
[-D] [-D]
[-- Disassemble-Zeroes]
[-EB |-El | -- endian = {big | little}] [-F]
[-H] [-I | -- info]
[-J section | -- Section = section]
[-L] [-M machine] [-- prefix-addresses]
[-R] [-R]
[-S | -- full-Contents] [-S | -- source]
[-- [No-] Show-raw-insn] [-- stabs] [-T]
[-T] [-x]
[-- Start-address = address] [-- stop-address = address]
[-- Adjust-VMA = offset] [-- version] [-- help]
Objfile...
-- Archive-headers
-A: displays the member information of the archive, which is similar to that of ar TV.
Objdump-A Libpcap.
Comparison with the ar-TV Libpcap. A display result
Obviously, this option is meaningless.
-- Adjust-VMA = offset
When dumping information, first add offset to all
The section addresses. This is useful if the sec-
Tion addresses do not correspond to the symbol
Table, which can happen when putting sections
Particle ses SSEs when using a format which can
Not Represent section addresses, such as A. Out.
-B bfdname
-- Target = bfdname
Specify the target format. This is not necessary. objdump can automatically recognize many formats,
For example: objdump-B oasys-M VAX-H Fu. o
Displays the summary of the Fu. O header, explicitly indicating that the file is oasys In the VAX system.
The target file generated by the compiler. Objdump-I will show what can be specified here
Target code format list
-- Demangle
-C decodes the underlying symbolic names into user-level names, except for removing all prefixes
In addition to the underline, the C ++ function name is displayed in an understandable way.
-- Debugging
Displays debugging information. Attempt to parse the debugging information stored in the file and use the C Language
. Only some types of debugging information are supported.
-- Disassemble
-D. disassemble the sections with the instruction machine code.
-- Disassemble-all
-D is similar to-D, but disassembles all sections.
-- Prefix-Addresses
The complete address of each line is displayed during disassembly. This is an old disassembly format.
The display effect is not ideal, but some of them may be used for comparison.
-- Disassemble-Zeroes
Generally, the zero part of the large part will be omitted in the disassembly output. This option will make the zero part be decompiled.
-EB
-El
-- Endian = {big | little}
This option will affect the decompiling command.
Little-Endian is what we often say when we were playing assembly under DOS,
This is the case for x86.
-- File-headers
-F displays the overall header summary of each object in the objfile.
-- Section-headers
-- Headers
-H: displays the header summary of each section in the target file.
-- Help brief help information.
-- Info
-I displays the list of architectures and target formats available for-B or-m options.
-- Section = Name
-J name only displays the information of the specified section.
-- Line-Numbers
-L mark the target code with the file name and line number, and only use it with-D,-D, or-R.
The difference between using-LD and using-D is not great. It is useful in source code-level debugging and requires
Debugging and compilation options such as-G are used during compilation.
-- Architecture = Machine
-M Machine
The architecture used to specify the target file for disassembly.
This option is useful for architecture information (such as S-records. You can use the-I option.
List the architectures that can be specified here
-- Reloc
-R displays the relocation entry of the file. If it is used with-D or-D, the relocation part is reversed.
The edited format is displayed.
-- Dynamic-reloc
-R: displays the dynamic relocation entry of a file, which is only meaningful to the dynamic target file, for example, some
Shared library.
-- Full-Contents
-S: displays the complete content of the specified section.
Objdump -- Section =. Text-s inet. o | more
-- Source
-S decomassembles the source code as much as possible, especially when the-G debugging parameter is specified during compilation,
The effect is obvious. The-D parameter is hidden.
-- Show-raw-insn
During disassembly, the machine code corresponding to each assembly instruction is displayed, unless
-- Prefix-addresses, which is the default option.
-- No-show-raw-insn
During disassembly, the machine code of the Assembly command is not displayed. This is the -- prefix-addresses parameter.
Option.
-- Stabs
Display the contents of the. Stab,. Stab. index, and
. Stab. excl sections from an elf file. This is only
Useful on systems (such as Solaris 2.0) in which
. Stab debugging symbol-table entries are carried in
An elf section. In most other file formats, debug-
Ging symbol-table entries are interleaved
Linkage symbols, and are visible in the -- Syms output.
-- Start-address = address
Data is displayed from the specified address. This option affects the output of the-D,-R, and-s options.
-- Stop-address = address
Displays data until the specified address. This option affects the output of the-D,-R, and-s options.
-- Syms
-T indicates the entry to the symbol table of the file. Similar to the information provided by nm-S
-- Dynamic-Syms
-T displays the file's dynamic symbol table entry, which is only meaningful to the dynamic target file, for example, some
Shared library. The information displayed is similar to the information displayed by nm-d | -- Dynamic.
-- Version Version
Objdump -- version
-- All-headers
-X displays all available header information, including the symbol table and relocation entry. -X is equivalent
-A-f-h-r-t is specified at the same time.
Objdump-x inet. o
See nm (1)
★Example of an objdump application (to be added)
/*
G ++-g-wstrict-prototypes-wall-wunused-O objtest. c
*/
# Include
# Include
Int main (INT argc, char * argv [])
{
Execl ("/bin/sh", "/bin/sh", "-I", 0 );
Return 0;
}
G ++-g-wstrict-prototypes-wall-wunused-O objtest. c
Objdump-J. Text-Sl objtest | more
/Main (Search)
08048750:
Main ():
/Home/SCZ/src/objtest. C: 7
*/
# Include
# Include
Int main (INT argc, char * argv [])
{
8048750: 55 pushl % EBP
8048751: 89 E5 movl % ESP, % EBP
/Home/SCZ/src/objtest. C: 8
Execl ("/bin/sh", "/bin/sh", "-I", 0 );
8048753: 6a 00 pushl $0x0
8048755: 68 D0 87 04 08 pushl $0x801_d0
804875a: 68 D3 87 04 08 pushl $0x80108d3
804875f: 68 D3 87 04 08 pushl $0x80108d3
8048764: E8 dB Fe FF call 8048644 <_ init + 0x40>
8048769: 83 C4 10 addl $0x10, % ESP
/Home/SCZ/src/objtest. C: 9
Return 0;
80100006c: 31 C0 xorl % eax, % eax
803666e: EB 04 JMP 8048774
8048770: 31 C0 xorl % eax, % eax
8048772: EB 00 JMP 8048774
/Home/SCZ/src/objtest. C: 10
}
8048774: C9 leave
8048775: C3 RET
8048776: 90 NOP
If it is not clear enough, you can use the following command to help:
Objdump-J. Text-Sl objtest -- prefix-addresses | more
Objdump-J. Text-DL objtest | more
Remove the debug compilation option and re-compile
G ++-O3-O objtest. c
Objdump-J. Text-s objtest | more
08048778:
Main ():
8048778: 55 pushl % EBP
8048779: 89 E5 movl % ESP, % EBP
804877b: 6a 00 pushl $0x0
804877d: 68 F0 87 04 08 pushl $0x80108f0
8048782: 68 F3 87 04 08 pushl $0x80108f3
8048787: 68 F3 87 04 08 pushl $0x80108f3
804878c: E8 dB Fe FF call 804866c <_ init + 0x40>
8048791: 31 C0 xorl % eax, % eax
8048793: C9 leave
8048794: C3 RET
8048795: 90 NOP
Compared with the binary code after-G compilation, there are many differences.