Object File Format analysis tools: objdump, nm, ar

From: http://blog.csdn.net/longxin007/article/details/1880477

Preface
If common programming doesn't need to know these things, if you want to precisely control the format of your object file or you want to view the content in the object to make some judgment, just now you can look at the following tools in idea: objdump, nm, ar. Of course, this article cannot explain in detail their usage and functions. If you think this article is not clear enough, you can use: Man. My plan is to let more people know about these tools and will be helpful in the future programming process.

Operating System: Linux

Start

1. Database File Operation Command: Ar ---- very good stuff .. This allows you to view the details in the function library and generate a library file with Multiple object files.
   1. Frequently used:
      1. Ar-T libname. A // display the list of all object files (. O files). Example: # ar t libtest.
         Libtest1.o
         Libtest2.o
      2. Ar-RV libname. A objfile1.o objfile2.o... objfilen. O // package objfile1.o -- objfilen. O into a library file.
   2. Ar options
      D: delete a module from the database. Specify the module to be deleted based on the original file name of the module. If any option V is used, each deleted module is listed.
      M: This operation is a member moving in a library. If several modules in the library have the same symbolic definition (such as function definition), the order of member positions is very important. If no option is specified, any specified member will be moved to the end of the database. You can also use the 'A', 'B', or 'I' option to move to the specified position.
      P: displays the specified members in the database to the standard output. If any option V is specified, the member name is displayed before the content of the output member. If no member name is specified, all files in the database are displayed.
      Q: Fast append. Add a new module to the end of the database. Do not check whether replacement is required. The 'A', 'B', or 'I' option does not affect this operation. The module always appends the end of the library. If any option V is used, each module is listed. The symbol table of the library is not updated. You can use 'ar s' or ranlib to update the index of the symbol table of the library.
      R: Insert a module (replace) into the database ). If the inserted Module name already exists in the Database, replace the module with the same name. If one of the modules does not exist in the library, ar displays an error message and does not replace other modules with the same name. By default, new members are added at the end of the database. You can use other options to change the position of the added member.
      T: displays the list of modules in the database. Generally, only the module name is displayed.
      X: extract a member from the database. If the module to be extracted is not specified, all modules in the library are extracted.
      The following describes any options that can be used with operation options:

      A: Add a new file to an existing member of the database. If you use any option A, you should specify an existing member name for the membername parameter in the command line.
      B: Add a new file before an existing member of the database. If option B is used, an existing member name should be specified for the membername parameter in the command line.
      C: Create a database. Whether or not the database exists will be created.
      F: truncates the specified name in the database. By default, the file name length is unrestricted. You can use this parameter to shorten the file name to ensure compatibility with other systems.
      I: Add a new file before an existing member of the database. If any option I is used, you should specify an existing member name (similar to any option B) for the membername parameter in the command line ).
      L: Not used yet
      N: used with the Count parameter to specify the number of extracted or output files when multiple identical file names exist in the database.
      O: when a Member is extracted, the original data of the member is retained. If this option is not specified, the extracted module time is marked as the extracted time.
      P: use the full path name for file name matching. Ar cannot use full path names when creating a library (such library files do not comply with POSIX standards), but some tools are acceptable.
      S: Write a target file index to the database, or update an existing target file index. This action is even performed for libraries that have not changed. Doing ar s for a library is equivalent to doing ranlib for the library.
      S: do not create the target file index, which can speed up the time when creating a large database.
      U: Generally, the command ar r... insert all listed files to the database. If you only want to insert files in the list file that are new to files with the same name as the files in the database, you can use this option. This option is only used for r operation.
      V: This option is used to display additional information about the operation options.
      V: displays the AR version.

2. Nm -- list the symbols of the target file (. O .. Nnd, so excited. I just got three days out of bed when I got this command. I tried my best.
   1. Common Methods:
      1. The list of all symbols in NM-s filename. A/filename. O/a. Out is clear. Example:
         # Nm-s a. Out
         080495b8 A _ bss_start
         08048334 t call_gmon_start
         080495b8 B completed.5751
         080494b8 D _ ctor_end __
         080494b4 D _ ctor_list __
         080495ac D _ data_start
         080495ac W data_start
         08048450 T _ do_global_ctors_aux
         08048360 T _ do_global_dtors_aux
         080495b0 D _ dso_handle
         080494c0 D _ dtor_end __
         080494bc D _ dtor_list __
         080494c8 D _ dynamic
         080495b8 A _ edata
         080495bc A _ end
         0804847c T _ fini
         08048498 r_fp_hw
         08048390 t frame_dummy
         080484b0 R _ frame_end __
         08049594 D _ global_offset_table _
         W _ gmon_start __
         0804844c T _ i686.get _ pc_thunk.bx
         080482b8 T _ init
         080494b4 A _ init_array_end
         080494b4 A _ init_array_start
         0804849c R _ io_stdin_used
         080494c4 D _ jcr_end __
         080494c4 D _ jcr_list __
         W_jv_registerclasses
         080483e0 T _ libc_csu_fini
         080483f0 T _ libc_csu_init
         U _ libc_start_main @ glibc_2.0
         080483b4 t Main
         080495b4 D p.5749
         U puts @ glibc_2.0
         08048310 T _ start
   2. Options/attributes:
      -A or -- debug-Syms: displays debugging symbols.
      -B: equivalent to -- format = BSD, used to be compatible with MIPS nm.
      -C or -- demangle: decodes a low-level symbolic name (demangle) into a user-level name. This makes the C ++ function name readable.
      -D or -- Dynamic: displays dynamic symbols. This option is only valid for dynamic targets (such as shared libraries of a specific type.
      -F format: Output in format. Format can select BSD, sysv, or POSIX. This option is useful in GNU nm. The default value is BSD.
      -G or -- extern-only: displays only external symbols.
      -N,-V, or -- Numeric-sort: sort by the address corresponding to the symbol, rather than by the character order of the symbol name.
      -P or -- no-sort: it is displayed in the order of symbols encountered in the target file, not sorted.
      -P or -- Portability: Use the posix.2 standard output format instead of the default output format. It is equivalent to using any option-f posix.
      -S or -- print-armap: contains the index when the symbol of the member in the column warehouse picking. The index content includes: Which modules contain the Mappings of names.
      -R or -- reverse-sort: reverse the order (for example, ascending to descending ).
      -- Size-sort: Sort symbols by size. The size is calculated based on the value of a symbol and the value of its next symbol.
      -T Radix or -- Radix = Radix: Use the radix hexadecimal notation to display the symbolic value. Radix can only be "D" in decimal format, "O" in octal format, or "x" in hexadecimal format.
      -- Target = bfdname: Specify the format of the target code, rather than the default format of the system.
      -U or -- undefined-only: Only undefined symbols (those external symbols) are displayed ).
      -L or -- line-numbers: Use debugging information for each symbol to find the file name and row number. For the defined symbols, find the line number of the symbol address. For undefined symbols, find the row number pointing to the symbol relocation entry. If you can find the row number information, it is displayed after the symbol information.
      -V or -- version: displays the NM version number.
      -- Help: displays any options of nm.
3. The objdump file commands are incredibly powerful. The preceding two commands (AR, nm) can be implemented. It is mainly used to view the content of the object file.
   1. Common Methods:
      1. Objdump-H file <. O,. A,. Out> // view all the sections of the object file. For example:
         # Objdump-H libtest1.o
         Libtest1.o: File Format elf32-i386
         Sections:
         Idx name size vma lma file off algn
         0. Text 00000014 00000000 00000000 2 ** 2
         Contents, alloc, load, reloc, readonly, code
         1. Data 00000000 00000000 00000000 00000048 2 ** 2
         Contents, alloc, load, Data
         2. BSS 00000000 00000000 00000000 00000048 2 ** 2
         Alloc
         3. rodata 0000000e 00000000 00000000 00000048 2 ** 0
         Contents, alloc, load, readonly, Data
         4. Comment comment 001f 00000000 00000000 00000056 2 ** 0
         Contents, readonly
         5. Note. GNU-stack 00000000 00000000 00000000 00000075 2 ** 0
         Contents, readonly
      2. Objdump-T: view the list of all symbols in the object file, which is equivalent to nm-s objfilename, for example:
         # Objdump-T libtest1.o

         Libtest1.o: File Format elf32-i386

         Symbol table:
         00000000 l DF * ABS * 00000000 libtest1.c
         00000000 l d. Text 00000000. Text
         00000000 l d. Data 00000000. Data
         00000000 l d. BSS 00000000. BSS
         00000000 l d. rodata 00000000. rodata
         00000000 l d. Note. GNU-stack 00000000. Note. GNU-Stack
         00000000 l d. Comment 00000000. Comment
         00000000g f. Text 00000014 print_test1
         00000000 * und * 00000000 puts

   2. For more information, see options:
      -- Archive-headers
      -A: displays the member information of the archive, which is similar to that of ar TV.

      Objdump-A Libpcap.
      Comparison with the ar-TV Libpcap. A display result
      Obviously, this option is meaningless.

      -- Adjust-VMA = offset
      When dumping information, first add offset to all
      The section addresses. This is useful if the sec-
      Tion addresses do not correspond to the symbol
      Table, which can happen when putting sections
      Particle ses SSEs when using a format which can
      Not Represent section addresses, such as A. Out.

      -B bfdname
      -- Target = bfdname
      Specify the target format. This is not necessary. objdump can automatically recognize many formats,
      For example: objdump-B oasys-M VAX-H Fu. o
      Displays the summary of the Fu. O header, explicitly indicating that the file is oasys In the VAX system.
      The target file generated by the compiler. Objdump-I will show what can be specified here
      Target code format list

      -- Demangle
      -C decodes the underlying symbolic names into user-level names, except for removing all prefixes
      In addition to the underline, the C ++ function name is displayed in an understandable way.

      -- Debugging
      Displays debugging information. Attempt to parse the debugging information stored in the file and use the C Language
      . Only some types of debugging information are supported.

      -- Disassemble
      -D. disassemble the sections with the instruction machine code.

      -- Disassemble-all
      -D is similar to-D, but disassembles all sections.

      -- Prefix-Addresses
      The complete address of each line is displayed during disassembly. This is an old disassembly format.
      The display effect is not ideal, but some of them may be used for comparison.

      -- Disassemble-Zeroes
      Generally, the zero part of the large part will be omitted in the disassembly output. This option will make the zero part be decompiled.

      -EB
      -El
      -- Endian = {big | little}
      This option will affect the decompiling command.
      Little-Endian is what we often say when we were playing assembly under DOS,
      This is the case for x86.

      -- File-headers
      -F displays the overall header summary of each object in the objfile.

      -- Section-headers
      -- Headers
      -H: displays the header summary of each section in the target file.

      -- Help brief help information.

      -- Info
      -I displays the list of architectures and target formats available for-B or-m options.

      -- Section = Name
      -J name only displays the information of the specified section.

      -- Line-Numbers
      -L mark the target code with the file name and line number, and only use it with-D,-D, or-R.
      The difference between using-LD and using-D is not great. It is useful in source code-level debugging and requires
      Debugging and compilation options such as-G are used during compilation.

      -- Architecture = Machine
      -M Machine
      The architecture used to specify the target file for disassembly.
      This option is useful for architecture information (such as S-records. You can use the-I option.
      List the architectures that can be specified here

      -- Reloc
      -R displays the relocation entry of the file. If it is used with-D or-D, the relocation part is reversed.
      The edited format is displayed.

      -- Dynamic-reloc
      -R: displays the dynamic relocation entry of a file, which is only meaningful to the dynamic target file, for example, some
      Shared library.

      -- Full-Contents
      -S: displays the complete content of the specified section.

      Objdump -- Section =. Text-s inet. o | more

      -- Source
      -S decomassembles the source code as much as possible, especially when the-G debugging parameter is specified during compilation,
      The effect is obvious. The-D parameter is hidden.

      -- Show-raw-insn
      During disassembly, the machine code corresponding to each assembly instruction is displayed, unless
      -- Prefix-addresses, which is the default option.

      -- No-show-raw-insn
      During disassembly, the machine code of the Assembly command is not displayed. This is the -- prefix-addresses parameter.
      Option.

      -- Stabs
      Display the contents of the. Stab,. Stab. index, and
      . Stab. excl sections from an elf file. This is only
      Useful on systems (such as Solaris 2.0) in which
      . Stab debugging symbol-table entries are carried in
      An elf section. In most other file formats, debug-
      Ging symbol-table entries are interleaved
      Linkage symbols, and are visible in the -- Syms output.

      -- Start-address = address
      Data is displayed from the specified address. This option affects the output of the-D,-R, and-s options.

      -- Stop-address = address
      Displays data until the specified address. This option affects the output of the-D,-R, and-s options.

      -- Syms
      -T indicates the entry to the symbol table of the file. Similar to the information provided by nm-S

      -- Dynamic-Syms
      -T displays the file's dynamic symbol table entry, which is only meaningful to the dynamic target file, for example, some
      Shared library. The information displayed is similar to the information displayed by nm-d | -- Dynamic.

      -- Version Version

      Objdump -- version

      -- All-headers
      -X displays all available header information, including the symbol table and relocation entry. -X is equivalent
      -A-f-h-r-t is specified at the same time.

      Objdump-x inet. o