一、介绍
在复杂比较难的程序中比如内核调试,会用到反汇编调试,当程序遇到一些未知的变量错误等,可以直接反汇编来查看汇编代码,一切一目了然。这里介绍一个反汇编的使用方法
需要用到的工具 objdump
objdump安装
ubuntu默认安装了的
命令
objdump主要参数说明:
-a 文件名 显示当前文件的格式
-d 文件名 反汇编
-f 文件名 显示文件头信息
-h 文件名 显示各section的头信息
-x 文件名 显示全部头文件信息
-s 文件名 显示头文件信息及所对十六进制信息
-S 目标文件 显示反汇编代码,将反汇编代码与源代码交替显示,编译时需要使用-g参数,即需要调试信息;
-C 目标文件 将C++符号名逆向解析
-l 文件名 反汇编代码中插入文件名和行号
-j文件名 仅反汇编指定的section
c程序转汇编
gcc -S -o main.s main.c
.o文件反汇编
objdump -s -d main.o > main.o.txt
gcc -g -c -o main.o main.c#编译带上-g反汇编会显示源码
objdump -S -d main.o > main.o.txt
objdump -j .text -ld -C -S main.o > main.o.txt#反汇编+显示行号
可执行文件反汇编
objdump -s -d main > main.txt
gcc -g -o main main.c#反汇编同时显示源代码
objdump -S -d main > main.txt
显示文件头信息
objdump -f main
显示Section Header信息
objdump -h main
显示全部Header信息
objdump -x main
显示全部Header信息,并显示对应的十六进制文件代码
objdump -s main
输出目标文件的符号表
objdump -t obj
输出目标文件的所有段概述
objdump -h obj
反汇编test中的需要执行指令的那些section
objdump -d test
反汇编test中的所有section
objdump -D test
反汇编出源码(指定section)
objdump -Slj .text obj
对任意二进制文件进行反汇编
objdump -D -b binary -m i386 a.bin
其他使用方法在linux终端使用objdump --help查看
z@ubuntu:~/Desktop/hello$ objdump --help
Usage: objdump <option(s)> <file(s)>
Display information from object <file(s)>.
At least one of the following switches must be given:
-a, --archive-headers Display archive header information
-f, --file-headers Display the contents of the overall file header
-p, --private-headers Display object format specific file header contents
-P, --private=OPT,OPT... Display object format specific contents
-h, --[section-]headers Display the contents of the section headers
-x, --all-headers Display the contents of all headers
-d, --disassemble Display assembler contents of executable sections
-D, --disassemble-all Display assembler contents of all sections
-S, --source Intermix source code with disassembly
-s, --full-contents Display the full contents of all sections requested
-g, --debugging Display debug information in object file
-e, --debugging-tags Display debug information using ctags style
-G, --stabs Display (in raw form) any STABS info in the file
-W[lLiaprmfFsoRt] or
--dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,
=frames-interp,=str,=loc,=Ranges,=pubtypes,
=gdb_index,=trace_info,=trace_abbrev,=trace_aranges,
=addr,=cu_index]
Display DWARF info in the file
-t, --syms Display the contents of the symbol table(s)
-T, --dynamic-syms Display the contents of the dynamic symbol table
-r, --reloc Display the relocation entries in the file
-R, --dynamic-reloc Display the dynamic relocation entries in the file
@<file> Read options from <file>
-v, --version Display this program's version number
-i, --info List object formats and architectures supported
-H, --help Display this information
The following switches are optional:
-b, --target=BFDNAME Specify the target object format as BFDNAME
-m, --architecture=MACHINE Specify the target architecture as MACHINE
-j, --section=NAME Only display information for section NAME
-M, --disassembler-options=OPT Pass text OPT on to the disassembler
-EB --endian=big Assume big endian format when disassembling
-EL --endian=little Assume little endian format when disassembling
--file-start-context Include context from start of file (with -S)
-I, --include=DIR Add DIR to search list for source files
-l, --line-numbers Include line numbers and filenames in output
-F, --file-offsets Include file offsets when displaying information
-C, --demangle[=STYLE] Decode mangled/processed symbol names
The STYLE, if specified, can be `auto', `gnu',
`lucid', `arm', `hp', `edg', `gnu-v3', `java'
or `gnat'
-w, --wide Format output for more than 80 columns
-z, --disassemble-zeroes Do not skip blocks of zeroes when disassembling
--start-address=ADDR Only process data whose address is >= ADDR
--stop-address=ADDR Only process data whose address is <= ADDR
--prefix-addresses Print complete address alongside disassembly
--[no-]show-raw-insn Display hex alongside symbolic disassembly
--insn-width=WIDTH Display WIDTH bytes on a single line for -d
--adjust-vma=OFFSET Add OFFSET to all displayed section addresses
--special-syms Include special symbols in symbol dumps
--prefix=PREFIX Add PREFIX to absolute paths for -S
--prefix-strip=LEVEL Strip initial directory names for -S
--dwarf-depth=N Do not display DIEs at depth N or greater
--dwarf-start=N Display DIEs starting with N, at the same depth
or deeper
--dwarf-check Make additional dwarf internal consistency checks.
objdump: supported targets: elf32-i386 a.out-i386-linux pei-i386 elf32-little elf32-big elf64-x86-64 elf32-x86-64 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big pe-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex binary ihex trad-core
objdump: supported architectures: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel i386:x64-32:intel i386:nacl i386:x86-64:nacl i386:x64-32:nacl l1om l1om:intel k1om k1om:intel plugin
The following i386/x86-64 specific disassembler options are supported for use
with the -M switch (multiple options should be separated by commas):
x86-64 Disassemble in 64bit mode
i386 Disassemble in 32bit mode
i8086 Disassemble in 16bit mode
att Display instruction in AT&T syntax
intel Display instruction in Intel syntax
att-mnemonic
Display instruction in AT&T mnemonic
intel-mnemonic
Display instruction in Intel mnemonic
addr64 Assume 64bit address size
addr32 Assume 32bit address size
addr16 Assume 16bit address size
data32 Assume 32bit data size
data16 Assume 16bit data size
suffix Always display instruction suffix in AT&T syntax
Report bugs to <http://www.sourceware.org/bugzilla/>.