一、介紹
在複雜比較難的程式中比如核心調試,會用到反彙編調試,當程式遇到一些未知的變量錯誤等,可以直接反彙編來檢視彙編代碼,一切一目了然。這裡介紹一個反彙編的使用方法
需要用到的工具 objdump
objdump安裝
ubuntu預設安裝了的
指令
objdump主要參數說明:
-a 檔案名 顯示目前檔案的格式
-d 檔案名 反彙編
-f 檔案名 顯示檔案頭資訊
-h 檔案名 顯示各section的頭資訊
-x 檔案名 顯示全部頭檔案資訊
-s 檔案名 顯示頭檔案資訊及所對十六進制資訊
-S 目标檔案 顯示反彙編代碼,将反彙編代碼與源代碼交替顯示,編譯時需要使用-g參數,即需要調試資訊;
-C 目标檔案 将C++符号名逆向解析
-l 檔案名 反彙編代碼中插入檔案名和行号
-j檔案名 僅反彙編指定的section
c程式轉彙編
gcc -S -o main.s main.c
.o檔案反彙編
objdump -s -d main.o > main.o.txt
gcc -g -c -o main.o main.c#編譯帶上-g反彙編會顯示源碼
objdump -S -d main.o > main.o.txt
objdump -j .text -ld -C -S main.o > main.o.txt#反彙編+顯示行号
可執行檔案反彙編
objdump -s -d main > main.txt
gcc -g -o main main.c#反彙編同時顯示源代碼
objdump -S -d main > main.txt
顯示檔案頭資訊
objdump -f main
顯示Section Header資訊
objdump -h main
顯示全部Header資訊
objdump -x main
顯示全部Header資訊,并顯示對應的十六進制檔案代碼
objdump -s main
輸出目标檔案的符号表
objdump -t obj
輸出目标檔案的所有段概述
objdump -h obj
反彙編test中的需要執行指令的那些section
反彙編test中的所有section
反彙編出源碼(指定section)
objdump -Slj .text obj
對任意二進制檔案進行反彙編
objdump -D -b binary -m i386 a.bin
其他使用方法在linux終端使用objdump --help檢視
[email protected]:~/Desktop/hello$ objdump --help
Usage: objdump <option(s)> <file(s)>
Display information from object <file(s)>.
At least one of the following switches must be given:
-a, --archive-headers Display archive header information
-f, --file-headers Display the contents of the overall file header
-p, --private-headers Display object format specific file header contents
-P, --private=OPT,OPT... Display object format specific contents
-h, --[section-]headers Display the contents of the section headers
-x, --all-headers Display the contents of all headers
-d, --disassemble Display assembler contents of executable sections
-D, --disassemble-all Display assembler contents of all sections
-S, --source Intermix source code with disassembly
-s, --full-contents Display the full contents of all sections requested
-g, --debugging Display debug information in object file
-e, --debugging-tags Display debug information using ctags style
-G, --stabs Display (in raw form) any STABS info in the file
-W[lLiaprmfFsoRt] or
--dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,
=frames-interp,=str,=loc,=Ranges,=pubtypes,
=gdb_index,=trace_info,=trace_abbrev,=trace_aranges,
=addr,=cu_index]
Display DWARF info in the file
-t, --syms Display the contents of the symbol table(s)
-T, --dynamic-syms Display the contents of the dynamic symbol table
-r, --reloc Display the relocation entries in the file
-R, --dynamic-reloc Display the dynamic relocation entries in the file
@<file> Read options from <file>
-v, --version Display this program's version number
-i, --info List object formats and architectures supported
-H, --help Display this information
The following switches are optional:
-b, --target=BFDNAME Specify the target object format as BFDNAME
-m, --architecture=MACHINE Specify the target architecture as MACHINE
-j, --section=NAME Only display information for section NAME
-M, --disassembler-options=OPT Pass text OPT on to the disassembler
-EB --endian=big Assume big endian format when disassembling
-EL --endian=little Assume little endian format when disassembling
--file-start-context Include context from start of file (with -S)
-I, --include=DIR Add DIR to search list for source files
-l, --line-numbers Include line numbers and filenames in output
-F, --file-offsets Include file offsets when displaying information
-C, --demangle[=STYLE] Decode mangled/processed symbol names
The STYLE, if specified, can be `auto', `gnu',
`lucid', `arm', `hp', `edg', `gnu-v3', `java'
or `gnat'
-w, --wide Format output for more than 80 columns
-z, --disassemble-zeroes Do not skip blocks of zeroes when disassembling
--start-address=ADDR Only process data whose address is >= ADDR
--stop-address=ADDR Only process data whose address is <= ADDR
--prefix-addresses Print complete address alongside disassembly
--[no-]show-raw-insn Display hex alongside symbolic disassembly
--insn-width=WIDTH Display WIDTH bytes on a single line for -d
--adjust-vma=OFFSET Add OFFSET to all displayed section addresses
--special-syms Include special symbols in symbol dumps
--prefix=PREFIX Add PREFIX to absolute paths for -S
--prefix-strip=LEVEL Strip initial directory names for -S
--dwarf-depth=N Do not display DIEs at depth N or greater
--dwarf-start=N Display DIEs starting with N, at the same depth
or deeper
--dwarf-check Make additional dwarf internal consistency checks.
objdump: supported targets: elf32-i386 a.out-i386-linux pei-i386 elf32-little elf32-big elf64-x86-64 elf32-x86-64 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big pe-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex binary ihex trad-core
objdump: supported architectures: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel i386:x64-32:intel i386:nacl i386:x86-64:nacl i386:x64-32:nacl l1om l1om:intel k1om k1om:intel plugin
The following i386/x86-64 specific disassembler options are supported for use
with the -M switch (multiple options should be separated by commas):
x86-64 Disassemble in 64bit mode
i386 Disassemble in 32bit mode
i8086 Disassemble in 16bit mode
att Display instruction in AT&T syntax
intel Display instruction in Intel syntax
att-mnemonic
Display instruction in AT&T mnemonic
intel-mnemonic
Display instruction in Intel mnemonic
addr64 Assume 64bit address size
addr32 Assume 32bit address size
addr16 Assume 16bit address size
data32 Assume 32bit data size
data16 Assume 16bit data size
suffix Always display instruction suffix in AT&T syntax
Report bugs to <http://www.sourceware.org/bugzilla/>.
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)