1 objdump反汇编示例
源文件main.c:
/* main.c */
#include
void swap(int* first, int* second)
{
int temp = *first;
*first = *second;
*second = temp;
}
int main(void)
{
int a = 10;
int b = 20;
printf("a = %d; b = %d;\n", a, b);
swap(&a, &b);
printf("a = %d; b = %d;\n", a, b);
return 0;
}
1.1 显示main.c的汇编代码
gcc -s -o main.s main.c
汇编文件main.s
.file "main.c"
.text
.globl swap
.type swap, @function
swap:
.lfb0:
.cfi_startproc
pushq %rbp
.cfi_def_cfa_offset 16
.cfi_offset 6, -16
movq %rsp, %rbp
.cfi_def_cfa_register 6
movq %rdi, -24(%rbp)
movq %rsi, -32(%rbp)
movq -24(%rbp), %rax
...
1.2 目标文件反汇编
gcc -c -o main.o main.c
objdump -s -d main.o > main.o.txt
目标文件main.o的反汇编结果输出到文件main.o.txt
反汇编同时显示源代码
gcc -g -c -o main.o main.c
objdump -s -d main.o > main.o.txt
显示源代码同时显示行号
objdump -j .text -ld -c -s main.o > main.o.txt
1.3 可执行文件反汇编
gcc -o main main.c
objdump -s -d main > main.txt
反汇编同时显示源代码
gcc -g -o main main.c
objdump -s -d main > main.txt
1.4 objdump反汇编常用参数
• objdump -d : 将代码段反汇编;
• objdump -s : 将代码段反汇编的同时,将反汇编代码与源代码交替显示,编译时需要使用-g参数,即需要调试信息;
• objdump -c : 将c 符号名逆向解析
• objdump -l : 反汇编代码中插入文件名和行号
• objdump -j section : 仅反汇编指定的section
2 objdump帮助信息
输出objdump帮助信息:
objdump --help或者 man objdump
usage: objdump
display information from object .
at least one of the following switches must be given:
-a, --archive-headers display archive header information
-f, --file-headers display the contents of the overall file header
-p, --private-headers display object format specific file header contents
-p, --private=opt,opt... display object format specific contents
-h, --[section-]headers display the contents of the section headers
-x, --all-headers display the contents of all headers
-d, --disassemble display assembler contents of executable sections
-d, --disassemble-all display assembler contents of all sections
-s, --source intermix source code with disassembly
-s, --full-contents display the full contents of all sections requested
-g, --debugging display debug information in object file
-e, --debugging-tags display debug information using ctags style
-g, --stabs display (in raw form) any stabs info in the file
-w[lliaprmffsort] or
--dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,
=frames-interp,=str,=loc,=ranges,=pubtypes,
=gdb_index,=trace_info,=trace_abbrev,=trace_aranges,
=addr,=cu_index]
display dwarf info in the file
-t, --syms display the contents of the symbol table(s)
-t, --dynamic-syms display the contents of the dynamic symbol table
-r, --reloc display the relocation entries in the file
-r, --dynamic-reloc display the dynamic relocation entries in the file @ read options from
-v, --version display this program's version number
-i, --info list object formats and architectures supported
-h, --help display this information
the following switches are optional:
-b, --target=bfdname specify the target object format as bfdname
-m, --architecture=machine specify the target architecture as machine
-j, --section=name only display information for section name
-m, --disassembler-options=opt pass text opt on to the disassembler
-eb --endian=big assume big endian format when disassembling
-el --endian=little assume little endian format when disassembling
--file-start-context include context from start of file (with -s)
-i, --include=dir add dir to search list for source files
-l, --line-numbers include line numbers and filenames in output
-f, --file-offsets include file offsets when displaying information
-c, --demangle[=style] decode mangled/processed symbol names
the style, if specified, can be `auto', `gnu',
`lucid', `arm', `hp', `edg', `gnu-v3', `java'
or `gnat'
-w, --wide format output for more than 80 columns
-z, --disassemble-zeroes do not skip blocks of zeroes when disassembling
--start-address=addr only process data whose address is >= addr
--stop-address=addr only process data whose address is <= addr
--prefix-addresses print complete address alongside disassembly
--[no-]show-raw-insn display hex alongside symbolic disassembly
--insn-width=width display width bytes on a single line for -d
--adjust-vma=offset add offset to all displayed section addresses
--special-syms include special symbols in symbol dumps
--prefix=prefix add prefix to absolute paths for -s
--prefix-strip=level strip initial directory names for -s
--dwarf-depth=n do not display dies at depth n or greater
--dwarf-start=n display dies starting with n, at the same depth
or deeper
--dwarf-check make additional dwarf internal consistency checks.
objdump: supported targets: elf64-x86-64 elf32-i386 elf32-x86-64 a.out-i386-linux pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little elf32-big plugin srec symbolsrec verilog tekhex binary ihex
objdump: supported architectures: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel i386:x64-32:intel l1om l1om:intel k1om k1om:intel plugin
the following i386/x86-64 specific disassembler options are supported for use
with the -m switch (multiple options should be separated by commas):
x86-64 disassemble in 64bit mode
i386 disassemble in 32bit mode
i8086 disassemble in 16bit mode
att display instruction in at&t syntax
intel display instruction in intel syntax
att-mnemonic
display instruction in at&t mnemonic
intel-mnemonic
display instruction in intel mnemonic
addr64 assume 64bit address size
addr32 assume 32bit address size
addr16 assume 16bit address size
data32 assume 32bit data size
data16 assume 16bit data size
suffix always display instruction suffix in at&t syntax
report bugs to .