00. 目錄
01. GCC的二進制工具
objdump 顯示目標文件信息
objcopy 複製目標文件
02. objdump
objdump用於顯示一個或者多個目標文件的信息,由其選項來控制顯示那些特定的信息。可以通過objdump軟件反彙編執行程序,獲得執行程序的彙編格式。
objdump用法如下
deng@itcast:~$ objdump --help
用法:objdump <選項> <文件>
顯示來自目標 <文件> 的信息。
至少必須給出以下選項之一:
-a, --archive-headers 顯示頭信息
-f, --file-headers 全面顯示文件頭
-p, --private-headers 顯示對象格式指定文件頭信息
-P, --private=OPT,OPT... Display object format specific contents
-h, --[section-]headers 顯示接頭中的內容
-x, --all-headers 顯示所有可用到的頭信息,包括符號表和重定位入口。
-d, --disassemble 顯示目標文件中的機器指令使用的彙編語言。該選項僅僅反彙編那些應該含有指令機器碼的節。
-D, --disassemble-all 反彙編所有節的內容
--disassemble=<sym> Display assembler contents from <sym>
-S, --source 儘可能顯示與反彙編混合的源代碼
--source-comment[=<txt>] Prefix lines of source code with <txt>
-s, --full-contents 顯示任何指定節的全部內容
-g, --debugging 顯示目標文件調試信息
-e, --debugging-tags 顯示目標文件使用ctags格式調試信息
-G, --stabs 顯示所有文件中的STABS信息
-W[lLiaprmfFsoRtUuTgAckK] or
--dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,
=frames-interp,=str,=loc,=Ranges,=pubtypes,
=gdb_index,=trace_info,=trace_abbrev,=trace_aranges,
=addr,=cu_index,=links,=follow-links]
Display DWARF info in the file
--ctf=SECTION Display CTF info from SECTION
-t, --syms 顯示符號表內容
-T, --dynamic-syms 顯示動態符號表內容
-r, --reloc 顯示文件的重定向入口
-R, --dynamic-reloc Display the dynamic relocation entries in the file
@<file> Read options from <file>
-v, --version Display this program's version number
-i, --info List object formats and architectures supported
-H, --help Display this information
以下選項是可選的:
-b, --target=BFDNAME 指定目標對象格式爲BFDNAME
-m, --architecture=MACHINE 指定體系結構爲MACHINE
-j, --section=NAME 只顯示名稱爲NAME的節信息
-M, --disassembler-options=OPT 反彙編器中通過文本OPT
-EB --endian=big 指定大端格式
-EL --endian=little 指定小端格式
--file-start-context 包含從文件開始的上下文(與-S一起使用)
-I, --include=DIR 增加目錄爲搜索路徑
-l, --line-numbers 在輸出中包含行號和文件名
-F, --file-offsets Include file offsets when displaying information
-C, --demangle[=STYLE] 將底層的符號解碼位用戶層的符號
The STYLE, if specified, can be `auto', `gnu',
`lucid', `arm', `hp', `edg', `gnu-v3', `java'
or `gnat'
--recurse-limit Enable a limit on recursion whilst demangling. [Default]
--no-recurse-limit Disable a limit on recursion whilst demangling
-w, --wide 對超過80列的輸出設備指定一些行的格式
-z, --disassemble-zeroes Do not skip blocks of zeroes when disassembling
--start-address=ADDR Only process data whose address is >= ADDR
--stop-address=ADDR Only process data whose address is < ADDR
--prefix-addresses Print complete address alongside disassembly
--[no-]show-raw-insn 在符號反彙編前顯示十六進制信息
--insn-width=WIDTH Display WIDTH bytes on a single line for -d
--adjust-vma=OFFSET 在所有節地址前增加OFFSET偏移量
--special-syms 在符號dumps中包含特殊符號
--inlines Print all inlines for source line (with -l)
--prefix=PREFIX Add PREFIX to absolute paths for -S
--prefix-strip=LEVEL Strip initial directory names for -S
--dwarf-depth=N Do not display DIEs at depth N or greater
--dwarf-start=N Display DIEs starting with N, at the same depth
or deeper
--dwarf-check Make additional dwarf internal consistency checks.
--ctf-parent=SECTION Use SECTION as the CTF parent
--visualize-jumps Visualize jumps by drawing ASCII art lines
--visualize-jumps=color Use colors in the ASCII art
--visualize-jumps=extended-color Use extended 8-bit color codes
--visualize-jumps=off Disable jump visualization
objdump:支持的目標: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 pei-i386 pei-x86-64 elf64-l1om
elf64-k1om elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 srec
symbolsrec verilog tekhex binary ihex plugin
objdump:支持的體系結構: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel i386:x64-32:intel
i386:nacl i386:x86-64:nacl i386:x64-32:nacl iamcu iamcu:intel l1om l1om:intel k1om k1om:intel
The following i386/x86-64 specific disassembler options are supported for use
with the -M switch (multiple options should be separated by commas):
x86-64 Disassemble in 64bit mode
i386 Disassemble in 32bit mode
i8086 Disassemble in 16bit mode
att Display instruction in AT&T syntax
intel Display instruction in Intel syntax
att-mnemonic
Display instruction in AT&T mnemonic
intel-mnemonic
Display instruction in Intel mnemonic
addr64 Assume 64bit address size
addr32 Assume 32bit address size
addr16 Assume 16bit address size
data32 Assume 32bit data size
data16 Assume 16bit data size
suffix Always display instruction suffix in AT&T syntax
amd64 Display instruction in AMD64 ISA
intel64 Display instruction in Intel64 ISA
將 bug 報告到 <http://www.sourceware.org/bugzilla/>。
deng@itcast:~$
2.1 查看目標文件ELF頭信息
deng@itcast:~/share/3rd/1static_lib$ objdump -h add.o
add.o: 文件格式 elf64-x86-64
節:
Idx Name Size VMA LMA File off Algn
0 .text 00000018 0000000000000000 0000000000000000 00000040 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
1 .data 00000000 0000000000000000 0000000000000000 00000058 2**0
CONTENTS, ALLOC, LOAD, DATA
2 .bss 00000000 0000000000000000 0000000000000000 00000058 2**0
ALLOC
3 .comment 00000025 0000000000000000 0000000000000000 00000058 2**0
CONTENTS, READONLY
4 .note.GNU-stack 00000000 0000000000000000 0000000000000000 0000007d 2**0
CONTENTS, READONLY
5 .note.gnu.property 00000020 0000000000000000 0000000000000000 00000080 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .eh_frame 00000038 0000000000000000 0000000000000000 000000a0 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
deng@itcast:~/share/3rd/1static_lib$
2.2 查看可執行文件ELF頭信息
deng@itcast:~/test$ objdump -h a.out
a.out: 文件格式 elf64-x86-64
節:
Idx Name Size VMA LMA File off Algn
0 .interp 0000001c 0000000000000318 0000000000000318 00000318 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.gnu.property 00000020 0000000000000338 0000000000000338 00000338 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 0000000000000358 0000000000000358 00000358 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .note.ABI-tag 00000020 000000000000037c 000000000000037c 0000037c 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .gnu.hash 00000024 00000000000003a0 00000000000003a0 000003a0 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynsym 000000a8 00000000000003c8 00000000000003c8 000003c8 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .dynstr 00000082 0000000000000470 0000000000000470 00000470 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version 0000000e 00000000000004f2 00000000000004f2 000004f2 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .gnu.version_r 00000020 0000000000000500 0000000000000500 00000500 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rela.dyn 000000c0 0000000000000520 0000000000000520 00000520 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .rela.plt 00000018 00000000000005e0 00000000000005e0 000005e0 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
11 .init 0000001b 0000000000001000 0000000000001000 00001000 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .plt 00000020 0000000000001020 0000000000001020 00001020 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .plt.got 00000010 0000000000001040 0000000000001040 00001040 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .plt.sec 00000010 0000000000001050 0000000000001050 00001050 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
15 .text 00000185 0000000000001060 0000000000001060 00001060 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
16 .fini 0000000d 00000000000011e8 00000000000011e8 000011e8 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
17 .rodata 00000010 0000000000002000 0000000000002000 00002000 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
18 .eh_frame_hdr 00000044 0000000000002010 0000000000002010 00002010 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
19 .eh_frame 00000108 0000000000002058 0000000000002058 00002058 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
20 .init_array 00000008 0000000000003db8 0000000000003db8 00002db8 2**3
CONTENTS, ALLOC, LOAD, DATA
21 .fini_array 00000008 0000000000003dc0 0000000000003dc0 00002dc0 2**3
CONTENTS, ALLOC, LOAD, DATA
22 .dynamic 000001f0 0000000000003dc8 0000000000003dc8 00002dc8 2**3
CONTENTS, ALLOC, LOAD, DATA
23 .got 00000048 0000000000003fb8 0000000000003fb8 00002fb8 2**3
CONTENTS, ALLOC, LOAD, DATA
24 .data 00000010 0000000000004000 0000000000004000 00003000 2**3
CONTENTS, ALLOC, LOAD, DATA
25 .bss 00000008 0000000000004010 0000000000004010 00003010 2**0
ALLOC
26 .comment 00000024 0000000000000000 0000000000000000 00003010 2**0
CONTENTS, READONLY
deng@itcast:~/test$
2.3 對二進制文件進行反彙編
deng@itcast:~/share/3rd/1static_lib$ objdump -D add.o
add.o: 文件格式 elf64-x86-64
Disassembly of section .text:
0000000000000000 <add>:
0: f3 0f 1e fa endbr64
4: 55 push %rbp
5: 48 89 e5 mov %rsp,%rbp
8: 89 7d fc mov %edi,-0x4(%rbp)
b: 89 75 f8 mov %esi,-0x8(%rbp)
e: 8b 55 fc mov -0x4(%rbp),%edx
11: 8b 45 f8 mov -0x8(%rbp),%eax
14: 01 d0 add %edx,%eax
16: 5d pop %rbp
17: c3 retq
Disassembly of section .comment:
0000000000000000 <.comment>:
0: 00 47 43 add %al,0x43(%rdi)
3: 43 3a 20 rex.XB cmp (%r8),%spl
6: 28 55 62 sub %dl,0x62(%rbp)
9: 75 6e jne 79 <add+0x79>
b: 74 75 je 82 <add+0x82>
d: 20 39 and %bh,(%rcx)
f: 2e 33 2e xor %cs:(%rsi),%ebp
12: 30 2d 31 30 75 62 xor %ch,0x62753031(%rip) # 62753049 <add+0x62753049>
18: 75 6e jne 88 <add+0x88>
1a: 74 75 je 91 <add+0x91>
1c: 32 29 xor (%rcx),%ch
1e: 20 39 and %bh,(%rcx)
20: 2e 33 2e xor %cs:(%rsi),%ebp
23: 30 00 xor %al,(%rax)
Disassembly of section .note.gnu.property:
0000000000000000 <.note.gnu.property>:
0: 04 00 add $0x0,%al
2: 00 00 add %al,(%rax)
4: 10 00 adc %al,(%rax)
6: 00 00 add %al,(%rax)
8: 05 00 00 00 47 add $0x47000000,%eax
d: 4e 55 rex.WRX push %rbp
f: 00 02 add %al,(%rdx)
11: 00 00 add %al,(%rax)
13: c0 04 00 00 rolb $0x0,(%rax,%rax,1)
17: 00 03 add %al,(%rbx)
19: 00 00 add %al,(%rax)
1b: 00 00 add %al,(%rax)
1d: 00 00 add %al,(%rax)
...
Disassembly of section .eh_frame:
0000000000000000 <.eh_frame>:
0: 14 00 adc $0x0,%al
2: 00 00 add %al,(%rax)
4: 00 00 add %al,(%rax)
6: 00 00 add %al,(%rax)
8: 01 7a 52 add %edi,0x52(%rdx)
b: 00 01 add %al,(%rcx)
d: 78 10 js 1f <.eh_frame+0x1f>
f: 01 1b add %ebx,(%rbx)
11: 0c 07 or $0x7,%al
13: 08 90 01 00 00 1c or %dl,0x1c000001(%rax)
19: 00 00 add %al,(%rax)
1b: 00 1c 00 add %bl,(%rax,%rax,1)
1e: 00 00 add %al,(%rax)
20: 00 00 add %al,(%rax)
22: 00 00 add %al,(%rax)
24: 18 00 sbb %al,(%rax)
26: 00 00 add %al,(%rax)
28: 00 45 0e add %al,0xe(%rbp)
2b: 10 86 02 43 0d 06 adc %al,0x60d4302(%rsi)
31: 4f 0c 07 rex.WRXB or $0x7,%al
34: 08 00 or %al,(%rax)
...
deng@itcast:~/share/3rd/1static_lib$
03. objcopy命令
objcopy工具用於對某種格式的目標文件內容進行轉換,輸出爲另一種格式的目標文件。objcopy使用GNU BFD庫讀寫目標文件,通過這個BFD庫,objcopy能夠以一種不同與源目標文件的格式來生成目標文件。
objcopy通過訪問BFD庫中描述的所有格式的目標文件來識別大部分可執行文件的格式。例如,指定"srec"的輸出目標格式(使用 -O srec),objcopy就能夠生成S-records格式的目標文件。如果指定"binary"的輸出目標格式(使用-O binary)。objcopy能夠生成原始的二進制文件,即通常所說的image文件。當objcopy生成一個原始的二進制文件時,它必然會產生輸入目標文件內容的一個內存信息存儲。所有的符號和重定位信息將被丟棄,且內存信息轉儲將從已經複製到輸出文件的最底端的虛擬地址開始。當生成S-record或原始二進制文件時,使用-S有助於objcopy工具取出元文件中包含的調試信息。在某系情況下,-R可以用於去除二進制文件並不需要的信息。
deng@itcast:~/share/3rd/1static_lib$ objcopy --help
用法:objcopy [選項] 輸入文件 [輸出文件]
複製二進制文件,可能在此過程中進行變換
選項爲:
-I --input-target <bfdname> 假設輸入文件格式爲bfdname
-O --output-target <bfdname> 建立格式爲bfdname的輸出文件
-B --binary-architecture <arch> 當輸入爲二進制文件的時候,指定輸出的架構
-F --target <bfdname> 設定輸入和輸出文件格式爲bdfname
--debugging 如果有可能,轉換調試信息
-p --preserve-dates 保留修改 訪問輸出的時間戳
-D --enable-deterministic-archives
Produce deterministic output when stripping archives (default)
-U --disable-deterministic-archives
Disable -D behavior
-j --only-section <name> 只複製名稱爲name的節到輸出
--add-gnu-debuglink=<file> 增加.gnu_debuglink節連接到<file>
-R --remove-section <name> 從輸出中刪除名爲name的節
--remove-relocations <name> Remove relocations from section <name>
-S --strip-all 不復制源文件中重定位和符號信息
-g --strip-debug 不復制元文件中的調試信息
--strip-dwo Remove all DWO sections
--strip-unneeded Remove all symbols not needed by relocations
-N --strip-symbol <name> 不復制符號<name>
--strip-unneeded-symbol <name>
取出重定位處理不需要的所有符號
--only-keep-debug 只保留調試符號
--extract-dwo Copy only DWO sections
--extract-symbol Remove section contents but keep symbols
--keep-section <name> Do not strip section <name>
-K --keep-symbol <name> Do not strip symbol <name>
--keep-file-symbols Do not strip file symbol(s)
--localize-hidden Turn all ELF hidden symbols into locals
-L --localize-symbol <name> 強制符號name定義爲局部的
--globalize-symbol <name> Force symbol <name> to be marked as a global
-G --keep-global-symbol <name> 除了名稱爲name的符號,其它符號局部化
-W --weaken-symbol <name> Force symbol <name> to be marked as a weak
--weaken 弱化文件中所有全局符號
-w --wildcard 允許在符號比較中使用通配符
-x --discard-all 不從源文件中複製非全局符號
-X --discard-locals 不復制編譯器生成的局部符號
-i --interleave[=<number>] 只從number個字節中複製一份
--interleave-width <number> Set N for --interleave
-b --byte <num> Select byte <num> in every interleaved block
--gap-fill <val> Fill gaps between sections with <val>
--pad-to <addr> Pad the last section up to address <addr>
--set-start <addr> Set the start address to <addr>
{--change-start|--adjust-start} <incr>
Add <incr> to the start address
{--change-addresses|--adjust-vma} <incr>
Add <incr> to LMA, VMA and start addresses
{--change-section-address|--adjust-section-vma} <name>{=|+|-}<val>
Change LMA and VMA of section <name> by <val>
--change-section-lma <name>{=|+|-}<val>
Change the LMA of section <name> by <val>
--change-section-vma <name>{=|+|-}<val>
Change the VMA of section <name> by <val>
{--[no-]change-warnings|--[no-]adjust-warnings}
Warn if a named section does not exist
--set-section-flags <name>=<flags>
Set section <name>'s properties to <flags>
--set-section-alignment <name>=<align>
Set section <name>'s alignment to <align> bytes
--add-section <name>=<file> Add section <name> found in <file> to output
--update-section <name>=<file>
Update contents of section <name> with
contents found in <file>
--dump-section <name>=<file> Dump the contents of section <name> into <file>
--rename-section <old>=<new>[,<flags>] Rename section <old> to <new>
--long-section-names {enable|disable|keep}
Handle long section names in Coff objects.
--change-leading-char Force output format's leading character style
--remove-leading-char Remove leading character from global symbols
--reverse-bytes=<num> Reverse <num> bytes at a time, in output sections with content
--redefine-sym <old>=<new> Redefine symbol name <old> to <new>
--redefine-syms <file> --redefine-sym for all symbol pairs
listed in <file>
--srec-len <number> Restrict the length of generated Srecords
--srec-forceS3 Restrict the type of generated Srecords to S3
--strip-symbols <file> -N for all symbols listed in <file>
--strip-unneeded-symbols <file>
--strip-unneeded-symbol for all symbols listed
in <file>
--keep-symbols <file> -K for all symbols listed in <file>
--localize-symbols <file> -L for all symbols listed in <file>
--globalize-symbols <file> --globalize-symbol for all in <file>
--keep-global-symbols <file> -G for all symbols listed in <file>
--weaken-symbols <file> -W for all symbols listed in <file>
--add-symbol <name>=[<section>:]<value>[,<flags>] Add a symbol
--alt-machine-code <index> Use the target's <index>'th alternative machine
--writable-text Mark the output text as writable
--readonly-text Make the output text write protected
--pure Mark the output file as demand paged
--impure Mark the output file as impure
--prefix-symbols <prefix> Add <prefix> to start of every symbol name
--prefix-sections <prefix> Add <prefix> to start of every section name
--prefix-alloc-sections <prefix>
Add <prefix> to start of every allocatable
section name
--file-alignment <num> Set PE file alignment to <num>
--heap <reserve>[,<commit>] Set PE reserve/commit heap to <reserve>/
<commit>
--image-base <address> Set PE image base to <address>
--section-alignment <num> Set PE section alignment to <num>
--stack <reserve>[,<commit>] Set PE reserve/commit stack to <reserve>/
<commit>
--subsystem <name>[:<version>]
Set PE subsystem to <name> [& <version>]
--compress-debug-sections[={none|zlib|zlib-gnu|zlib-gabi}]
Compress DWARF debug sections using zlib
--decompress-debug-sections Decompress DWARF debug sections using zlib
--elf-stt-common=[yes|no] Generate ELF common symbols with STT_COMMON
type
--verilog-data-width <number> Specifies data width, in bytes, for verilog output
-M --merge-notes Remove redundant entries in note sections
--no-merge-notes Do not attempt to remove redundant notes (default)
-v --verbose List all object files modified
@<file> Read options from <file>
-V --version Display this program's version number
-h --help Display this output
--info List object formats & architectures supported
objcopy:支持的目標: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 pei-i386 pei-x86-64 elf64-l1om elf64-k1om
elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 srec symbolsrec verilog tekhex
binary ihex plugin
將 bug 報告到 <http://www.sourceware.org/bugzilla/>
deng@itcast:~/share/3rd/1static_lib$
3.1 生成純二進制文件
deng@itcast:~/test$ gcc test.c -o test
deng@itcast:~/test$ objcopy test -O binary test_bindata
# 僅包含機器碼和數據
deng@itcast:~/test$ file test_bindata
test_bindata: data
deng@itcast:~/test$
3.2 生成S-record格式的文件
deng@itcast:~/test$ objcopy test -O srec test_srec
deng@itcast:~/test$ file test_srec
test_srec: Motorola S-Record; binary data in text format
deng@itcast:~/test$
3.3 更改部分輸出文件的信息
# -S選項表示不復制重定位和符號信息 生成去掉符號後的可執行文件 與strip類似
deng@itcast:~/test$ objcopy test -S test_stripped
deng@itcast:~/test$ nm test_stripped
nm: test_stripped:無符號
deng@itcast:~/test$
3.4 指定要刪除的段
# 刪除了數據段的可執行文件
deng@itcast:~/test$ objcopy test -R .data test_removed
deng@itcast:~/test$ ./test_removed
hello world
deng@itcast:~/test$
3.5 應用示例
#include <stdio.h>
int bss_arrary[1024 * 1024] = {0};
int main(void)
{
printf("hello world\n");
return 0;
}
編譯之後的代碼
deng@itcast:~/test$ gcc test.c -o test
deng@itcast:~/test$ size test
text data bss dec hex filename
1565 600 4194336 4196501 400895 test
deng@itcast:~/test$
deng@itcast:~/test$ ls -lh test
-rwxrwxr-x 1 deng deng 17K 6月 18 22:31 test
deng@itcast:~/test$
# 使用strip去掉符號
deng@itcast:~/test$ strip test -o test_strip
deng@itcast:~/test$ ls -lh test test_strip
-rwxrwxr-x 1 deng deng 17K 6月 18 22:31 test
-rwxrwxr-x 1 deng deng 15K 6月 18 22:32 test_strip
deng@itcast:~/test$
deng@itcast:~/test$ objcopy -R .comment -R .note.ABI-tag -R .gnu.version test test1
deng@itcast:~/test$ ls -lh test test1
-rwxrwxr-x 1 deng deng 17K 6月 18 22:31 test
-rwxrwxr-x 1 deng deng 16K 6月 18 22:34 test1
deng@itcast:~/test$
04. 總結
GCC二進制工具中,ar用於生成歸檔文件,readelf、string、nm、objdump屬於信息獲取工具,strip、objcopy屬於目標文件轉換工具。
05. 附錄
5.1 【Linux】GCC程序開發工具(上)
5.2 【Linux】GCC程序開發工具(中)
5.3 【Linux】GCC程序開發工具(下)