雑なメモ書き

気楽にいきます

objdumpを触ってみた

  • objdumpというコマンドのオプションを調べてたら
  • わりかし面白そうなので試して見た

--disassemble

Disassembly of section .init:

00000000000004e8 <_init>:
 4e8:   48 83 ec 08             sub    $0x8,%rsp
 4ec:   48 8b 05 f5 0a 20 00    mov    0x200af5(%rip),%rax        # 200fe8 <__gmon_start__>
 4f3:   48 85 c0                test   %rax,%rax
 4f6:   74 02                   je     4fa <_init+0x12>
 4f8:   ff d0                   callq  *%rax
 4fa:   48 83 c4 08             add    $0x8,%rsp
 4fe:   c3                      retq   

Disassembly of section .plt:

0000000000000500 <.plt>:
 500:   ff 35 ba 0a 20 00       pushq  0x200aba(%rip)        # 200fc0 <_GLOBAL_OFFSET_TABLE_+0x8>
 506:   ff 25 bc 0a 20 00       jmpq   *0x200abc(%rip)        # 200fc8 <_GLOBAL_OFFSET_TABLE_+0x10>
 50c:   0f 1f 40 00             nopl   0x0(%rax)

0000000000000510 <puts@plt>:
 510:   ff 25 ba 0a 20 00       jmpq   *0x200aba(%rip)        # 200fd0 <puts@GLIBC_2.2.5>
 516:   68 00 00 00 00          pushq  $0x0
 51b:   e9 e0 ff ff ff          jmpq   500 <.plt>

--debugging

  • debug情報を表示する
  • 情報量が多すぎて全部載せられない
Raw dump of debug contents of section .debug_line:

  Offset:                      0x0
  Length:                      205
  DWARF Version:               2
  Prologue Length:             179
  Minimum Instruction Length:  1
  Initial value of 'is_stmt':  1
  Line Base:                   -5
  Line Range:                  14
  Opcode Base:                 13

 Opcodes:
  Opcode 1 has 0 args
  Opcode 2 has 1 arg
  Opcode 3 has 1 arg
  Opcode 4 has 1 arg
  Opcode 5 has 1 arg
  Opcode 6 has 0 args
  Opcode 7 has 0 args
  Opcode 8 has 0 args
  Opcode 9 has 1 arg
  Opcode 10 has 0 args
  Opcode 11 has 0 args
  Opcode 12 has 1 arg

 The Directory Table (offset 0x1b):
  1 /usr/lib/gcc/x86_64-linux-gnu/7/include
  2 /usr/include/x86_64-linux-gnu/bits
  3 /usr/include

 The File Name Table (offset 0x74):
  Entry Dir Time    Size    Name
  1 0   0   0   main.c
  2 1   0   0   stddef.h
  3 2   0   0   types.h
  4 2   0   0   libio.h
  5 3   0   0   stdio.h
  6 2   0   0   sys_errlist.h

--source

  • これがおもしろくて
  • 可能であればコードと逆アセンブル結果を表示してくれる
000000000000063a <main>:
#include <stdio.h>

int main()
{
 63a:   55                      push   %rbp
 63b:   48 89 e5                mov    %rsp,%rbp
    printf("Hello,World\n");
 63e:   48 8d 3d 9f 00 00 00    lea    0x9f(%rip),%rdi        # 6e4 <_IO_stdin_used+0x4>
 645:   e8 c6 fe ff ff          callq  510 <puts@plt>
    return 0;
 64a:   b8 00 00 00 00          mov    $0x0,%eax
}
 64f:   5d                      pop    %rbp
 650:   c3                      retq   
 651:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
 658:   00 00 00 
 65b:   0f 1f 44 00 00          nopl   0x0(%rax,%rax,1)