收藏
下载资源下载资源 加入VIP,免费下载

objdump与readelf.docx

上传人:b****3 文档编号:27053272 上传时间:2023-06-26 格式:DOCX 页数:21 大小:21.45KB
下载 相关 举报
objdump与readelf.docx_第1页
第1页 / 共21页
objdump与readelf.docx_第2页
第2页 / 共21页
objdump与readelf.docx_第3页
第3页 / 共21页
objdump与readelf.docx_第4页
第4页 / 共21页
objdump与readelf.docx_第5页
第5页 / 共21页
点击查看更多>>
下载资源
资源描述

objdump与readelf.docx

《objdump与readelf.docx》由会员分享,可在线阅读,更多相关《objdump与readelf.docx(21页珍藏版)》请在冰豆网上搜索。

objdump与readelf.docx

objdump与readelf

objdump与readelf

对比objdump与readelfobjdump和readelf都可以用来查看二进制文件的一些内部信息.区别在于objdump

借助BFD而更加通用一些,可以应付不同文件格式,readelf则并不借助BFD,

而是直接读取ELF格式文件的信息,按readelf手册页上所说,得到的信息也略细致一些.

几个功能对比.1.反汇编代码

查看源代码被翻译成的汇编代码,大概有3种方法,

1)通过编译器直接从源文件生成,如gcc-S

2)对目标代码反汇编,一种是静态反汇编,就是使用objdump

3)另外一种就是对运行时的代码反汇编,一般通过gdb

readelf并不提供反汇编功能.objdump可以指定反汇编哪个节,一般只有对包含指令的节反汇编才有意义.而对于一些

其他的类型的节,objdump也可以将特殊节的数据以解析后的形式呈现出来,

例如对于.plt,输出如下:

[qtl@courierlib]$objdump-d-j.pltlibfoobar.solibfoobar.so:

fileformatelf32-i386Disassemblyofsection.plt:

000003a4<__gmon_start__@plt-0x10>:

3a4:

ffb304000000pushl0x4(%ebx)

3aa:

ffa308000000jmp*0x8(%ebx)

3b0:

0000add%al,(%eax)

...000003b4<__gmon_start__@plt>:

3b4:

ffa30c000000jmp*0xc(%ebx)

3ba:

6800000000push$0x0

3bf:

e9e0ffffffjmp3a4<_init+0x18>000003c4<cos@plt>:

3c4:

ffa310000000jmp*0x10(%ebx)

3ca:

6808000000push$0x8

3cf:

e9d0ffffffjmp3a4<_init+0x18>000003d4<fwrite@plt>:

3d4:

ffa314000000jmp*0x14(%ebx)

3da:

6810000000push$0x10

3df:

e9c0ffffffjmp3a4<_init+0x18>000003e4<fprintf@plt>:

3e4:

ffa318000000jmp*0x18(%ebx)

3ea:

6818000000push$0x18

3ef:

e9b0ffffffjmp3a4<_init+0x18>000003f4<__cxa_finalize@plt>:

3f4:

ffa31c000000jmp*0x1c(%ebx)

3fa:

6820000000push$0x20

3ff:

e9a0ffffffjmp3a4<_init+0x18>2.显示relocation节的条目

-r参数显示elf文件的类型为REL的节的信息,使用-S参数可以列出elf文件的

所有节的信息,其中也就包括了REL节.对于可重定位文件两者显示条目一致,最重要的offset和type以及Sym.Name都有.

下面是两者输出的对比.[qtl@courierlib]$readelf-rbar.oRelocationsection'.rel.text'atoffset0x4bccontains6entries:

OffsetInfoTypeSym.ValueSym.Name

0000000800000b02R_386_PC3200000000__i686.get_pc_thunk.bx

0000000e00000c0aR_386_GOTPC00000000_GLOBAL_OFFSET_TABLE_

0000002500000d04R_386_PLT3200000000cos

0000002e00000e03R_386_GOT3200000000stdout

0000004400000509R_386_GOTOFF00000000.rodata

0000005000000f04R_386_PLT3200000000fprintf[qtl@courierlib]$objdump-rbar.obar.o:

fileformatelf32-i386RELOCATIONRECORDSFOR[.text]:

OFFSETTYPEVALUE

00000008R_386_PC32__i686.get_pc_thunk.bx

0000000eR_386_GOTPC_GLOBAL_OFFSET_TABLE_

00000025R_386_PLT32cos

0000002eR_386_GOT32stdout

00000044R_386_GOTOFF.rodata

00000050R_386_PLT32fprintf对于共享库,[qtl@courierlib]$readelf-rlibfoobar.soRelocationsection'.rel.dyn'atoffset0x334contains6entries:

OffsetInfoTypeSym.ValueSym.Name

0000160800000008R_386_RELATIVE

0000170400000008R_386_RELATIVE

000016d400000106R_386_GLOB_DAT00000000__gmon_start__

000016d800000206R_386_GLOB_DAT00000000_Jv_RegisterClasses

000016dc00000606R_386_GLOB_DAT00000000stdout

000016e000000706R_386_GLOB_DAT00000000__cxa_finalizeRelocationsection'.rel.plt'atoffset0x364contains5entries:

OffsetInfoTypeSym.ValueSym.Name

000016f000000107R_386_JUMP_SLOT00000000__gmon_start__

000016f400000307R_386_JUMP_SLOT00000000cos

000016f800000407R_386_JUMP_SLOT00000000fwrite

000016fc00000507R_386_JUMP_SLOT00000000fprintf

0000170000000707R_386_JUMP_SLOT00000000__cxa_finalize[qtl@courierlib]$objdump-Rlibfoobar.solibfoobar.so:

fileformatelf32-i386DYNAMICRELOCATIONRECORDS

OFFSETTYPEVALUE

00001608R_386_RELATIVE*ABS*

00001704R_386_RELATIVE*ABS*

000016d4R_386_GLOB_DAT__gmon_start__

000016d8R_386_GLOB_DAT_Jv_RegisterClasses

000016dcR_386_GLOB_DATstdout

000016e0R_386_GLOB_DAT__cxa_finalize

000016f0R_386_JUMP_SLOT__gmon_start__

000016f4R_386_JUMP_SLOTcos

000016f8R_386_JUMP_SLOTfwrite

000016fcR_386_JUMP_SLOTfprintf

00001700R_386_JUMP_SLOT__cxa_finalize有上面可以看出,readelf的显示分节,而objdump则将两个节合在一起.readelf的

显示更加清晰一些.3.显示动态重定位条目(或者可以认为是动态链接相关的重定位条目)

(按objdump的manpage说明,只对dynamicobject有效,如某些类型的共享库)

readelf和objdump等价的命令为readelf-D-rfile和objdump-Rfile.对readelf使用-r和-D-r的区别,对于共享库在于数据的呈现方式略有不同.这两种

都将数据解析后呈现出来.前者显示的是相对于基地址的偏移,后者则显示绝对偏移量.

前者显示条目数,后者显示字节数.两者输出对比:

[qtl@courierlib]$readelf-D-rlibfoobar.so'REL'relocationsectionatoffset0x334contains48bytes:

OffsetInfoTypeSym.ValueSym.Name

0000160800000008R_386_RELATIVE

0000170400000008R_386_RELATIVE

000016d400000106R_386_GLOB_DAT00000000__gmon_start__

000016d800000206R_386_GLOB_DAT00000000_Jv_RegisterClasses

000016dc00000606R_386_GLOB_DAT00000000stdout

000016e000000706R_386_GLOB_DAT00000000__cxa_finalize'PLT'relocationsectionatoffset0x364contains40bytes:

OffsetInfoTypeSym.ValueSym.Name

000016f000000107R_386_JUMP_SLOT00000000__gmon_start__

000016f400000307R_386_JUMP_SLOT00000000cos

000016f800000407R_386_JUMP_SLOT00000000fwrite

000016fc00000507R_386_JUMP_SLOT00000000fprintf

0000170000000707R_386_JUMP_SLOT00000000__cxa_finalize[qtl@courierlib]$objdump-Rlibfoobar.solibfoobar.so:

fileformatelf32-i386DYNAMICRELOCATIONRECORDS

OFFSETTYPEVALUE

00001608R_386_RELATIVE*ABS*00001704R_386_RELATIVE*ABS*

000016d4R_386_GLOB_DAT__gmon_start__

000016d8R_386_GLOB_DAT_Jv_RegisterClasses

000016dcR_386_GLOB_DATstdout

000016e0R_386_GLOB_DAT__cxa_finalize

000016f0R_386_JUMP_SLOT__gmon_start__

000016f4R_386_JUMP_SLOTcos

000016f8R_386_JUMP_SLOTfwrite

000016fcR_386_JUMP_SLOTfprintf

00001700R_386_JUMP_SLOT__cxa_finalize另外有必要说明的是如果对可重定位文件(.o文件)应用这两个命令是无效的,

错误提示如下:

[qtl@courierlib]$readelf-D-rbar.oTherearenodynamicrelocationsinthisfile.[qtl@courierlib]$objdump-Rbar.obar.o:

fileformatelf32-i386objdump:

bar.o:

notadynamicobject

objdump:

bar.o:

Invalidoperation4.显示节信息:

readelf-S和objdump-h

对于可重定位文件,objdump-h不能显示.rel开头的节和.shstrtab,.symtab,.strtab.

而readelf的显示有一个.group节,其内容为节的group,可以用-g参数查看.

输出如下:

[qtl@courierlib]$readelf-Sbar.o

Thereare13sectionheaders,startingatoffset0x150:

SectionHeaders:

[Nr]NameTypeAddrOffSizeESFlgLkInfAl

[0]NULL0000000000000000000000000

[1].groupGROUP000000000000340000080411114

[2].textPROGBITS0000000000003c00005c00AX004

[3].rel.textREL000000000004bc000030081124

[4].dataPROGBITS0000000000009800000000WA004

[5].bssNOBITS0000000000009800000000WA004

[6].rodataPROGBITS0000000000009800000e00A001

[7].commentPROGBITS000000000000a600002e00001

[8].text.__i686.get_PROGBITS000000000000d400000400AXG001

[9].note.GNU-stackPROGBITS000000000000d800000000001

[10].shstrtabSTRTAB000000000000d800007500001

[11].symtabSYMTAB000000000003580001101012104

[12].strtabSTRTAB0000000000046800005300001

KeytoFlags:

W(write),A(alloc),X(execute),M(merge),S(strings)

I(info),L(linkorder),G(group),x(unknown)

O(extraOSprocessingrequired)o(OSspecific),p(processorspecific)[qtl@courierlib]$objdump-hbar.obar.o:

fileformatelf32-i386Sections:

IdxNameSizeVMALMAFileoffAlgn

0__i686.get_pc_thunk.bx000000080000000000000000000000342**2

CONTENTS,READONLY,EXCLUDE,GROUP,LINK_ONCE_DISCARD

1.text0000005c00000000000000000000003c2**2

CONTENTS,ALLOC,LOAD,RELOC,READONLY,CODE

2.data000000000000000000000000000000982**2

CONTENTS,ALLOC,LOAD,DATA

3.bss000000000000000000000000000000982**2

ALLOC

4.rodata0000000e0000000000000000000000982**0

CONTENTS,ALLOC,LOAD,READONLY,DATA

5.comment0000002e0000000000000000000000a62**0

CONTENTS,READONLY

6.text.__i686.get_pc_thunk.bx000000040000000000000000000000d42**0

CONTENTS,ALLOC,LOAD,READONLY,CODE

7.note.GNU-stack000000000000000000000000000000d82**0

CONTENTS,READONLY对于共享库,objdump-h仍然不能显示.shstrtab,.symtab,.strtab三个节,另外还有

一个区别在于readelf从一个NULL类型的节开始,而objdump的输出去掉了这个空的节.

[qtl@courierlib]$readelf-Slibfoobar.so

Thereare27sectionheaders,startingatoffset0x8f0:

SectionHeaders:

[Nr]NameTypeAddrOffSizeESFlgLkInfAl

[0]NULL0000000000000000000000000

[1].gnu.hashGNU_HASH000000b40000b400004804A204

[2].dynsymDYNSYM000000fc0000fc00011010A314

[3].dynstrSTRTAB0000020c00020c0000b300A001

[4].gnu.versionVERSYM000002c00002c000002202A202

[5].gnu.version_rVERNEED000002e40002e400005000A324

[6].rel.dynREL0000033400033400003008A204

[7].rel.pltREL0000036400036400002808A294

[8].initPROGBITS0000038c00038c00001700AX004

[9].pltPROGBITS000003a40003a400006004AX004

[10].textPROGBITS000004100004100001a400AX0016

[11].finiPROGBITS000005b40005b400001c00AX004

[12].rodataPROGBITS000005d00005d000001d00A001

[13].eh_framePROGBITS000005f00005f000000400A004

[14].ctorsPROGBITS000015f40005f400000800WA004

[15].dtorsPROGBITS000015fc0005fc00000800WA004

[16].jcrPROGBITS0000160400060400000400WA004

[17].data.rel.roPROGBITS0000160800060800000400WA004

[18].dynamicDYNAMIC0000160c00060c0000c808WA304

[19].gotPROGBITS000016d40006d400001004WA004

[20].got.pltPROGBITS000016e40006e400002004WA004

[21].dataPROGBITS0000170400070400000400WA004

[22].bssNOBITS0000170800070800001000WA004

[23].commentPROGBITS0000000000070800011400001

[24].shstrtabSTRTAB0000000000081c0000d200001

[25].symtabSYMTAB00000000000d280003d01026454

[26].strtabSTRTAB000000000010f80001d700001

KeytoFlags:

W(write),A(alloc),X(execute),M(merge),S(strings)

I(info),L(linkorder),G(group),x(unknown)

O(extraOSprocessingrequired)o(OSspecific),p(processorspecific)[qtl@courierlib]$objdump-hlibfoobar.solibfoobar.so:

fileformatelf32-i386Sections:

IdxNameSizeVMALMAFileoffAlgn

0.gnu.hash00000048000000b4000000b4000000b42**2

CONTENTS,ALLOC,LOAD,READONLY,

展开阅读全文
相关资源
猜你喜欢
相关搜索

当前位置:首页 > 经管营销 > 经济市场

copyright@ 2008-2022 冰豆网网站版权所有

经营许可证编号:鄂ICP备2022015515号-1