ar,静态库生成器
Usage: ar [emulation options] [-]{dmpqrstx}[abcDfilMNoPsSTuvV] [member-name] [count] archive-file file...
ar -M [<mri-script]
commands:
d - delete file(s) from the archive
m[ab] - move file(s) in the archive
p - print file(s) found in the archive
q[f] - quick append file(s) to the archive
r[ab][f][u] - replace existing or insert new file(s) into the archive
s - act as ranlib
t - display contents of archive
x[o] - extract file(s) from the archive
command specific modifiers:
[a] - put file(s) after [member-name]
[b] - put file(s) before [member-name] (same as [i])
[D] - use zero for timestamps and uids/gids
[N] - use instance [count] of name
[f] - truncate inserted file names
[P] - use full path names when matching
[o] - preserve original dates
[u] - only replace files that are newer than current archive contents
generic modifiers:
[c] - do not warn if the library had to be created
[s] - create an archive index (cf. ranlib)
[S] - do not build a symbol table
[T] - make a thin archive
[v] - be verbose
[V] - display the version number
@<file> - read options from <file>
--target=BFDNAME - specify the target object format as BFDNAME
常用:
1、解压
ar x libm.a
在当前文件夹下有*.o
2、ar crs libx.a a.o b.o
将a.o b.o 放入libx.a中
c参数表示创建一个档案文件,
r参数指示将文件增加到所创建的库文件中,
s参数是为了生成库索引以提高库被链接时的效率。
3、ar t libmy.a
查看静态库中的内容
4、ar d libmy.a foo.o
删除库中的目标文件
nm,符号显示器
nm用于列出程序文件中的符号
Usage: nm [option(s)] [file(s)]
List symbols in [file(s)] (a.out by default).
The options are:
-a, --debug-syms Display debugger-only symbols
-A, --print-file-name Print name of the input file before every symbol
-B Same as --format=bsd
-C, --demangle[=STYLE] Decode low-level symbol names into user-level names
The STYLE, if specified, can be `auto' (the default),
`gnu', `lucid', `arm', `hp', `edg', `gnu-v3', `java'
or `gnat'
--no-demangle Do not demangle low-level symbol names
-D, --dynamic Display dynamic symbols instead of normal symbols
--defined-only Display only defined symbols
-e (ignored)
-f, --format=FORMAT Use the output format FORMAT. FORMAT can be `bsd',
`sysv' or `posix'. The default is `bsd'
-g, --extern-only Display only external symbols
-l, --line-numbers Use debugging information to find a filename and
line number for each symbol
-n, --numeric-sort Sort symbols numerically by address
-o Same as -A
-p, --no-sort Do not sort the symbols
-P, --portability Same as --format=posix
-r, --reverse-sort Reverse the sense of the sort
-S, --print-size Print size of defined symbols
-s, --print-armap Include index for symbols from archive members
--size-sort Sort symbols by size
--special-syms Include special symbols in the output
--synthetic Display synthetic symbols as well
-t, --radix=RADIX Use RADIX for printing symbol values
--target=BFDNAME Specify the target object format as BFDNAME
-u, --undefined-only Display only undefined symbols
-X 32_64 (ignored)
@FILE Read options from FILE
-h, --help Display this information
-V, --version Display this program's version number
nm -n test
------显示有删减--------
00400000 A __image_base__
00401000 t .text
00401000 T _WinMainCRTStartup
00401000 T _mainCRTStartup
00401090 t .text
00401090 T _foo
nm列出三列信息,第一列表示程序运行时内存符号在内存中的地址,它表示函数或变量的开始地址;
第二列是指相应的符号存放在哪一个段;
最后一列则是符号的名称。
| 字母 | 说明 |
| A | 表示符号所对应的值是绝对的且在以后的连接过程中也不会改变 |
| B或b | 表示符号位于未初始化的数据段(.bss段)中 |
| C | 表示没有被初始化的公共符号 |
| D或d | 表示符号位于初始化的数据段(.data段)中 |
| N | 表示符号是调试用的 |
| p | 表示符号位于一个栈回溯段中 |
| R或r | 表示符号位于只读数据段(.rdata段)中 |
| T或t | 表示符号位于代码段(.text段)中 |
| U | 表示符号没有被定义 |
nm -s查看库文件中的索引信息。
objdump,信息查看器
Usage: objdump <option(s)> <file(s)>
Display information from object <file(s)>.
At least one of the following switches must be given:
-a, --archive-headers Display archive header information
-f, --file-headers Display the contents of the overall file header
-p, --private-headers Display object format specific file header contents
-P, --private=OPT,OPT... Display object format specific contents
-h, --[section-]headers Display the contents of the section headers
-x, --all-headers Display the contents of all headers
-d, --disassemble Display assembler contents of executable sections
-D, --disassemble-all Display assembler contents of all sections
-S, --source Intermix source code with disassembly
-s, --full-contents Display the full contents of all sections requested
-g, --debugging Display debug information in object file
-e, --debugging-tags Display debug information using ctags style
-G, --stabs Display (in raw form) any STABS info in the file
-W[lLiaprmfFsoRt] or
--dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,
=frames-interp,=str,=loc,=Ranges,=pubtypes,
=gdb_index,=trace_info,=trace_abbrev,=trace_aranges]
Display DWARF info in the file
-t, --syms Display the contents of the symbol table(s)
-T, --dynamic-syms Display the contents of the dynamic symbol table
-r, --reloc Display the relocation entries in the file
-R, --dynamic-reloc Display the dynamic relocation entries in the file
@<file> Read options from <file>
-v, --version Display this program's version number
-i, --info List object formats and architectures supported
-H, --help Display this information
The following switches are optional:
-b, --target=BFDNAME Specify the target object format as BFDNAME
-m, --architecture=MACHINE Specify the target architecture as MACHINE
-j, --section=NAME Only display information for section NAME
-M, --disassembler-options=OPT Pass text OPT on to the disassembler
-EB --endian=big Assume big endian format when disassembling
-EL --endian=little Assume little endian format when disassembling
--file-start-context Include context from start of file (with -S)
-I, --include=DIR Add DIR to search list for source files
-l, --line-numbers Include line numbers and filenames in output
-F, --file-offsets Include file offsets when displaying information
-C, --demangle[=STYLE] Decode mangled/processed symbol names
The STYLE, if specified, can be `auto', `gnu',
`lucid', `arm', `hp', `edg', `gnu-v3', `java'
or `gnat'
-w, --wide Format output for more than 80 columns
-z, --disassemble-zeroes Do not skip blocks of zeroes when disassembling
--start-address=ADDR Only process data whose address is >= ADDR
--stop-address=ADDR Only process data whose address is <= ADDR
--prefix-addresses Print complete address alongside disassembly
--[no-]show-raw-insn Display hex alongside symbolic disassembly
--insn-width=WIDTH Display WIDTH bytes on a single line for -d
--adjust-vma=OFFSET Add OFFSET to all displayed section addresses
--special-syms Include special symbols in symbol dumps
--prefix=PREFIX Add PREFIX to absolute paths for -S
--prefix-strip=LEVEL Strip initial directory names for -S
--dwarf-depth=N Do not display DIEs at depth N or greater
--dwarf-start=N Display DIEs starting with N, at the same depth
or deeper
常用:
查看各段内容:
objdump -h test
查看编码过的调试段DWARF内容:
objdump -W test
查看汇编代码:
objdump -d test
查看汇编代码所对应的C源程序(为了源代码和汇编一一对应,不要使用-O2优化):
objdump -S -d test
显示程序文件的头文件:
objdump -f test
查看某段具体内容
objdump -s -j .data test
objcopy,段剪辑器
抽取某个段
objcopy -j .text test onlytest
删除某个段
objcopy -R test notest
取出调试信息(同strip)
objcopy --strip-debug test
objcopy最为重要的功能是按照需要抽取程序文件中的段。在有的嵌入式系统中,比如制作引导加载器时就需要用到objcopy,抽取代码段,烧到启动运行地址处。
objcopy还可以改变段的地址。
ranlib,库索引生成器
类似于ar 的s参数的功能,主要作用是生成索引后的库链接速度更快。
nm -s libmy.a可以查看档案文件中的索引信息
size,段大小观察器
size -A test 可列出详细的段信息
strings,字符串窥视器
可以窥视到程序文件中的很多信息。即使将程序文件中的调试信息给去除了,放在.data(或者.rdata)中的。
__FILE__等宏对应的字符串会被放入.rdata中
如果密码等用字符串表示那要小心。
如果程序中存在版本信息的字符串,那可以用strings获得程序的版本信息。
strip,程序文件瘦身器
strip有的功能objcopy也有。
158
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
