对比objdump与readelf
objdump和readelf都可以用来查看二进制文件的一些内部信息. 区别在于objdump
借助BFD而更加通用一些, 可以应付不同文件格式, readelf则并不借助BFD,
而是直接读取ELF格式文件的信息, 按readelf手册页上所说, 得到的信息也略细致一些.
几个功能对比.
1. 反汇编代码
查看源代码被翻译成的汇编代码, 大概有3种方法,
1) 通过编译器直接从源文件生成, 如gcc -S
2) 对目标代码反汇编, 一种是静态反汇编, 就是使用objdump
3) 另外一种就是对运行时的代码反汇编, 一般通过gdb
readelf并不提供反汇编功能.
objdump可以指定反汇编哪个节, 一般只有对包含指令的节反汇编才有意义. 而对于一些
其他的类型的节, objdump也可以将特殊节的数据以解析后的形式呈现出来,
例如对于.plt, 输出如下:
[qtl@courier lib]$ objdump -d -j .plt libfoobar.so
libfoobar.so: file format elf32-i386
Disassembly of section .plt:
000003a4 <__gmon_start__@plt-0x10>:
3a4: ff b3 04 00 00 00 pushl 0x4(%ebx)
3aa: ff a3 08 00 00 00 jmp *0x8(%ebx)
3b0: 00 00 add %al,(%eax)
...
000003b4 <__gmon_start__@plt>:
3b4: ff a3 0c 00 00 00 jmp *0xc(%ebx)
3ba: 68 00 00 00 00 push $0x0
3bf: e9 e0 ff ff ff jmp 3a4 <_init+0x18>
000003c4 <cos@plt>:
3c4: ff a3 10 00 00 00 jmp *0x10(%ebx)
3ca: 68 08 00 00 00 push $0x8
3cf: e9 d0 ff ff ff jmp 3a4 <_init+0x18>
000003d4 <fwrite@plt>:
3d4: ff a3 14 00 00 00 jmp *0x14(%ebx)
3da: 68 10 00 00 00 push $0x10
3df: e9 c0 ff ff ff jmp 3a4 <_init+0x18>
000003e4 <fprintf@plt>:
3e4: ff a3 18 00 00 00 jmp *0x18(%ebx)
3ea: 68 18 00 00 00 push $0x18
3ef: e9 b0 ff ff ff jmp 3a4 <_init+0x18>
000003f4 <__cxa_finalize@plt>:
3f4: ff a3 1c 00 00 00 jmp *0x1c(%ebx)
3fa: 68 20 00 00 00 push $0x20
3ff: e9 a0 ff ff ff jmp 3a4 <_init+0x18>
2. 显示relocation节的条目
-r参数显示elf文件的类型为REL的节的信息, 使用-S参数可以列出elf文件的
所有节的信息, 其中也就包括了REL节.
对于可重定位文件两者显示条目一致, 最重要的offset和type以及Sym.Name都有.
下面是两者输出的对比.
[qtl@courier lib]$ readelf -r bar.o
Relocation section '.rel.text' at offset 0x4bc contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00000008 00000b02 R_386_PC32 00000000 __i686.get_pc_thunk.bx
0000000e 00000c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
00000025 00000d04 R_386_PLT32 00000000 cos
0000002e 00000e03 R_386_GOT32 00000000 stdout
00000044 00000509 R_386_GOTOFF 00000000 .rodata
00000050 00000f04 R_386_PLT32 00000000 fprintf
[qtl@courier lib]$ objdump -r bar.o
bar.o: file format elf32-i386
RELOCATION RECORDS FOR [.text]:
OFFSET TYPE VALUE
00000008 R_386_PC32 __i686.get_pc_thunk.bx
0000000e R_386_GOTPC _GLOBAL_OFFSET_TABLE_
00000025 R_386_PLT32 cos
0000002e R_386_GOT32 stdout
00000044 R_386_GOTOFF .rodata
00000050 R_386_PLT32 fprintf
对于共享库,
[qtl@courier lib]$ readelf -r libfoobar.so
Relocation section '.rel.dyn' at offset 0x334 contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00001608 00000008 R_386_RELATIVE
00001704 00000008 R_386_RELATIVE
000016d4 00000106 R_386_GLOB_DAT 00000000 __gmon_start__
000016d8 00000206 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses
000016dc 00000606 R_386_GLOB_DAT 00000000 stdout
000016e0 00000706 R_386_GLOB_DAT 00000000 __cxa_finalize
Relocation section '.rel.plt' at offset 0x364 contains 5 entries:
Offset Info Type Sym.Value Sym. Name
000016f0 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__
000016f4 00000307 R_386_JUMP_SLOT 00000000 cos
000016f8 00000407 R_386_JUMP_SLOT 00000000 fwrite
000016fc 00000507 R_386_JUMP_SLOT 00000000 fprintf
00001700 00000707 R_386_JUMP_SLOT 00000000 __cxa_finalize
[qtl@courier lib]$ objdump -R libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC RELOCATION RECORDS
OFFSET TYPE VALUE
00001608 R_386_RELATIVE *ABS*
00001704 R_386_RELATIVE *ABS*
000016d4 R_386_GLOB_DAT __gmon_start__
000016d8 R_386_GLOB_DAT _Jv_RegisterClasses
000016dc R_386_GLOB_DAT stdout
000016e0 R_386_GLOB_DAT __cxa_finalize
000016f0 R_386_JUMP_SLOT __gmon_start__
000016f4 R_386_JUMP_SLOT cos
000016f8 R_386_JUMP_SLOT fwrite
000016fc R_386_JUMP_SLOT fprintf
00001700 R_386_JUMP_SLOT __cxa_finalize
有上面可以看出, readelf的显示分节, 而objdump则将两个节合在一起. readelf的
显示更加清晰一些.
3. 显示动态重定位条目(或者可以认为是动态链接相关的重定位条目)
(按objdump的man page说明, 只对dynamic object有效, 如某些类型的共享库)
readelf和objdump等价的命令为readelf -D -r file和objdump -R file.
对readelf使用-r和-D -r的区别, 对于共享库在于数据的呈现方式略有不同. 这两种
都将数据解析后呈现出来. 前者显示的是相对于基地址的偏移, 后者则显示绝对偏移量.
前者显示条目数, 后者显示字节数.
两者输出对比:
[qtl@courier lib]$ readelf -D -r libfoobar.so
'REL' relocation section at offset 0x334 contains 48 bytes:
Offset Info Type Sym.Value Sym. Name
00001608 00000008 R_386_RELATIVE
00001704 00000008 R_386_RELATIVE
000016d4 00000106 R_386_GLOB_DAT 00000000 __gmon_start__
000016d8 00000206 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses
000016dc 00000606 R_386_GLOB_DAT 00000000 stdout
000016e0 00000706 R_386_GLOB_DAT 00000000 __cxa_finalize
'PLT' relocation section at offset 0x364 contains 40 bytes:
Offset Info Type Sym.Value Sym. Name
000016f0 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__
000016f4 00000307 R_386_JUMP_SLOT 00000000 cos
000016f8 00000407 R_386_JUMP_SLOT 00000000 fwrite
000016fc 00000507 R_386_JUMP_SLOT 00000000 fprintf
00001700 00000707 R_386_JUMP_SLOT 00000000 __cxa_finalize
[qtl@courier lib]$ objdump -R libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC RELOCATION RECORDS
OFFSET TYPE VALUE
00001608 R_386_RELATIVE *ABS*
00001704 R_386_RELATIVE *ABS*
000016d4 R_386_GLOB_DAT __gmon_start__
000016d8 R_386_GLOB_DAT _Jv_RegisterClasses
000016dc R_386_GLOB_DAT stdout
000016e0 R_386_GLOB_DAT __cxa_finalize
000016f0 R_386_JUMP_SLOT __gmon_start__
000016f4 R_386_JUMP_SLOT cos
000016f8 R_386_JUMP_SLOT fwrite
000016fc R_386_JUMP_SLOT fprintf
00001700 R_386_JUMP_SLOT __cxa_finalize
另外有必要说明的是如果对可重定位文件(.o文件)应用这两个命令是无效的,
错误提示如下:
[qtl@courier lib]$ readelf -D -r bar.o
There are no dynamic relocations in this file.
[qtl@courier lib]$ objdump -R bar.o
bar.o: file format elf32-i386
objdump: bar.o: not a dynamic object
objdump: bar.o: Invalid operation
4. 显示节信息: readelf -S和objdump -h
对于可重定位文件, objdump -h不能显示.rel开头的节和.shstrtab, .symtab, .strtab.
而readelf的显示有一个.group节, 其内容为节的group, 可以用-g参数查看.
输出如下:
[qtl@courier lib]$ readelf -S bar.o
There are 13 section headers, starting at offset 0x150:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .group GROUP 00000000 000034 000008 04 11 11 4
[ 2] .text PROGBITS 00000000 00003c 00005c 00 AX 0 0 4
[ 3] .rel.text REL 00000000 0004bc 000030 08 11 2 4
[ 4] .data PROGBITS 00000000 000098 000000 00 WA 0 0 4
[ 5] .bss NOBITS 00000000 000098 000000 00 WA 0 0 4
[ 6] .rodata PROGBITS 00000000 000098 00000e 00 A 0 0 1
[ 7] .comment PROGBITS 00000000 0000a6 00002e 00 0 0 1
[ 8] .text.__i686.get_ PROGBITS 00000000 0000d4 000004 00 AXG 0 0 1
[ 9] .note.GNU-stack PROGBITS 00000000 0000d8 000000 00 0 0 1
[10] .shstrtab STRTAB 00000000 0000d8 000075 00 0 0 1
[11] .symtab SYMTAB 00000000 000358 000110 10 12 10 4
[12] .strtab STRTAB 00000000 000468 000053 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[qtl@courier lib]$ objdump -h bar.o
bar.o: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 __i686.get_pc_thunk.bx 00000008 00000000 00000000 00000034 2**2
CONTENTS, READONLY, EXCLUDE, GROUP, LINK_ONCE_DISCARD
1 .text 0000005c 00000000 00000000 0000003c 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
2 .data 00000000 00000000 00000000 00000098 2**2
CONTENTS, ALLOC, LOAD, DATA
3 .bss 00000000 00000000 00000000 00000098 2**2
ALLOC
4 .rodata 0000000e 00000000 00000000 00000098 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .comment 0000002e 00000000 00000000 000000a6 2**0
CONTENTS, READONLY
6 .text.__i686.get_pc_thunk.bx 00000004 00000000 00000000 000000d4 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
7 .note.GNU-stack 00000000 00000000 00000000 000000d8 2**0
CONTENTS, READONLY
对于共享库, objdump -h仍然不能显示.shstrtab, .symtab, .strtab三个节, 另外还有
一个区别在于readelf从一个NULL类型的节开始, 而objdump的输出去掉了这个空的节.
[qtl@courier lib]$ readelf -S libfoobar.so
There are 27 section headers, starting at offset 0x8f0:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .gnu.hash GNU_HASH 000000b4 0000b4 000048 04 A 2 0 4
[ 2] .dynsym DYNSYM 000000fc 0000fc 000110 10 A 3 1 4
[ 3] .dynstr STRTAB 0000020c 00020c 0000b3 00 A 0 0 1
[ 4] .gnu.version VERSYM 000002c0 0002c0 000022 02 A 2 0 2
[ 5] .gnu.version_r VERNEED 000002e4 0002e4 000050 00 A 3 2 4
[ 6] .rel.dyn REL 00000334 000334 000030 08 A 2 0 4
[ 7] .rel.plt REL 00000364 000364 000028 08 A 2 9 4
[ 8] .init PROGBITS 0000038c 00038c 000017 00 AX 0 0 4
[ 9] .plt PROGBITS 000003a4 0003a4 000060 04 AX 0 0 4
[10] .text PROGBITS 00000410 000410 0001a4 00 AX 0 0 16
[11] .fini PROGBITS 000005b4 0005b4 00001c 00 AX 0 0 4
[12] .rodata PROGBITS 000005d0 0005d0 00001d 00 A 0 0 1
[13] .eh_frame PROGBITS 000005f0 0005f0 000004 00 A 0 0 4
[14] .ctors PROGBITS 000015f4 0005f4 000008 00 WA 0 0 4
[15] .dtors PROGBITS 000015fc 0005fc 000008 00 WA 0 0 4
[16] .jcr PROGBITS 00001604 000604 000004 00 WA 0 0 4
[17] .data.rel.ro PROGBITS 00001608 000608 000004 00 WA 0 0 4
[18] .dynamic DYNAMIC 0000160c 00060c 0000c8 08 WA 3 0 4
[19] .got PROGBITS 000016d4 0006d4 000010 04 WA 0 0 4
[20] .got.plt PROGBITS 000016e4 0006e4 000020 04 WA 0 0 4
[21] .data PROGBITS 00001704 000704 000004 00 WA 0 0 4
[22] .bss NOBITS 00001708 000708 000010 00 WA 0 0 4
[23] .comment PROGBITS 00000000 000708 000114 00 0 0 1
[24] .shstrtab STRTAB 00000000 00081c 0000d2 00 0 0 1
[25] .symtab SYMTAB 00000000 000d28 0003d0 10 26 45 4
[26] .strtab STRTAB 00000000 0010f8 0001d7 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[qtl@courier lib]$ objdump -h libfoobar.so
libfoobar.so: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 .gnu.hash 00000048 000000b4 000000b4 000000b4 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .dynsym 00000110 000000fc 000000fc 000000fc 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .dynstr 000000b3 0000020c 0000020c 0000020c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .gnu.version 00000022 000002c0 000002c0 000002c0 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .gnu.version_r 00000050 000002e4 000002e4 000002e4 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .rel.dyn 00000030 00000334 00000334 00000334 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .rel.plt 00000028 00000364 00000364 00000364 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .init 00000017 0000038c 0000038c 0000038c 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
8 .plt 00000060 000003a4 000003a4 000003a4 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
9 .text 000001a4 00000410 00000410 00000410 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
10 .fini 0000001c 000005b4 000005b4 000005b4 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .rodata 0000001d 000005d0 000005d0 000005d0 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
12 .eh_frame 00000004 000005f0 000005f0 000005f0 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
13 .ctors 00000008 000015f4 000015f4 000005f4 2**2
CONTENTS, ALLOC, LOAD, DATA
14 .dtors 00000008 000015fc 000015fc 000005fc 2**2
CONTENTS, ALLOC, LOAD, DATA
15 .jcr 00000004 00001604 00001604 00000604 2**2
CONTENTS, ALLOC, LOAD, DATA
16 .data.rel.ro 00000004 00001608 00001608 00000608 2**2
CONTENTS, ALLOC, LOAD, DATA
17 .dynamic 000000c8 0000160c 0000160c 0000060c 2**2
CONTENTS, ALLOC, LOAD, DATA
18 .got 00000010 000016d4 000016d4 000006d4 2**2
CONTENTS, ALLOC, LOAD, DATA
19 .got.plt 00000020 000016e4 000016e4 000006e4 2**2
CONTENTS, ALLOC, LOAD, DATA
20 .data 00000004 00001704 00001704 00000704 2**2
CONTENTS, ALLOC, LOAD, DATA
21 .bss 00000010 00001708 00001708 00000708 2**2
ALLOC
22 .comment 00000114 00000000 00000000 00000708 2**0
CONTENTS, READONLY
5. 显示.dynamic节信息
只readelf -d有对应的功能, objdump没有. 另外需要注意, 看重定位文件不需要动态
链接(加载), 所以没有.dynamic节. 对于共享库文件输出如下:
[qtl@courier lib]$ readelf -d libfoobar.so
Dynamic section at offset 0x60c contains 21 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x38c
0x0000000d (FINI) 0x5b4
0x6ffffef5 (GNU_HASH) 0xb4
0x00000005 (STRTAB) 0x20c
0x00000006 (SYMTAB) 0xfc
0x0000000a (STRSZ) 179 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000003 (PLTGOT) 0x16e4
0x00000002 (PLTRELSZ) 40 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x364
0x00000011 (REL) 0x334
0x00000012 (RELSZ) 48 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x2e4
0x6fffffff (VERNEEDNUM) 2
0x6ffffff0 (VERSYM) 0x2c0
0x6ffffffa (RELCOUNT) 2
0x00000000 (NULL) 0x0
6. 显示程序段信息
第二个readelf支持而objdump没有的功能. 命令参数为readelf -l.
同样, 对于可重定位文件而言没有段. 这一点也可以从ELF头中看到, 命令为readelf -h.
[qtl@courier lib]$ readelf -l libfoobar.so
Elf file type is DYN (Shared object file)
Entry point 0x410
There are 4 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x005f4 0x005f4 R E 0x1000
LOAD 0x0005f4 0x000015f4 0x000015f4 0x00114 0x00124 RW 0x1000
DYNAMIC 0x00060c 0x0000160c 0x0000160c 0x000c8 0x000c8 RW 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00 .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn
.rel.plt .init .plt .text .fini .rodata .eh_frame
01 .ctors .dtors .jcr .data.rel.ro .dynamic .got .got.plt .data .bss
02 .dynamic
03
7. 以字节(HEX或字符)形式dump某节的内容
readelf -x <secname>
objdump -s
后者默认一次dump所有节的内容. 如果只想dump某节的内容, 则用-j <secname>
参数指定. readelf一次只能dump某一节的内容. 两者输出如下:
[qtl@courier lib]$ readelf -x .dynamic libfoobar.so
Hex dump of section '.dynamic':
0x0000160c 0000007b 00000001 00000071 00000001 ....q.......{...
0x0000161c 000005b4 0000000d 0000038c 0000000c ................
0x0000162c 0000020c 00000005 000000b4 6ffffef5 ...o............
0x0000163c 000000b3 0000000a 000000fc 00000006 ................
0x0000164c 000016e4 00000003 00000010 0000000b ................
0x0000165c 00000011 00000014 00000028 00000002 ....(...........
0x0000166c 00000334 00000011 00000364 00000017 ....d.......4...
0x0000167c 00000008 00000013 00000030 00000012 ....0...........
0x0000168c 00000002 6fffffff 000002e4 6ffffffe ...o.......o....
0x0000169c 00000002 6ffffffa 000002c0 6ffffff0 ...o.......o....
0x000016ac 00000000 00000000 00000000 00000000 ................
0x000016bc 00000000 00000000 00000000 00000000 ................
0x000016cc 00000000 00000000 ........
[qtl@courier lib]$ objdump -s -j .dynamic libfoobar.so
libfoobar.so: file format elf32-i386
Contents of section .dynamic:
160c 01000000 71000000 01000000 7b000000 ....q.......{...
161c 0c000000 8c030000 0d000000 b4050000 ................
162c f5feff6f b4000000 05000000 0c020000 ...o............
163c 06000000 fc000000 0a000000 b3000000 ................
164c 0b000000 10000000 03000000 e4160000 ................
165c 02000000 28000000 14000000 11000000 ....(...........
166c 17000000 64030000 11000000 34030000 ....d.......4...
167c 12000000 30000000 13000000 08000000 ....0...........
168c feffff6f e4020000 ffffff6f 02000000 ...o.......o....
169c f0ffff6f c0020000 faffff6f 02000000 ...o.......o....
16ac 00000000 00000000 00000000 00000000 ................
16bc 00000000 00000000 00000000 00000000 ................
16cc 00000000 00000000 ........
8. 查看ELF程序头信息
readelf -h提供完整的信息, objdump -f只提供很少的信息.
9. 查看符号信息
readelf -s
objdump -t
两个命令都提供类似nm的信息. 输出如下:
[qtl@courier lib]$ readelf -s libfoobar.so
Symbol table '.dynsym' contains 17 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
2: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
3: 00000000 38 FUNC GLOBAL DEFAULT UND cos@GLIBC_2.0 (2)
4: 00000000 351 FUNC GLOBAL DEFAULT UND fwrite@GLIBC_2.0 (3)
5: 00000000 36 FUNC GLOBAL DEFAULT UND fprintf@GLIBC_2.0 (3)
6: 00000000 4 OBJECT GLOBAL DEFAULT UND stdout@GLIBC_2.0 (3)
7: 00000000 346 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3
(4)
8: 00000520 92 FUNC GLOBAL DEFAULT 10 bar
9: 000004dc 66 FUNC GLOBAL DEFAULT 10 foo
10: 00001718 0 NOTYPE GLOBAL DEFAULT ABS _end
11: 00001708 0 NOTYPE GLOBAL DEFAULT ABS _edata
12: 0000170c 4 OBJECT GLOBAL DEFAULT 22 foo_var
13: 00001708 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
14: 0000038c 0 FUNC GLOBAL DEFAULT 8 _init
15: 000005b4 0 FUNC GLOBAL DEFAULT 11 _fini
16: 00001710 8 OBJECT GLOBAL DEFAULT 22 bar_var
Symbol table '.symtab' contains 61 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 000000b4 0 SECTION LOCAL DEFAULT 1
2: 000000fc 0 SECTION LOCAL DEFAULT 2
3: 0000020c 0 SECTION LOCAL DEFAULT 3
4: 000002c0 0 SECTION LOCAL DEFAULT 4
5: 000002e4 0 SECTION LOCAL DEFAULT 5
6: 00000334 0 SECTION LOCAL DEFAULT 6
7: 00000364 0 SECTION LOCAL DEFAULT 7
8: 0000038c 0 SECTION LOCAL DEFAULT 8
9: 000003a4 0 SECTION LOCAL DEFAULT 9
10: 00000410 0 SECTION LOCAL DEFAULT 10
11: 000005b4 0 SECTION LOCAL DEFAULT 11
12: 000005d0 0 SECTION LOCAL DEFAULT 12
13: 000005f0 0 SECTION LOCAL DEFAULT 13
14: 000015f4 0 SECTION LOCAL DEFAULT 14
15: 000015fc 0 SECTION LOCAL DEFAULT 15
16: 00001604 0 SECTION LOCAL DEFAULT 16
17: 00001608 0 SECTION LOCAL DEFAULT 17
18: 0000160c 0 SECTION LOCAL DEFAULT 18
19: 000016d4 0 SECTION LOCAL DEFAULT 19
20: 000016e4 0 SECTION LOCAL DEFAULT 20
21: 00001704 0 SECTION LOCAL DEFAULT 21
22: 00001708 0 SECTION LOCAL DEFAULT 22
23: 00000000 0 SECTION LOCAL DEFAULT 23
24: 00000410 0 FUNC LOCAL DEFAULT 10 call_gmon_start
25: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
26: 000015f4 0 OBJECT LOCAL DEFAULT 14 __CTOR_LIST__
27: 000015fc 0 OBJECT LOCAL DEFAULT 15 __DTOR_LIST__
28: 00001604 0 OBJECT LOCAL DEFAULT 16 __JCR_LIST__
29: 00001708 1 OBJECT LOCAL DEFAULT 22 completed.5758
30: 00001704 0 OBJECT LOCAL DEFAULT 21 p.5756
31: 00000440 0 FUNC LOCAL DEFAULT 10 __do_global_dtors_aux
32: 000004a0 0 FUNC LOCAL DEFAULT 10 frame_dummy
33: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
34: 000015f8 0 OBJECT LOCAL DEFAULT 14 __CTOR_END__
35: 00001600 0 OBJECT LOCAL DEFAULT 15 __DTOR_END__
36: 000005f0 0 OBJECT LOCAL DEFAULT 13 __FRAME_END__
37: 00001604 0 OBJECT LOCAL DEFAULT 16 __JCR_END__
38: 00000580 0 FUNC LOCAL DEFAULT 10 __do_global_ctors_aux
39: 00000000 0 FILE LOCAL DEFAULT ABS foo.c
40: 00000000 0 FILE LOCAL DEFAULT ABS bar.c
41: 000016e4 0 OBJECT LOCAL HIDDEN ABS _GLOBAL_OFFSET_TABLE_
42: 00001608 0 OBJECT LOCAL HIDDEN 17 __dso_handle
43: 000004d7 0 FUNC LOCAL HIDDEN 10 __i686.get_pc_thunk.bx
44: 0000160c 0 OBJECT LOCAL HIDDEN ABS _DYNAMIC
45: 00000520 92 FUNC GLOBAL DEFAULT 10 bar
46: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
47: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
48: 000005b4 0 FUNC GLOBAL DEFAULT 11 _fini
49: 0000170c 4 OBJECT GLOBAL DEFAULT 22 foo_var
50: 000004dc 66 FUNC GLOBAL DEFAULT 10 foo
51: 00000000 38 FUNC GLOBAL DEFAULT UND cos@@GLIBC_2.0
52: 00000000 351 FUNC GLOBAL DEFAULT UND fwrite@@GLIBC_2.0
53: 00000000 36 FUNC GLOBAL DEFAULT UND fprintf@@GLIBC_2.0
54: 00001708 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
55: 00001718 0 NOTYPE GLOBAL DEFAULT ABS _end
56: 00000000 4 OBJECT GLOBAL DEFAULT UND stdout@@GLIBC_2.0
57: 00001710 8 OBJECT GLOBAL DEFAULT 22 bar_var
58: 00001708 0 NOTYPE GLOBAL DEFAULT ABS _edata
59: 00000000 346 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1
60: 0000038c 0 FUNC GLOBAL DEFAULT 8 _init
[qtl@courier lib]$ objdump -t libfoobar.so
libfoobar.so: file format elf32-i386
SYMBOL TABLE:
000000b4 l d .gnu.hash 00000000 .gnu.hash
000000fc l d .dynsym 00000000 .dynsym
0000020c l d .dynstr 00000000 .dynstr
000002c0 l d .gnu.version 00000000 .gnu.version
000002e4 l d .gnu.version_r 00000000 .gnu.version_r
00000334 l d .rel.dyn 00000000 .rel.dyn
00000364 l d .rel.plt 00000000 .rel.plt
0000038c l d .init 00000000 .init
000003a4 l d .plt 00000000 .plt
00000410 l d .text 00000000 .text
000005b4 l d .fini 00000000 .fini
000005d0 l d .rodata 00000000 .rodata
000005f0 l d .eh_frame 00000000 .eh_frame
000015f4 l d .ctors 00000000 .ctors
000015fc l d .dtors 00000000 .dtors
00001604 l d .jcr 00000000 .jcr
00001608 l d .data.rel.ro 00000000 .data.rel.ro
0000160c l d .dynamic 00000000 .dynamic
000016d4 l d .got 00000000 .got
000016e4 l d .got.plt 00000000 .got.plt
00001704 l d .data 00000000 .data
00001708 l d .bss 00000000 .bss
00000000 l d .comment 00000000 .comment
00000410 l F .text 00000000 call_gmon_start
00000000 l df *ABS* 00000000 crtstuff.c
000015f4 l O .ctors 00000000 __CTOR_LIST__
000015fc l O .dtors 00000000 __DTOR_LIST__
00001604 l O .jcr 00000000 __JCR_LIST__
00001708 l O .bss 00000001 completed.5758
00001704 l O .data 00000000 p.5756
00000440 l F .text 00000000 __do_global_dtors_aux
000004a0 l F .text 00000000 frame_dummy
00000000 l df *ABS* 00000000 crtstuff.c
000015f8 l O .ctors 00000000 __CTOR_END__
00001600 l O .dtors 00000000 __DTOR_END__
000005f0 l O .eh_frame 00000000 __FRAME_END__
00001604 l O .jcr 00000000 __JCR_END__
00000580 l F .text 00000000 __do_global_ctors_aux
00000000 l df *ABS* 00000000 foo.c
00000000 l df *ABS* 00000000 bar.c
000016e4 l O *ABS* 00000000 .hidden _GLOBAL_OFFSET_TABLE_
00001608 l O .data.rel.ro 00000000 .hidden __dso_handle
000004d7 l F .text 00000000 .hidden __i686.get_pc_thunk.bx
0000160c l O *ABS* 00000000 .hidden _DYNAMIC
00000520 g F .text 0000005c bar
00000000 w *UND* 00000000 __gmon_start__
00000000 w *UND* 00000000 _Jv_RegisterClasses
000005b4 g F .fini 00000000 _fini
0000170c g O .bss 00000004 foo_var
000004dc g F .text 00000042 foo
00000000 F *UND* 00000026 cos@@GLIBC_2.0
00000000 F *UND* 0000015f fwrite@@GLIBC_2.0
00000000 F *UND* 00000024 fprintf@@GLIBC_2.0
00001708 g *ABS* 00000000 __bss_start
00001718 g *ABS* 00000000 _end
00000000 O *UND* 00000004 stdout@@GLIBC_2.0
00001710 g O .bss 00000008 bar_var
00001708 g *ABS* 00000000 _edata
00000000 w F *UND* 0000015a __cxa_finalize@@GLIBC_2.1.3
0000038c g F .init 00000000 _init
注意readelf同时显示了.dynsym的信息, 而objdump实际上只显示了.symtab部分的信息.
如果需要显示动态部分的符号, 使用-T参数. 输出如下:
[qtl@courier lib]$ objdump -T libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC SYMBOL TABLE:
00000000 w D *UND* 00000000 __gmon_start__
00000000 w D *UND* 00000000 _Jv_RegisterClasses
00000000 DF *UND* 00000026 GLIBC_2.0 cos
00000000 DF *UND* 0000015f GLIBC_2.0 fwrite
00000000 DF *UND* 00000024 GLIBC_2.0 fprintf
00000000 DO *UND* 00000004 GLIBC_2.0 stdout
00000000 w DF *UND* 0000015a GLIBC_2.1.3 __cxa_finalize
00000520 g DF .text 0000005c Base bar
000004dc g DF .text 00000042 Base foo
00001718 g D *ABS* 00000000 Base _end
00001708 g D *ABS* 00000000 Base _edata
0000170c g DO .bss 00000004 Base foo_var
00001708 g D *ABS* 00000000 Base __bss_start
0000038c g DF .init 00000000 Base _init
000005b4 g DF .fini 00000000 Base _fini
00001710 g DO .bss 00000008 Base bar_var
对readelf同时使用-D -s参数无效. 对照手册页说明也没弄清楚-D的主要用途,
在这里可能因为-s已经能够都显示了.
10. 一次全部
两个命令都提供了一个参数, 指定多个其他参数的集合一起显示, 但显示内容略有不同.
readelf -a: -h -l -S -r -s -d -n -V
objdump -x: -a -f -h -p -r -t
本文对比了objdump和readelf这两个二进制文件分析工具的功能。objdump借助BFD库支持多种文件格式,而readelf专注于ELF格式,但提供了更详细的信息。文中详细比较了它们在反汇编代码、显示relocation条目等方面的不同。
扫一扫
529
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
