4.objdump,信息查看器
生成程序文件中的段信息。以上面的程序为例。
--------------------------------------------------------------
4.1 objdump -h main > main_h 生成main可执行文件的段信息。
main: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 00000013 08048154 08048154 00000154 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.ABI-tag 00000020 08048168 08048168 00000168 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 08048188 08048188 00000188 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .gnu.hash 00000020 080481ac 080481ac 000001ac 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .dynsym 00000050 080481cc 080481cc 000001cc 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynstr 0000004a 0804821c 0804821c 0000021c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .gnu.version 0000000a 08048266 08048266 00000266 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version_r 00000020 08048270 08048270 00000270 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .rel.dyn 00000008 08048290 08048290 00000290 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rel.plt 00000018 08048298 08048298 00000298 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .init 0000002e 080482b0 080482b0 000002b0 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .plt 00000040 080482e0 080482e0 000002e0 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .text 0000019c 08048320 08048320 00000320 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .fini 0000001a 080484bc 080484bc 000004bc 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .rodata 00000008 080484d8 080484d8 000004d8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
15 .eh_frame_hdr 0000003c 080484e0 080484e0 000004e0 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
16 .eh_frame 000000e4 0804851c 0804851c 0000051c 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
17 .ctors 00000008 08049f14 08049f14 00000f14 2**2
CONTENTS, ALLOC, LOAD, DATA
18 .dtors 00000008 08049f1c 08049f1c 00000f1c 2**2
CONTENTS, ALLOC, LOAD, DATA
19 .jcr 00000004 08049f24 08049f24 00000f24 2**2
CONTENTS, ALLOC, LOAD, DATA
20 .dynamic 000000c8 08049f28 08049f28 00000f28 2**2
CONTENTS, ALLOC, LOAD, DATA
21 .got 00000004 08049ff0 08049ff0 00000ff0 2**2
CONTENTS, ALLOC, LOAD, DATA
22 .got.plt 00000018 08049ff4 08049ff4 00000ff4 2**2
23 .data 00000018 0804a00c 0804a00c 0000100c 2**2
注意: 这里不一样 CONTENTS, ALLOC, LOAD, DATA
24 .bss 00000018 0804a024 0804a024 00001024 2**2
ALLOC
25 .comment 0000002a 00000000 00000000 00001024 2**0
CONTENTS, READONLY
26 .debug_aranges 00000020 00000000 00000000 0000104e 2**0
CONTENTS, READONLY, DEBUGGING
27 .debug_info 00000166 00000000 00000000 0000106e 2**0
CONTENTS, READONLY, DEBUGGING
28 .debug_abbrev 00000085 00000000 00000000 000011d4 2**0
CONTENTS, READONLY, DEBUGGING
29 .debug_line 0000003e 00000000 00000000 00001259 2**0
CONTENTS, READONLY, DEBUGGING
30 .debug_str 000000d6 00000000 00000000 00001297 2**0
CONTENTS, READONLY, DEBUGGING
31 .debug_loc 00000070 00000000 00000000 0000136d 2**0
CONTENTS, READONLY, DEBUGGING
------------------
分析:
从objdump的输出信息可以看出每一个段的大小,以及当程序运行时各个
段在内存中的开始地址。
段地址VMA(Virtual Memeory Address,虚拟内存地址);
LMA(Load Memory Address,加载内存地址);
VMA是指在内存单元使能的情况下,段在程序运行时的开始地址;
LMA是指程序被加载时段在内存中的存放首地址。
File off 指明每一个段在程序文件中的存储位置(这里是main可执行文件),
对于引导加载器来说,当加载程序时,就是要通过“File off”信息,从文件
中读出相应段的内容,然后将一个内容写到段所指定的VMA处。
Algn 指示了每一个段的边界对齐字节数是多少。
------------------------
.debug_开头的是调试信息,采用统一的编码格式:DWARF
objdump 可以通过-W参数查看程序文件的DWARF信息。
------------------------------------------
4.2 objdump -W main > main_DWARF
<0><b>: Abbrev Number: 1 (DW_TAG_compile_unit)
<c> DW_AT_producer : (indirect string, offset: 0x2c): GNU C 4.6.3
<10> DW_AT_language : 1 (ANSI C)
<11> DW_AT_name : (indirect string, offset: 0x46): main.c
<15> DW_AT_comp_dir : (indirect string, offset: 0x4d): /home/null/c-test
<19> DW_AT_low_pc : 0x80483d4
<1d> DW_AT_high_pc : 0x804840c
<21> DW_AT_stmt_list : 0x0
.........
<1><72>: Abbrev Number: 4 (DW_TAG_subprogram)
<73> DW_AT_external : 1
<74> DW_AT_name : foo
<78> DW_AT_decl_file : 1
<15> DW_AT_comp_dir : (indirect string, offset: 0x4d): /home/null/c-test
<19> DW_AT_low_pc : 0x80483d4
<1d> DW_AT_high_pc : 0x804840c
<21> DW_AT_stmt_list : 0x0
-------------------------
可以看出调试信息中纪录了源程序所在的路径、函数在内存中的起始地址(DW_AT_low_pc和
DW_AT_high_pc)。
-------------------------------------------
4.3 采用-d选项可以显示程序文件的汇编代码。
objdump -d main > main.dis
main: file format elf32-i386
......
080483d4 <foo>:
80483d4: 55 push %ebp
80483d5: 89 e5 mov %esp,%ebp
80483d7: 83 ec 28 sub $0x28,%esp
80483da: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%ebp)
80483e1: c7 04 24 00 00 00 00 movl $0x0,(%esp)
80483e8: e8 03 ff ff ff call 80482f0 <time@plt>
80483ed: c9 leave 80483ee: c3 ret
080483ef <main>:
80483ef: 55 push %ebp
80483f0: 89 e5 mov %esp,%ebp
80483f2: 83 e4 f0 and $0xfffffff0,%esp
80483f5: 83 ec 10 sub $0x10,%esp
80483f8: c7 44 24 0c 01 00 00 movl $0x1,0xc(%esp) 80483ff: 00
8048400: e8 cf ff ff ff call 80483d4 <foo>
8048405: b8 00 00 00 00 mov $0x0,%eax
804840a: c9 leave
804840b: c3 ret
804840c: 90 nop
804840d: 90 nop
804840e: 90 nop 804840f: 90 nop
......
-----------------------------------
4.4 加上-S可以显示反汇编时同时显示汇编代码所对应的C/C++源程序
080483d4 <foo>:
static int static_global1;
static int static_global2 = 1;
void foo()
{
80483d4: 55 push %ebp
80483d5: 89 e5 mov %esp,%ebp
80483d7: 83 ec 28 sub $0x28,%esp
int internal1;
int internal2 = 1;
80483da: c7 45 f4 01 00 00 00 movl $0x1,-0xc(%ebp)
static int static_internal1;
static int static_internal2 = 1;
time(0);
80483e1: c7 04 24 00 00 00 00 movl $0x0,(%esp)
80483e8: e8 03 ff ff ff call 80482f0 <time@plt>
}
80483ed: c9 leave
80483ee: c3 ret
080483ef <main>:
int main(void)
{
80483ef: 55 push %ebp
80483f0: 89 e5 mov %esp,%ebp
80483f2: 83 e4 f0 and $0xfffffff0,%esp
80483f5: 83 ec 10 sub $0x10,%esp
int local1;
int local2 = 1;
80483f8: c7 44 24 0c 01 00 00 movl $0x1,0xc(%esp)
80483ff: 00
static int static_local1;
static int static_local2 =1;
foo();
8048400: e8 cf ff ff ff call 80483d4 <foo>
return 0;
8048405: b8 00 00 00 00 mov $0x0,%eax
}
-----------------------------------
4.5 objdump -f main > main.dis //-f 显示程序文件的头信息。
------------------------
main: file format elf32-i386
architecture: i386, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x08048320 //程序入口地址
------------------------
4.6 objdump -s -j .data main > main_data.dis //查看.data段的内容
------------------------
main: file format elf32-i386
Contents of section .data:
804a00c 00000000 00000000 01000000 01000000 ................
804a01c 01000000 01000000 ........
--------------------------------------------------------------
5.ranlib,库索引生成器
当文件增加索引后,对起内文件的提取速度更快。
--------------------------------------------------------------
例如:
ranlib libmy.a
-------------------------------------------
可以用nm加-s参数来查看档案文件中的索引信息。
nm -s libmy.a
Archive index:
foo in foo.o
main in main.o
foo.o:
00000000 T foo
U puts
main.o:
U foo
00000000 T main
--------------------------------------------------------------
6.size,段大小观察器
size工具被用于查看程序文件中各段的大小。
--------------------------------------------------------------
size main
text data bss dec hex filename
1181 256 8 1445 5a5 main
---------------------------
size -A main //
main :
section size addr
.interp 19 134512980
.note.ABI-tag 32 134513000
.note.gnu.build-id 36 134513032
.gnu.hash 32 134513068
.dynsym 80 134513100
.dynstr 74 134513180
.gnu.version 10 134513254
.gnu.version_r 32 134513264
.rel.dyn 8 134513296
.rel.plt 24 134513304
.init 46 134513328
.plt 64 134513376
.text 396 134513440
.fini 26 134513836
.rodata 14 134513864
.eh_frame_hdr 60 134513880
.eh_frame 228 134513940
.ctors 8 134520596
.dtors 8 134520604
.jcr 4 134520612
.dynamic 200 134520616
.got 4 134520816
.got.plt 24 134520820
.data 8 134520844
.bss 8 134520852
.comment 42 0
Total 1487
--------------------------------------------------------------
7.strip,程序文件瘦身器
strip 用于去除程序文件中的调试信息以便减小程序文件的大小。他的功能
与objdump 带--strip-debug参数时的功能是一样的。
binutils工具集2
最新推荐文章于 2024-05-27 19:41:20 发布