1. 源代码 b.c
int printf( const char* format, ...);
int global_int_var = 84;
int global_uinit_var;
void func1( int i) {
printf("%d\n",i);
}
int main(void) {
static int static_var = 85;
static int static_var2;
int a = 1;
int b;
func1 (static_var + static_var2 + a + b);
return a;
}
2. 编译 gcc -c b.c
3. ELF
suse:/jingsheng # readelf -S b.o
There are 12 section headers, starting at offset 0x140:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 00000000 000034 000050 00 AX 0 0 4
[ 2] .rel.text REL 00000000 000478 000028 08 10 1 4
[ 3] .data PROGBITS 00000000 000084 000008 00 WA 0 0 4
[ 4] .bss NOBITS 00000000 00008c 000004 00 WA 0 0 4
[ 5] .rodata PROGBITS 00000000 00008c 000004 00 A 0 0 1
[ 6] .comment PROGBITS 00000000 000090 000043 01 MS 0 0 1
[ 7] .comment.SUSE.OPT PROGBITS 00000000 0000d3 000006 01 MS 0 0 1
[ 8] .note.GNU-stack PROGBITS 00000000 0000d9 000000 00 0 0 1
[ 9] .shstrtab STRTAB 00000000 0000d9 000064 00 0 0 1
[10] .symtab SYMTAB 00000000 000320 000100 10 11 11 4
[11] .strtab STRTAB 00000000 000420 000058 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
suse:/jingsheng # objdump -s -d -h b.o
b.o: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00000050 00000000 00000000 00000034 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .data 00000008 00000000 00000000 00000084 2**2
CONTENTS, ALLOC, LOAD, DATA
2 .bss 00000004 00000000 00000000 0000008c 2**2
ALLOC
3 .rodata 00000004 00000000 00000000 0000008c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .comment 00000043 00000000 00000000 00000090 2**0
CONTENTS, READONLY
5 .comment.SUSE.OPTs 00000006 00000000 00000000 000000d3 2**0
CONTENTS, READONLY
6 .note.GNU-stack 00000000 00000000 00000000 000000d9 2**0
CONTENTS, READONLY
Contents of section .text:
0000 5589e583 ec188b45 08894424 04c70424 U......E..D$...$
0010 00000000 e8fcffff ffc9c355 89e583e4 ...........U....
0020 f083ec20 c744241c 01000000 8b150400 ... .D$.........
0030 0000a100 0000008d 04020344 241c0344 ...........D$..D
0040 24188904 24e8fcff ffff8b44 241cc9c3 $...$......D$...
Contents of section .data:
0000 54000000 55000000 T...U...
Contents of section .rodata:
0000 25640a00 %d..
Contents of section .comment:
0000 00474343 3a202853 55534520 4c696e75 .GCC: (SUSE Linu
0010 78292034 2e352e30 20323031 30303630 x) 4.5.0 2010060
0020 34205b67 63632d34 5f352d62 72616e63 4 [gcc-4_5-branc
0030 68207265 76697369 6f6e2031 36303239 h revision 16029
0040 325d00 2].
Contents of section .comment.SUSE.OPTs:
0000 6f737077 6700 ospwg.
Disassembly of section .text:
00000000 <func1>:
0: 55 push %ebp
1: 89 e5 mov %esp,%ebp
3: 83 ec 18 sub $0x18,%esp
6: 8b 45 08 mov 0x8(%ebp),%eax
9: 89 44 24 04 mov %eax,0x4(%esp)
d: c7 04 24 00 00 00 00 movl $0x0,(%esp)
14: e8 fc ff ff ff call 15 <func1+0x15>
19: c9 leave
1a: c3 ret
0000001b <main>:
1b: 55 push %ebp
1c: 89 e5 mov %esp,%ebp
1e: 83 e4 f0 and $0xfffffff0,%esp
21: 83 ec 20 sub $0x20,%esp
24: c7 44 24 1c 01 00 00 movl $0x1,0x1c(%esp)
2b: 00
2c: 8b 15 04 00 00 00 mov 0x4,%edx
32: a1 00 00 00 00 mov 0x0,%eax
37: 8d 04 02 lea (%edx,%eax,1),%eax
3a: 03 44 24 1c add 0x1c(%esp),%eax
3e: 03 44 24 18 add 0x18(%esp),%eax
42: 89 04 24 mov %eax,(%esp)
45: e8 fc ff ff ff call 46 <main+0x2b>s
4a: 8b 44 24 1c mov 0x1c(%esp),%eax
4e: c9 leave
4f: c3 ret
suse:/jingsheng # hexdump -C b.o
00000000 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 |.ELF............|
00000010 01 00 03 00 01 00 00 00 00 00 00 00 00 00 00 00 |................|
00000020 40 01 00 00 00 00 00 00 34 00 00 00 00 00 28 00 |@.......4.....(.|
00000030 0c 00 09 00 55 89 e5 83 ec 18 8b 45 08 89 44 24 |....U......E..D$| .text
00000040 04 c7 04 24 00 00 00 00 e8 fc ff ff ff c9 c3 55 |...$...........U|
00000050 89 e5 83 e4 f0 83 ec 20 c7 44 24 1c 01 00 00 00 |....... .D$.....|
00000060 8b 15 04 00 00 00 a1 00 00 00 00 8d 04 02 03 44 |...............D|
00000070 24 1c 03 44 24 18 89 04 24 e8 fc ff ff ff 8b 44 |$..D$...$......D|
00000080 24 1c c9 c3 54 00 00 00 55 00 00 00 25 64 0a 00 |$...T...U...%d..| .data .bss .rodata
00000090 00 47 43 43 3a 20 28 53 55 53 45 20 4c 69 6e 75 |.GCC: (SUSE Linu| .comment
000000a0 78 29 20 34 2e 35 2e 30 20 32 30 31 30 30 36 30 |x) 4.5.0 2010060|
000000b0 34 20 5b 67 63 63 2d 34 5f 35 2d 62 72 61 6e 63 |4 [gcc-4_5-branc|
000000c0 68 20 72 65 76 69 73 69 6f 6e 20 31 36 30 32 39 |h revision 16029|
000000d0 32 5d 00 6f 73 70 77 67 00 00 2e 73 79 6d 74 61 |2].ospwg...symta| .comment.SUSE.OPTs .note.GNU-stack .shstrtab
000000e0 62 00 2e 73 74 72 74 61 62 00 2e 73 68 73 74 72 |b..strtab..shstr|
000000f0 74 61 62 00 2e 72 65 6c 2e 74 65 78 74 00 2e 64 |tab..rel.text..d|
00000100 61 74 61 00 2e 62 73 73 00 2e 72 6f 64 61 74 61 |ata..bss..rodata|
00000110 00 2e 63 6f 6d 6d 65 6e 74 00 2e 63 6f 6d 6d 65 |..comment..comme|
00000120 6e 74 2e 53 55 53 45 2e 4f 50 54 73 00 2e 6e 6f |nt.SUSE.OPTs..no|
00000130 74 65 2e 47 4e 55 2d 73 74 61 63 6b 00 00 00 00 |te.GNU-stack....|
00000140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| // Section table
*
00000160 00 00 00 00 00 00 00 00 1f 00 00 00 01 00 00 00 |................|
00000170 06 00 00 00 00 00 00 00 34 00 00 00 50 00 00 00 |........4...P...|
00000180 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
00000190 1b 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 |................|
000001a0 78 04 00 00 28 00 00 00 0a 00 00 00 01 00 00 00 |x...(...........|
000001b0 04 00 00 00 08 00 00 00 25 00 00 00 01 00 00 00 |........%.......|
000001c0 03 00 00 00 00 00 00 00 84 00 00 00 08 00 00 00 |................|
000001d0 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 |................|
000001e0 2b 00 00 00 08 00 00 00 03 00 00 00 00 00 00 00 |+...............|
000001f0 8c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 |................|
00000200 04 00 00 00 00 00 00 00 30 00 00 00 01 00 00 00 |........0.......|
00000210 02 00 00 00 00 00 00 00 8c 00 00 00 04 00 00 00 |................|
00000220 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000230 38 00 00 00 01 00 00 00 30 00 00 00 00 00 00 00 |8.......0.......|
00000240 90 00 00 00 43 00 00 00 00 00 00 00 00 00 00 00 |....C...........|
00000250 01 00 00 00 01 00 00 00 41 00 00 00 01 00 00 00 |........A.......|
00000260 30 00 00 00 00 00 00 00 d3 00 00 00 06 00 00 00 |0...............|
00000270 00 00 00 00 00 00 00 00 01 00 00 00 01 00 00 00 |................|
00000280 54 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 |T...............|
00000290 d9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
000002a0 01 00 00 00 00 00 00 00 11 00 00 00 03 00 00 00 |................|
000002b0 00 00 00 00 00 00 00 00 d9 00 00 00 64 00 00 00 |............d...|
000002c0 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
000002d0 01 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 |................|
000002e0 20 03 00 00 00 01 00 00 0b 00 00 00 0b 00 00 00 | ...............|
000002f0 04 00 00 00 10 00 00 00 09 00 00 00 03 00 00 00 |................|
00000300 00 00 00 00 00 00 00 00 20 04 00 00 58 00 00 00 |........ ...X...|
00000310 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 |................|
00000320 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| .symtab
00000330 01 00 00 00 00 00 00 00 00 00 00 00 04 00 f1 ff |................|
00000340 00 00 00 00 00 00 00 00 00 00 00 00 03 00 01 00 |................|
00000350 00 00 00 00 00 00 00 00 00 00 00 00 03 00 03 00 |................|
00000360 00 00 00 00 00 00 00 00 00 00 00 00 03 00 04 00 |................|
00000370 00 00 00 00 00 00 00 00 00 00 00 00 03 00 05 00 |................|
00000380 05 00 00 00 04 00 00 00 04 00 00 00 01 00 03 00 |................|
00000390 15 00 00 00 00 00 00 00 04 00 00 00 01 00 04 00 |................|
000003a0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 07 00 |................|
000003b0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 08 00 |................|
000003c0 00 00 00 00 00 00 00 00 00 00 00 00 03 00 06 00 |................|
000003d0 26 00 00 00 00 00 00 00 04 00 00 00 11 00 03 00 |&...............|
000003e0 35 00 00 00 04 00 00 00 04 00 00 00 11 00 f2 ff |5...............|
000003f0 46 00 00 00 00 00 00 00 1b 00 00 00 12 00 01 00 |F...............|
00000400 4c 00 00 00 00 00 00 00 00 00 00 00 10 00 00 00 |L...............|
00000410 53 00 00 00 1b 00 00 00 35 00 00 00 12 00 01 00 |S.......5.......|
00000420 00 62 2e 63 00 73 74 61 74 69 63 5f 76 61 72 2e |.b.c.static_var.| .strtab
00000430 31 32 32 32 00 73 74 61 74 69 63 5f 76 61 72 32 |1222.static_var2|
00000440 2e 31 32 32 33 00 67 6c 6f 62 61 6c 5f 69 6e 74 |.1223.global_int|
00000450 5f 76 61 72 00 67 6c 6f 62 61 6c 5f 75 69 6e 69 |_var.global_uini|
00000460 74 5f 76 61 72 00 66 75 6e 63 31 00 70 72 69 6e |t_var.func1.prin|
00000470 74 66 00 6d 61 69 6e 00 10 00 00 00 01 05 00 00 |tf.main.........| .rel.text
00000480 15 00 00 00 02 0e 00 00 2e 00 00 00 01 03 00 00 |................|
00000490 33 00 00 00 01 04 00 00 46 00 00 00 02 0d 00 00 |3.......F.......|
000004a0
4. 命令行
readelf 可以打印出各种段信息, 但是不能反编译, objdump可以
readelf --debug-dump=info b.o
readelf -h b.o 查看header
readelf -S b.o 查看Section tables
readelf -s b.o 查看.symtab
readelf -r b.o 查看.rel.txt