objdump是个gcc的工具,用于解析二进制目标文件。
具体的用法可以man objdump查看。
下面简单介绍几个常用的用法,以kernel ko文件为例:
-d 反汇编
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
20: d65f03c0 ret
-ld 反汇编时显示文件名跟行号
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
get_test_case_str():
/home/wangdeyou/msm/msm8976SG/LA.BR.1.3.5-0510/kernel/drivers/mmc/card/mmc_block_test.c:557
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
-S 尽可能反汇编出源代码
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
* This is a specific implementation for the get_test_case_str_fn function
* pointer in the test_info data structure. Given a valid test_data instance,
* the function returns a string resembling the test name, based on the testcase
*/
static char *get_test_case_str(int testcase)
{
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
case TEST_NEW_REQ_NOTIFICATION:
return "\"new request notification test\"";
}
return "Unknown testcase";
}
-s 显示指定section的完整内容,默认显示所有非空section的内容
objdump -s .text mmc_block_test.ko
mmc_block_test.ko: file format elf64-littleaarch64
Contents of section .text:
0000 1fbc0071 a8000054 01000090 21000091 ...q...T....!...
0010 205860f8 03000014 00000090 00000091 X`.............
0020 c0035fd6 004441f9 206400f9 00000090 .._..DA. d......
0030 21008052 01000039 00008052 c0035fd6 !..R...9...R.._.
0040 fd7bbca9 fd030091 f55b02a9 358006d1 .{.......[..5...
0050 f71b00f9 f35301a9 f60301aa a10240f9 .....S........@.
0060 331c40f9 610e40f9 210440f9 34ac40f9 3.@.a.@.!.@.4.@.
0070 930000b4 735e42f9 130200b5 08000014 ....s^B.........
0080 01000090 00000090 21000091 00000091 ........!.......
0090 21000691 00000094 b0000014 000040f9 !.............@.
00a0 022c40f9 420000b5 020c40f9 00000090 .,@.B.....@.....
00b0 00000091 0a000014 610240f9 37644e39 ........a.@.7dN9
-j name 或者--section=name 仅仅显示指定名称为name的section的信息
这两个选项要跟-s或-S一起使用
objdump --section=.text -S mmc_block_test.ko
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
* This is a specific implementation for the get_test_case_str_fn function
* pointer in the test_info data structure. Given a valid test_data instance,
* the function returns a string resembling the test name, based on the testcase
*/
static char *get_test_case_str(int testcase)
{
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
case TEST_NEW_REQ_NOTIFICATION:
return "\"new request notification test\"";
}
return "Unknown testcase";
}
20: d65f03c0 ret
0000000000000024 <test_open>:
}
-t 显示文件的符号表入口
mmc_block_test.ko: file format elf64-littleaarch64
SYMBOL TABLE:
0000000000000000 l d .text 0000000000000000 .text
0000000000000000 l d .init.text 0000000000000000 .init.text
0000000000000000 l d .exit.text 0000000000000000 .exit.text
0000000000000000 l d .rodata 0000000000000000 .rodata
0000000000000000 l d .rodata.str 0000000000000000 .rodata.str
0000000000000000 l d __bug_table 0000000000000000 __bug_table
0000000000000000 l d .modinfo 0000000000000000 .modinfo
0000000000000000 l d .rodata.str1.1 0000000000000000 .rodata.str1.1
0000000000000000 l d __versions 0000000000000000 __versions
0000000000000000 l d .data 0000000000000000 .data
0000000000000000 l d .gnu.linkonce.this_module 0000000000000000 .gnu.linkonce.this_module
0000000000000000 l d .note.gnu.build-id 0000000000000000 .note.gnu.build-id
0000000000000000 l d .bss 0000000000000000 .bss
0000000000000000 l d .debug_info 0000000000000000 .debug_info
0000000000000000 l d .debug_abbrev 0000000000000000 .debug_abbrev
0000000000000000 l d .debug_loc 0000000000000000 .debug_loc
0000000000000000 l d .debug_aranges 0000000000000000 .debug_aranges
0000000000000000 l d .debug_ranges 0000000000000000 .debug_ranges
-h 显示目标文件各个段的头部摘要信息:
mmc_block_test.ko: file format elf64-littleaarch64
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00003ad4 0000000000000000 0000000000000000 00000040 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .init.text 00000068 0000000000000000 0000000000000000 00003b14 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
2 .exit.text 00000030 0000000000000000 0000000000000000 00003b7c 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
3 .rodata 00000c78 0000000000000000 0000000000000000 00003bb0 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
4 .rodata.str 000001b8 0000000000000000 0000000000000000 00004828 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 __bug_table 00000078 0000000000000000 0000000000000000 000049e0 2**0
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
6 .modinfo 00000090 0000000000000000 0000000000000000 00004a58 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .rodata.str1.1 00002861 0000000000000000 0000000000000000 00004ae8 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 __versions 00000a80 0000000000000000 0000000000000000 00007350 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .data 00000000 00000
具体的用法可以man objdump查看。
下面简单介绍几个常用的用法,以kernel ko文件为例:
-d 反汇编
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
20: d65f03c0 ret
-ld 反汇编时显示文件名跟行号
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
get_test_case_str():
/home/wangdeyou/msm/msm8976SG/LA.BR.1.3.5-0510/kernel/drivers/mmc/card/mmc_block_test.c:557
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
-S 尽可能反汇编出源代码
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
* This is a specific implementation for the get_test_case_str_fn function
* pointer in the test_info data structure. Given a valid test_data instance,
* the function returns a string resembling the test name, based on the testcase
*/
static char *get_test_case_str(int testcase)
{
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
case TEST_NEW_REQ_NOTIFICATION:
return "\"new request notification test\"";
}
return "Unknown testcase";
}
-s 显示指定section的完整内容,默认显示所有非空section的内容
objdump -s .text mmc_block_test.ko
mmc_block_test.ko: file format elf64-littleaarch64
Contents of section .text:
0000 1fbc0071 a8000054 01000090 21000091 ...q...T....!...
0010 205860f8 03000014 00000090 00000091 X`.............
0020 c0035fd6 004441f9 206400f9 00000090 .._..DA. d......
0030 21008052 01000039 00008052 c0035fd6 !..R...9...R.._.
0040 fd7bbca9 fd030091 f55b02a9 358006d1 .{.......[..5...
0050 f71b00f9 f35301a9 f60301aa a10240f9 .....S........@.
0060 331c40f9 610e40f9 210440f9 34ac40f9 3.@.a.@.!.@.4.@.
0070 930000b4 735e42f9 130200b5 08000014 ....s^B.........
0080 01000090 00000090 21000091 00000091 ........!.......
0090 21000691 00000094 b0000014 000040f9 !.............@.
00a0 022c40f9 420000b5 020c40f9 00000090 .,@.B.....@.....
00b0 00000091 0a000014 610240f9 37644e39 ........a.@.7dN9
-j name 或者--section=name 仅仅显示指定名称为name的section的信息
这两个选项要跟-s或-S一起使用
objdump --section=.text -S mmc_block_test.ko
mmc_block_test.ko: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <get_test_case_str>:
* This is a specific implementation for the get_test_case_str_fn function
* pointer in the test_info data structure. Given a valid test_data instance,
* the function returns a string resembling the test name, based on the testcase
*/
static char *get_test_case_str(int testcase)
{
0: 7100bc1f cmp w0, #0x2f
4: 540000a8 b.hi 18 <get_test_case_str+0x18>
8: 90000001 adrp x1, 0 <get_test_case_str>
c: 91000021 add x1, x1, #0x0
10: f8605820 ldr x0, [x1,w0,uxtw #3]
14: 14000003 b 20 <get_test_case_str+0x20>
18: 90000000 adrp x0, 0 <get_test_case_str>
1c: 91000000 add x0, x0, #0x0
case TEST_NEW_REQ_NOTIFICATION:
return "\"new request notification test\"";
}
return "Unknown testcase";
}
20: d65f03c0 ret
0000000000000024 <test_open>:
}
-t 显示文件的符号表入口
mmc_block_test.ko: file format elf64-littleaarch64
SYMBOL TABLE:
0000000000000000 l d .text 0000000000000000 .text
0000000000000000 l d .init.text 0000000000000000 .init.text
0000000000000000 l d .exit.text 0000000000000000 .exit.text
0000000000000000 l d .rodata 0000000000000000 .rodata
0000000000000000 l d .rodata.str 0000000000000000 .rodata.str
0000000000000000 l d __bug_table 0000000000000000 __bug_table
0000000000000000 l d .modinfo 0000000000000000 .modinfo
0000000000000000 l d .rodata.str1.1 0000000000000000 .rodata.str1.1
0000000000000000 l d __versions 0000000000000000 __versions
0000000000000000 l d .data 0000000000000000 .data
0000000000000000 l d .gnu.linkonce.this_module 0000000000000000 .gnu.linkonce.this_module
0000000000000000 l d .note.gnu.build-id 0000000000000000 .note.gnu.build-id
0000000000000000 l d .bss 0000000000000000 .bss
0000000000000000 l d .debug_info 0000000000000000 .debug_info
0000000000000000 l d .debug_abbrev 0000000000000000 .debug_abbrev
0000000000000000 l d .debug_loc 0000000000000000 .debug_loc
0000000000000000 l d .debug_aranges 0000000000000000 .debug_aranges
0000000000000000 l d .debug_ranges 0000000000000000 .debug_ranges
-h 显示目标文件各个段的头部摘要信息:
mmc_block_test.ko: file format elf64-littleaarch64
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 00003ad4 0000000000000000 0000000000000000 00000040 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .init.text 00000068 0000000000000000 0000000000000000 00003b14 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
2 .exit.text 00000030 0000000000000000 0000000000000000 00003b7c 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
3 .rodata 00000c78 0000000000000000 0000000000000000 00003bb0 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
4 .rodata.str 000001b8 0000000000000000 0000000000000000 00004828 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 __bug_table 00000078 0000000000000000 0000000000000000 000049e0 2**0
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
6 .modinfo 00000090 0000000000000000 0000000000000000 00004a58 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .rodata.str1.1 00002861 0000000000000000 0000000000000000 00004ae8 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 __versions 00000a80 0000000000000000 0000000000000000 00007350 2**3
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .data 00000000 00000