I've been using objdump to look at assembly code in Linux ELF binaries.
我一直在使用objdump查看Linux ELF二进制文件中的汇编代码。
Sometimes there is an indirect jump through a jump table that is stored in the rodata (read-only data) section.
有时会通过存储在rodata(只读数据)部分的跳转表进行间接跳转。
How to get objdump or any other tool to show me the contents of this data section?
如何获得objdump或任何其他工具来显示该数据部分的内容?
I could execute the program and examine the relevant addresses in the debugger, but I don't want to do that because it has to be done interactively.
我可以执行程序并检查调试器中的相关地址,但是我不想这样做,因为它必须交互地执行。
The ideal answer will identify a tool that will not only show me the contents but will let me control the display format, much as od does.
理想的答案是找到一个工具,它不仅可以显示内容,还可以让我像od那样控制显示格式。
3 个解决方案
#1
72
objdump -s -j .rodata exefile
gives a side-by-side hex/printable ASCII dump of the contents of the rodata section like:
给出rodata部分内容的并列的十六进制/可打印的ASCII转储,如:
Contents of section .rodata:
0000 67452301 efcdab89 67452301 efcdab89 gE#.....gE#.....
0010 64636261 68676665 64636261 68676665 dcbahgfedcbahgfe
It doesn't look like there's anything in there to control formatting, but it's a start. You could always undump the hex and feed it to od, I suppose :)
看起来没有任何东西可以控制格式,但这是一个开始。我想,你总可以把十六进制卸给od:
#2
15
readelf -x .rodata hello_world.o
gives:
给:
Hex dump of section '.rodata':
0x00000000 48656c6c 6f20776f 726c6421 0a Hello world!.
You should prefer readelf when possible since objdump simply does not show some sections like .symtab: Why does objdump not show .bss, .shstratab, .symtab and .strtab sections?
如果可能的话,您应该更喜欢readelf,因为objdump并不显示一些部分,比如.symtab:为什么objdump不显示.bss、.shstratab、.symtab和.strtab部分?
You can also extract the raw bytes with the techniques mentioned at: How do you extract only the contents of an ELF section and as mentioned by ysdx.
您还可以使用上面提到的技术来提取原始字节:如何只提取ELF部分的内容,以及如何提取ysdx提到的内容。
#3
7
You can get the RAW (not hexdump-ed) ELF section with:
你可以得到原始的(不是己变的)精灵部分:
# To a file:
objcopy file /dev/null --dump-section .text=text.data
# To stdout:
objcopy file /dev/null --dump-section .text=/dev/stdout | cat
Here I'm using | cat in order to force stdout to be a pipe. /dev/stdout might work unexpectedly if stdout is a file. .text=- does not send to stdout but to the - file.
在这里,我使用| cat来强制stdout成为管道。如果stdout是一个文件,/dev/stdout可能会意外地工作。
However objcopy and objdump have some deficiencies (because they are based on BFD which abstracts different executable formats).
但是objcopy和objdump有一些缺陷(因为它们基于BFD,它抽象了不同的可执行格式)。
Update: I wrote a tool to do this which does not rely on BFD.
更新:我编写了一个不依赖BFD的工具。
#1
72
objdump -s -j .rodata exefile
gives a side-by-side hex/printable ASCII dump of the contents of the rodata section like:
给出rodata部分内容的并列的十六进制/可打印的ASCII转储,如:
Contents of section .rodata:
0000 67452301 efcdab89 67452301 efcdab89 gE#.....gE#.....
0010 64636261 68676665 64636261 68676665 dcbahgfedcbahgfe
It doesn't look like there's anything in there to control formatting, but it's a start. You could always undump the hex and feed it to od, I suppose :)
看起来没有任何东西可以控制格式,但这是一个开始。我想,你总可以把十六进制卸给od:
#2
15
readelf -x .rodata hello_world.o
gives:
给:
Hex dump of section '.rodata':
0x00000000 48656c6c 6f20776f 726c6421 0a Hello world!.
You should prefer readelf when possible since objdump simply does not show some sections like .symtab: Why does objdump not show .bss, .shstratab, .symtab and .strtab sections?
如果可能的话,您应该更喜欢readelf,因为objdump并不显示一些部分,比如.symtab:为什么objdump不显示.bss、.shstratab、.symtab和.strtab部分?
You can also extract the raw bytes with the techniques mentioned at: How do you extract only the contents of an ELF section and as mentioned by ysdx.
您还可以使用上面提到的技术来提取原始字节:如何只提取ELF部分的内容,以及如何提取ysdx提到的内容。
#3
7
You can get the RAW (not hexdump-ed) ELF section with:
你可以得到原始的(不是己变的)精灵部分:
# To a file:
objcopy file /dev/null --dump-section .text=text.data
# To stdout:
objcopy file /dev/null --dump-section .text=/dev/stdout | cat
Here I'm using | cat in order to force stdout to be a pipe. /dev/stdout might work unexpectedly if stdout is a file. .text=- does not send to stdout but to the - file.
在这里,我使用| cat来强制stdout成为管道。如果stdout是一个文件,/dev/stdout可能会意外地工作。
However objcopy and objdump have some deficiencies (because they are based on BFD which abstracts different executable formats).
但是objcopy和objdump有一些缺陷(因为它们基于BFD,它抽象了不同的可执行格式)。
Update: I wrote a tool to do this which does not rely on BFD.
更新:我编写了一个不依赖BFD的工具。