一、首先看一下几个常用参数的基本含义:
objdump命令是Linux下的反汇编目标文件或者可执行文件的命令,它还有其他作用,下面以ELF格式可执行文件test为例详细介绍:
1、objdump -f test 显示test的文件头信息
2、objdump -d test 反汇编test中的需要执行指令的那些section
3、objdump -D test 与-d类似,但反汇编test中的所有section
4、objdump -h test 显示test的Section Header信息
5、objdump -x test 显示test的全部Header信息
6、objdump -s test 除了显示test的全部Header信息,还显示他们对应的十六进制文件代码
二、接着看一段程序:
int printf(const char* fromat,...); int global_init_var=84; int global_uninit_var; void func1(int i) { printf("%d ,i"); } int main() { static int static_var=85; static int static_var2; int a=1; int b; func1(static_var+static_var2+a+b); return a; }
一、gcc -c SimpleSection.o
1、利用objdump -h命令将SimpleSection.o这个ELF文件的各个段基本信息打印出来,如下:
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 0000004f 0000000000000000 0000000000000000 00000040 2**0
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .data 00000008 0000000000000000 0000000000000000 00000090 2**2
CONTENTS, ALLOC, LOAD, DATA
2 .bss 00000004 0000000000000000 0000000000000000 00000098 2**2
ALLOC
3 .rodata 00000006 0000000000000000 0000000000000000 00000098 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .comment 0000002e 0000000000000000 0000000000000000 0000009e 2**0
CONTENTS, READONLY
5 .note.GNU-stack 00000000 0000000000000000 0000000000000000 000000cc 2**0
CONTENTS, READONLY
6 .eh_frame 00000058 0000000000000000 0000000000000000 000000d0 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
Idx Name Size VMA LMA File off Algn
0 .text 0000004f 0000000000000000 0000000000000000 00000040 2**0
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .data 00000008 0000000000000000 0000000000000000 00000090 2**2
CONTENTS, ALLOC, LOAD, DATA
2 .bss 00000004 0000000000000000 0000000000000000 00000098 2**2
ALLOC
3 .rodata 00000006 0000000000000000 0000000000000000 00000098 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .comment 0000002e 0000000000000000 0000000000000000 0000009e 2**0
CONTENTS, READONLY
5 .note.GNU-stack 00000000 0000000000000000 0000000000000000 000000cc 2**0
CONTENTS, READONLY
6 .eh_frame 00000058 0000000000000000 0000000000000000 000000d0 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
除了基本的代码段、数据段(初始化的全局变量与局部静态变量)、BSS段(未初始化的全局变量和未初始化的局部静态变量)之外,还有之都数据段(.rodata),注释信息段(.comment),堆栈提示段(.note.GNU-stack),调试信息段(.eh_frame)。
其中Size表示该段的大小, File off表示段所在位置(距离ELF Header 00000000)的偏移。 CONTENTS, ALLOC等表示各段的属性。CONTENTS表示该段在文件中存在,BSS段
其实在ELF中不存在内容。
2、利用objdump -x可以查看更多更详细的信息:(但是最详细的信息可以参见 readelf -a 命令)
SimpleSection.o: file format elf64-x86-64 SimpleSection.o architecture: i386:x86-64, flags 0x00000011: HAS_RELOC, HAS_SYMS start address 0x0000000000000000 Sections: Idx Name Size VMA LMA File off Algn 0 .text 00000054 0000000000000000 0000000000000000 00000040 2**0 CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE 1 .data 00000008 0000000000000000 0000000000000000 00000094 2**2 CONTENTS, ALLOC, LOAD, DATA 2 .bss 00000004 0000000000000000 0000000000000000 0000009c 2**2 ALLOC 3 .rodata 00000004 0000000000000000 0000000000000000 0000009c 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .comment 0000002e 0000000000000000 0000000000000000 000000a0 2**0 CONTENTS, READONLY 5 .note.GNU-stack 00000000 0000000000000000 0000000000000000 000000ce 2**0 CONTENTS, READONLY 6 .eh_frame 00000058 0000000000000000 0000000000000000 000000d0 2**3 CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA SYMBOL TABLE: 0000000000000000 l df *ABS* 0000000000000000 SimpleSection.c 0000000000000000 l d .text 0000000000000000 .text 0000000000000000 l d .data 0000000000000000 .data 0000000000000000 l d .bss 0000000000000000 .bss 0000000000000000 l d .rodata 0000000000000000 .rodata 0000000000000004 l O .data 0000000000000004 static_var.1730 0000000000000000 l O .bss 0000000000000004 static_var2.1731 0000000000000000 l d .note.GNU-stack 0000000000000000 .note.GNU-stack 0000000000000000 l d .eh_frame 0000000000000000 .eh_frame 0000000000000000 l d .comment 0000000000000000 .comment 0000000000000000 g O .data 0000000000000004 global_init_var 0000000000000004 O *COM* 0000000000000004 global_uninit_var 0000000000000000 g F .text 0000000000000021 func1 0000000000000000 *UND* 0000000000000000 printf 0000000000000021 g F .text 0000000000000033 main RELOCATION RECORDS FOR [.text]: OFFSET TYPE VALUE 0000000000000011 R_X86_64_32 .rodata 000000000000001b R_X86_64_PC32 printf-0x0000000000000004 0000000000000032 R_X86_64_PC32 .data 0000000000000038 R_X86_64_PC32 .bss-0x0000000000000004 000000000000004b R_X86_64_PC32 func1-0x0000000000000004 RELOCATION RECORDS FOR [.eh_frame]: OFFSET TYPE VALUE 0000000000000020 R_X86_64_PC32 .text 0000000000000040 R_X86_64_PC32 .text+0x0000000000000021
二、gcc -g -c SimpleSection -o SimpleSection.o
增加了调试信息:
那么objdump -h SimpleSection.o 会多出很多调试信息段。
SimpleSection.o: file format elf64-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .text 00000054 0000000000000000 0000000000000000 00000040 2**0 CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE 1 .data 00000008 0000000000000000 0000000000000000 00000094 2**2 CONTENTS, ALLOC, LOAD, DATA 2 .bss 00000004 0000000000000000 0000000000000000 0000009c 2**2 ALLOC 3 .rodata 00000004 0000000000000000 0000000000000000 0000009c 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .debug_info 000000ed 0000000000000000 0000000000000000 000000a0 2**0 CONTENTS, RELOC, READONLY, DEBUGGING 5 .debug_abbrev 00000091 0000000000000000 0000000000000000 0000018d 2**0 CONTENTS, READONLY, DEBUGGING 6 .debug_aranges 00000030 0000000000000000 0000000000000000 0000021e 2**0 CONTENTS, RELOC, READONLY, DEBUGGING 7 .debug_line 0000004a 0000000000000000 0000000000000000 0000024e 2**0 CONTENTS, RELOC, READONLY, DEBUGGING 8 .debug_str 000000ac 0000000000000000 0000000000000000 00000298 2**0 CONTENTS, READONLY, DEBUGGING 9 .comment 0000002e 0000000000000000 0000000000000000 00000344 2**0 CONTENTS, READONLY 10 .note.GNU-stack 00000000 0000000000000000 0000000000000000 00000372 2**0 CONTENTS, READONLY 11 .eh_frame 00000058 0000000000000000 0000000000000000 00000378 2**3 CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
我们可以用 strip 命令去除调试信息,在发布版本。