objdump(Linux)反汇编命令使用指南

1 objdump反汇编示例
- 1.1 显示```main.c```的汇编代码
- 1.2 目标文件反汇编
- 1.3 可执行文件反汇编
- 1.4 objdump反汇编常用参数
2 objdump帮助信息
3 参考资料

1 objdump反汇编示例

源文件main.c：

/* main.c */
#include <stdio.h>void swap(int* first, int* second)
{int temp = *first;*first = *second;*second = temp;
}int main(void)
{int a = 10;int b = 20;printf("a = %d; b = %d;\n", a, b);swap(&a, &b);printf("a = %d; b = %d;\n", a, b);return 0;
}

1.1 显示`main.c`的汇编代码

gcc -S -o main.s main.c

汇编文件main.s

    .file   "main.c".text.globl  swap.type   swap, @function
swap:
.LFB0:.cfi_startprocpushq   %rbp.cfi_def_cfa_offset 16.cfi_offset 6, -16movq    %rsp, %rbp.cfi_def_cfa_register 6movq    %rdi, -24(%rbp)movq    %rsi, -32(%rbp)movq    -24(%rbp), %rax...

1.2 目标文件反汇编

gcc -c -o main.o main.c
objdump -s -d main.o > main.o.txt

目标文件main.o的反汇编结果输出到文件main.o.txt
反汇编同时显示源代码

gcc -g -c -o main.o main.c
objdump -S -d main.o > main.o.txt

显示源代码同时显示行号

objdump -j .text -ld -C -S main.o > main.o.txt

1.3 可执行文件反汇编

gcc -o main main.c
objdump -s -d main > main.txt

反汇编同时显示源代码

gcc -g -o main main.c
objdump -S -d main > main.txt

1.4 objdump反汇编常用参数

• objdump -d <file(s)>: 将代码段反汇编；
• objdump -S <file(s)>: 将代码段反汇编的同时，将反汇编代码与源代码交替显示，编译时需要使用-g参数，即需要调试信息；
• objdump -C <file(s)>: 将C++符号名逆向解析
• objdump -l <file(s)>: 反汇编代码中插入文件名和行号
• objdump -j section <file(s)>: 仅反汇编指定的section

2 objdump帮助信息

输出objdump帮助信息：
objdump --help或者 man objdump

Usage: objdump <option(s)> <file(s)>Display information from object <file(s)>.At least one of the following switches must be given:-a, --archive-headers    Display archive header information-f, --file-headers       Display the contents of the overall file header-p, --private-headers    Display object format specific file header contents-P, --private=OPT,OPT... Display object format specific contents-h, --[section-]headers  Display the contents of the section headers-x, --all-headers        Display the contents of all headers-d, --disassemble        Display assembler contents of executable sections-D, --disassemble-all    Display assembler contents of all sections-S, --source             Intermix source code with disassembly-s, --full-contents      Display the full contents of all sections requested-g, --debugging          Display debug information in object file-e, --debugging-tags     Display debug information using ctags style-G, --stabs              Display (in raw form) any STABS info in the file-W[lLiaprmfFsoRt] or--dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,=frames-interp,=str,=loc,=Ranges,=pubtypes,=gdb_index,=trace_info,=trace_abbrev,=trace_aranges,=addr,=cu_index]Display DWARF info in the file-t, --syms               Display the contents of the symbol table(s)-T, --dynamic-syms       Display the contents of the dynamic symbol table-r, --reloc              Display the relocation entries in the file-R, --dynamic-reloc      Display the dynamic relocation entries in the file @<file>                  Read options from <file>-v, --version            Display this program's version number-i, --info               List object formats and architectures supported-H, --help               Display this informationThe following switches are optional:-b, --target=BFDNAME     Specify the target object format as BFDNAME-m, --architecture=MACHINE     Specify the target architecture as MACHINE-j, --section=NAME       Only display information for section NAME-M, --disassembler-options=OPT Pass text OPT on to the disassembler-EB --endian=big         Assume big endian format when disassembling-EL --endian=little      Assume little endian format when disassembling--file-start-context   Include context from start of file (with -S)-I, --include=DIR        Add DIR to search list for source files-l, --line-numbers       Include line numbers and filenames in output-F, --file-offsets       Include file offsets when displaying information-C, --demangle[=STYLE]   Decode mangled/processed symbol namesThe STYLE, if specified, can be `auto', `gnu',`lucid', `arm', `hp', `edg', `gnu-v3', `java'or `gnat'-w, --wide               Format output for more than 80 columns-z, --disassemble-zeroes       Do not skip blocks of zeroes when disassembling--start-address=ADDR   Only process data whose address is >= ADDR--stop-address=ADDR    Only process data whose address is <= ADDR--prefix-addresses     Print complete address alongside disassembly--[no-]show-raw-insn   Display hex alongside symbolic disassembly--insn-width=WIDTH     Display WIDTH bytes on a single line for -d--adjust-vma=OFFSET    Add OFFSET to all displayed section addresses--special-syms         Include special symbols in symbol dumps--prefix=PREFIX        Add PREFIX to absolute paths for -S--prefix-strip=LEVEL   Strip initial directory names for -S--dwarf-depth=N        Do not display DIEs at depth N or greater--dwarf-start=N        Display DIEs starting with N, at the same depthor deeper--dwarf-check          Make additional dwarf internal consistency checks.      objdump: supported targets: elf64-x86-64 elf32-i386 elf32-x86-64 a.out-i386-linux pei-i386 pei-x86-64 elf64-l1om elf64-k1om elf64-little elf64-big elf32-little elf32-big plugin srec symbolsrec verilog tekhex binary ihex
objdump: supported architectures: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel i386:x64-32:intel l1om l1om:intel k1om k1om:intel pluginThe following i386/x86-64 specific disassembler options are supported for use
with the -M switch (multiple options should be separated by commas):x86-64      Disassemble in 64bit modei386        Disassemble in 32bit modei8086       Disassemble in 16bit modeatt         Display instruction in AT&T syntaxintel       Display instruction in Intel syntaxatt-mnemonicDisplay instruction in AT&T mnemonicintel-mnemonicDisplay instruction in Intel mnemonicaddr64      Assume 64bit address sizeaddr32      Assume 32bit address sizeaddr16      Assume 16bit address sizedata32      Assume 32bit data sizedata16      Assume 16bit data sizesuffix      Always display instruction suffix in AT&T syntax
Report bugs to <http://bugzilla.redhat.com/bugzilla/>.

3 参考资料

[1] objdump反汇编用法示例
[2] objdump命令的使用
[3] GNU Binary Utilities: objdump - Sourceware

————————————————
原文链接：https://blog.csdn.net/wwchao2012/article/details/79980514