對比objdump與readelf
objdump和readelf均可以用來查看二進制文件的一些內部信息. 區別在於objdump
藉助BFD而更加通用一些, 能夠應付不一樣文件格式, readelf則並不藉助BFD,
而是直接讀取ELF格式文件的信息, 按readelf手冊頁上所說, 獲得的信息也略細緻一些.
幾個功能對比.
1. 反彙編代碼
查看源代碼被翻譯成的彙編代碼, 大概有3種方法,
1) 經過編譯器直接從源文件生成, 如gcc -S
2) 對目標代碼反彙編, 一種是靜態反彙編, 就是使用objdump
3) 另一種就是對運行時的代碼反彙編, 通常經過gdb
readelf並不提供反彙編功能.
objdump能夠指定反彙編哪一個節, 通常只有對包含指令的節反彙編纔有意義. 而對於一些
其餘的類型的節, objdump也能夠將特殊節的數據以解析後的形式呈現出來,
例如對於.plt, 輸出以下:
[qtl@courier lib]$ objdump -d -j .plt libfoobar.so
libfoobar.so: file format elf32-i386
Disassembly of section .plt:
000003a4 <__gmon_start__@plt-0x10>:
3a4: ff b3 04 00 00 00 pushl 0x4(%ebx)
3aa: ff a3 08 00 00 00 jmp *0x8(%ebx)
3b0: 00 00 add %al,(%eax)
...
000003b4 <__gmon_start__@plt>:
3b4: ff a3 0c 00 00 00 jmp *0xc(%ebx)
3ba: 68 00 00 00 00 push $0x0
3bf: e9 e0 ff ff ff jmp 3a4 <_init+0x18>
000003c4 <cos@plt>:
3c4: ff a3 10 00 00 00 jmp *0x10(%ebx)
3ca: 68 08 00 00 00 push $0x8
3cf: e9 d0 ff ff ff jmp 3a4 <_init+0x18>
000003d4 <fwrite@plt>:
3d4: ff a3 14 00 00 00 jmp *0x14(%ebx)
3da: 68 10 00 00 00 push $0x10
3df: e9 c0 ff ff ff jmp 3a4 <_init+0x18>
000003e4 <fprintf@plt>:
3e4: ff a3 18 00 00 00 jmp *0x18(%ebx)
3ea: 68 18 00 00 00 push $0x18
3ef: e9 b0 ff ff ff jmp 3a4 <_init+0x18>
000003f4 <__cxa_finalize@plt>:
3f4: ff a3 1c 00 00 00 jmp *0x1c(%ebx)
3fa: 68 20 00 00 00 push $0x20
3ff: e9 a0 ff ff ff jmp 3a4 <_init+0x18>
2. 顯示relocation節的條目
-r參數顯示elf文件的類型爲REL的節的信息, 使用-S參數能夠列出elf文件的
全部節的信息, 其中也就包括了REL節.
對於可重定位文件二者顯示條目一致, 最重要的offset和type以及Sym.Name都有.
下面是二者輸出的對比.
[qtl@courier lib]$ readelf -r bar.o
Relocation section '.rel.text' at offset 0x4bc contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00000008 00000b02 R_386_PC32 00000000 __i686.get_pc_thunk.bx
0000000e 00000c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
00000025 00000d04 R_386_PLT32 00000000 cos
0000002e 00000e03 R_386_GOT32 00000000 stdout
00000044 00000509 R_386_GOTOFF 00000000 .rodata
00000050 00000f04 R_386_PLT32 00000000 fprintf
[qtl@courier lib]$ objdump -r bar.o
bar.o: file format elf32-i386
RELOCATION RECORDS FOR [.text]:
OFFSET TYPE VALUE
00000008 R_386_PC32 __i686.get_pc_thunk.bx
0000000e R_386_GOTPC _GLOBAL_OFFSET_TABLE_
00000025 R_386_PLT32 cos
0000002e R_386_GOT32 stdout
00000044 R_386_GOTOFF .rodata
00000050 R_386_PLT32 fprintf
對於共享庫,
[qtl@courier lib]$ readelf -r libfoobar.so
Relocation section '.rel.dyn' at offset 0x334 contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00001608 00000008 R_386_RELATIVE
00001704 00000008 R_386_RELATIVE
000016d4 00000106 R_386_GLOB_DAT 00000000 __gmon_start__
000016d8 00000206 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses
000016dc 00000606 R_386_GLOB_DAT 00000000 stdout
000016e0 00000706 R_386_GLOB_DAT 00000000 __cxa_finalize
Relocation section '.rel.plt' at offset 0x364 contains 5 entries:
Offset Info Type Sym.Value Sym. Name
000016f0 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__
000016f4 00000307 R_386_JUMP_SLOT 00000000 cos
000016f8 00000407 R_386_JUMP_SLOT 00000000 fwrite
000016fc 00000507 R_386_JUMP_SLOT 00000000 fprintf
00001700 00000707 R_386_JUMP_SLOT 00000000 __cxa_finalize
[qtl@courier lib]$ objdump -R libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC RELOCATION RECORDS
OFFSET TYPE VALUE
00001608 R_386_RELATIVE *ABS*
00001704 R_386_RELATIVE *ABS*
000016d4 R_386_GLOB_DAT __gmon_start__
000016d8 R_386_GLOB_DAT _Jv_RegisterClasses
000016dc R_386_GLOB_DAT stdout
000016e0 R_386_GLOB_DAT __cxa_finalize
000016f0 R_386_JUMP_SLOT __gmon_start__
000016f4 R_386_JUMP_SLOT cos
000016f8 R_386_JUMP_SLOT fwrite
000016fc R_386_JUMP_SLOT fprintf
00001700 R_386_JUMP_SLOT __cxa_finalize
有上面能夠看出, readelf的顯示分節, 而objdump則將兩個節合在一塊兒. readelf的
顯示更加清晰一些.
3. 顯示動態重定位條目(或者能夠認爲是動態連接相關的重定位條目)
(按objdump的man page說明, 只對dynamic object有效, 如某些類型的共享庫)
readelf和objdump等價的命令爲readelf -D -r file和objdump -R file.
對readelf使用-r和-D -r的區別, 對於共享庫在於數據的呈現方式略有不一樣. 這兩種
都將數據解析後呈現出來. 前者顯示的是相對於基地址的偏移, 後者則顯示絕對偏移量.
前者顯示條目數, 後者顯示字節數.
二者輸出對比:
[qtl@courier lib]$ readelf -D -r libfoobar.so
'REL' relocation section at offset 0x334 contains 48 bytes:
Offset Info Type Sym.Value Sym. Name
00001608 00000008 R_386_RELATIVE
00001704 00000008 R_386_RELATIVE
000016d4 00000106 R_386_GLOB_DAT 00000000 __gmon_start__
000016d8 00000206 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses
000016dc 00000606 R_386_GLOB_DAT 00000000 stdout
000016e0 00000706 R_386_GLOB_DAT 00000000 __cxa_finalize
'PLT' relocation section at offset 0x364 contains 40 bytes:
Offset Info Type Sym.Value Sym. Name
000016f0 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__
000016f4 00000307 R_386_JUMP_SLOT 00000000 cos
000016f8 00000407 R_386_JUMP_SLOT 00000000 fwrite
000016fc 00000507 R_386_JUMP_SLOT 00000000 fprintf
00001700 00000707 R_386_JUMP_SLOT 00000000 __cxa_finalize
[qtl@courier lib]$ objdump -R libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC RELOCATION RECORDS
OFFSET TYPE VALUE
00001608 R_386_RELATIVE *ABS*
00001704 R_386_RELATIVE *ABS*
000016d4 R_386_GLOB_DAT __gmon_start__
000016d8 R_386_GLOB_DAT _Jv_RegisterClasses
000016dc R_386_GLOB_DAT stdout
000016e0 R_386_GLOB_DAT __cxa_finalize
000016f0 R_386_JUMP_SLOT __gmon_start__
000016f4 R_386_JUMP_SLOT cos
000016f8 R_386_JUMP_SLOT fwrite
000016fc R_386_JUMP_SLOT fprintf
00001700 R_386_JUMP_SLOT __cxa_finalize
另外有必要說明的是若是對可重定位文件(.o文件)應用這兩個命令是無效的,
錯誤提示以下:
[qtl@courier lib]$ readelf -D -r bar.o
There are no dynamic relocations in this file.
[qtl@courier lib]$ objdump -R bar.o
bar.o: file format elf32-i386
objdump: bar.o: not a dynamic object
objdump: bar.o: Invalid operation
4. 顯示節信息: readelf -S和objdump -h
對於可重定位文件, objdump -h不能顯示.rel開頭的節和.shstrtab, .symtab, .strtab.
而readelf的顯示有一個.group節, 其內容爲節的group, 能夠用-g參數查看.
輸出以下:
[qtl@courier lib]$ readelf -S bar.o
There are 13 section headers, starting at offset 0x150:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .group GROUP 00000000 000034 000008 04 11 11 4
[ 2] .text PROGBITS 00000000 00003c 00005c 00 AX 0 0 4
[ 3] .rel.text REL 00000000 0004bc 000030 08 11 2 4
[ 4] .data PROGBITS 00000000 000098 000000 00 WA 0 0 4
[ 5] .bss NOBITS 00000000 000098 000000 00 WA 0 0 4
[ 6] .rodata PROGBITS 00000000 000098 00000e 00 A 0 0 1
[ 7] .comment PROGBITS 00000000 0000a6 00002e 00 0 0 1
[ 8] .text.__i686.get_ PROGBITS 00000000 0000d4 000004 00 AXG 0 0 1
[ 9] .note.GNU-stack PROGBITS 00000000 0000d8 000000 00 0 0 1
[10] .shstrtab STRTAB 00000000 0000d8 000075 00 0 0 1
[11] .symtab SYMTAB 00000000 000358 000110 10 12 10 4
[12] .strtab STRTAB 00000000 000468 000053 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[qtl@courier lib]$ objdump -h bar.o
bar.o: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 __i686.get_pc_thunk.bx 00000008 00000000 00000000 00000034 2**2
CONTENTS, READONLY, EXCLUDE, GROUP, LINK_ONCE_DISCARD
1 .text 0000005c 00000000 00000000 0000003c 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
2 .data 00000000 00000000 00000000 00000098 2**2
CONTENTS, ALLOC, LOAD, DATA
3 .bss 00000000 00000000 00000000 00000098 2**2
ALLOC
4 .rodata 0000000e 00000000 00000000 00000098 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .comment 0000002e 00000000 00000000 000000a6 2**0
CONTENTS, READONLY
6 .text.__i686.get_pc_thunk.bx 00000004 00000000 00000000 000000d4 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
7 .note.GNU-stack 00000000 00000000 00000000 000000d8 2**0
CONTENTS, READONLY
對於共享庫, objdump -h仍然不能顯示.shstrtab, .symtab, .strtab三個節, 另外還有
一個區別在於readelf從一個NULL類型的節開始, 而objdump的輸出去掉了這個空的節.
[qtl@courier lib]$ readelf -S libfoobar.so
There are 27 section headers, starting at offset 0x8f0:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .gnu.hash GNU_HASH 000000b4 0000b4 000048 04 A 2 0 4
[ 2] .dynsym DYNSYM 000000fc 0000fc 000110 10 A 3 1 4
[ 3] .dynstr STRTAB 0000020c 00020c 0000b3 00 A 0 0 1
[ 4] .gnu.version VERSYM 000002c0 0002c0 000022 02 A 2 0 2
[ 5] .gnu.version_r VERNEED 000002e4 0002e4 000050 00 A 3 2 4
[ 6] .rel.dyn REL 00000334 000334 000030 08 A 2 0 4
[ 7] .rel.plt REL 00000364 000364 000028 08 A 2 9 4
[ 8] .init PROGBITS 0000038c 00038c 000017 00 AX 0 0 4
[ 9] .plt PROGBITS 000003a4 0003a4 000060 04 AX 0 0 4
[10] .text PROGBITS 00000410 000410 0001a4 00 AX 0 0 16
[11] .fini PROGBITS 000005b4 0005b4 00001c 00 AX 0 0 4
[12] .rodata PROGBITS 000005d0 0005d0 00001d 00 A 0 0 1
[13] .eh_frame PROGBITS 000005f0 0005f0 000004 00 A 0 0 4
[14] .ctors PROGBITS 000015f4 0005f4 000008 00 WA 0 0 4
[15] .dtors PROGBITS 000015fc 0005fc 000008 00 WA 0 0 4
[16] .jcr PROGBITS 00001604 000604 000004 00 WA 0 0 4
[17] .data.rel.ro PROGBITS 00001608 000608 000004 00 WA 0 0 4
[18] .dynamic DYNAMIC 0000160c 00060c 0000c8 08 WA 3 0 4
[19] .got PROGBITS 000016d4 0006d4 000010 04 WA 0 0 4
[20] .got.plt PROGBITS 000016e4 0006e4 000020 04 WA 0 0 4
[21] .data PROGBITS 00001704 000704 000004 00 WA 0 0 4
[22] .bss NOBITS 00001708 000708 000010 00 WA 0 0 4
[23] .comment PROGBITS 00000000 000708 000114 00 0 0 1
[24] .shstrtab STRTAB 00000000 00081c 0000d2 00 0 0 1
[25] .symtab SYMTAB 00000000 000d28 0003d0 10 26 45 4
[26] .strtab STRTAB 00000000 0010f8 0001d7 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[qtl@courier lib]$ objdump -h libfoobar.so
libfoobar.so: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 .gnu.hash 00000048 000000b4 000000b4 000000b4 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .dynsym 00000110 000000fc 000000fc 000000fc 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .dynstr 000000b3 0000020c 0000020c 0000020c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .gnu.version 00000022 000002c0 000002c0 000002c0 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .gnu.version_r 00000050 000002e4 000002e4 000002e4 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .rel.dyn 00000030 00000334 00000334 00000334 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .rel.plt 00000028 00000364 00000364 00000364 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .init 00000017 0000038c 0000038c 0000038c 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
8 .plt 00000060 000003a4 000003a4 000003a4 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
9 .text 000001a4 00000410 00000410 00000410 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
10 .fini 0000001c 000005b4 000005b4 000005b4 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .rodata 0000001d 000005d0 000005d0 000005d0 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
12 .eh_frame 00000004 000005f0 000005f0 000005f0 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
13 .ctors 00000008 000015f4 000015f4 000005f4 2**2
CONTENTS, ALLOC, LOAD, DATA
14 .dtors 00000008 000015fc 000015fc 000005fc 2**2
CONTENTS, ALLOC, LOAD, DATA
15 .jcr 00000004 00001604 00001604 00000604 2**2
CONTENTS, ALLOC, LOAD, DATA
16 .data.rel.ro 00000004 00001608 00001608 00000608 2**2
CONTENTS, ALLOC, LOAD, DATA
17 .dynamic 000000c8 0000160c 0000160c 0000060c 2**2
CONTENTS, ALLOC, LOAD, DATA
18 .got 00000010 000016d4 000016d4 000006d4 2**2
CONTENTS, ALLOC, LOAD, DATA
19 .got.plt 00000020 000016e4 000016e4 000006e4 2**2
CONTENTS, ALLOC, LOAD, DATA
20 .data 00000004 00001704 00001704 00000704 2**2
CONTENTS, ALLOC, LOAD, DATA
21 .bss 00000010 00001708 00001708 00000708 2**2
ALLOC
22 .comment 00000114 00000000 00000000 00000708 2**0
CONTENTS, READONLY
5. 顯示.dynamic節信息
只readelf -d有對應的功能, objdump沒有. 另外須要注意, 看重定位文件不須要動態
連接(加載), 因此沒有.dynamic節. 對於共享庫文件輸出以下:
[qtl@courier lib]$ readelf -d libfoobar.so
Dynamic section at offset 0x60c contains 21 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x38c
0x0000000d (FINI) 0x5b4
0x6ffffef5 (GNU_HASH) 0xb4
0x00000005 (STRTAB) 0x20c
0x00000006 (SYMTAB) 0xfc
0x0000000a (STRSZ) 179 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000003 (PLTGOT) 0x16e4
0x00000002 (PLTRELSZ) 40 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x364
0x00000011 (REL) 0x334
0x00000012 (RELSZ) 48 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x2e4
0x6fffffff (VERNEEDNUM) 2
0x6ffffff0 (VERSYM) 0x2c0
0x6ffffffa (RELCOUNT) 2
0x00000000 (NULL) 0x0
6. 顯示程序段信息
第二個readelf支持而objdump沒有的功能. 命令參數爲readelf -l.
一樣, 對於可重定位文件而言沒有段. 這一點也能夠從ELF頭中看到, 命令爲readelf -h.
[qtl@courier lib]$ readelf -l libfoobar.so
Elf file type is DYN (Shared object file)
Entry point 0x410
There are 4 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x005f4 0x005f4 R E 0x1000
LOAD 0x0005f4 0x000015f4 0x000015f4 0x00114 0x00124 RW 0x1000
DYNAMIC 0x00060c 0x0000160c 0x0000160c 0x000c8 0x000c8 RW 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00 .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn
.rel.plt .init .plt .text .fini .rodata .eh_frame
01 .ctors .dtors .jcr .data.rel.ro .dynamic .got .got.plt .data .bss
02 .dynamic
03
7. 以字節(HEX或字符)形式dump某節的內容
readelf -x <secname>
objdump -s
後者默認一次dump全部節的內容. 若是隻想dump某節的內容, 則用-j <secname>
參數指定. readelf一次只能dump某一節的內容. 二者輸出以下:
[qtl@courier lib]$ readelf -x .dynamic libfoobar.so
Hex dump of section '.dynamic':
0x0000160c 0000007b 00000001 00000071 00000001 ....q.......{...
0x0000161c 000005b4 0000000d 0000038c 0000000c ................
0x0000162c 0000020c 00000005 000000b4 6ffffef5 ...o............
0x0000163c 000000b3 0000000a 000000fc 00000006 ................
0x0000164c 000016e4 00000003 00000010 0000000b ................
0x0000165c 00000011 00000014 00000028 00000002 ....(...........
0x0000166c 00000334 00000011 00000364 00000017 ....d.......4...
0x0000167c 00000008 00000013 00000030 00000012 ....0...........
0x0000168c 00000002 6fffffff 000002e4 6ffffffe ...o.......o....
0x0000169c 00000002 6ffffffa 000002c0 6ffffff0 ...o.......o....
0x000016ac 00000000 00000000 00000000 00000000 ................
0x000016bc 00000000 00000000 00000000 00000000 ................
0x000016cc 00000000 00000000 ........
[qtl@courier lib]$ objdump -s -j .dynamic libfoobar.so
libfoobar.so: file format elf32-i386
Contents of section .dynamic:
160c 01000000 71000000 01000000 7b000000 ....q.......{...
161c 0c000000 8c030000 0d000000 b4050000 ................
162c f5feff6f b4000000 05000000 0c020000 ...o............
163c 06000000 fc000000 0a000000 b3000000 ................
164c 0b000000 10000000 03000000 e4160000 ................
165c 02000000 28000000 14000000 11000000 ....(...........
166c 17000000 64030000 11000000 34030000 ....d.......4...
167c 12000000 30000000 13000000 08000000 ....0...........
168c feffff6f e4020000 ffffff6f 02000000 ...o.......o....
169c f0ffff6f c0020000 faffff6f 02000000 ...o.......o....
16ac 00000000 00000000 00000000 00000000 ................
16bc 00000000 00000000 00000000 00000000 ................
16cc 00000000 00000000 ........
8. 查看ELF程序頭信息
readelf -h提供完整的信息, objdump -f只提供不多的信息.
9. 查看符號信息
readelf -s
objdump -t
兩個命令都提供相似nm的信息. 輸出以下:
[qtl@courier lib]$ readelf -s libfoobar.so
Symbol table '.dynsym' contains 17 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
2: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
3: 00000000 38 FUNC GLOBAL DEFAULT UND cos@GLIBC_2.0 (2)
4: 00000000 351 FUNC GLOBAL DEFAULT UND fwrite@GLIBC_2.0 (3)
5: 00000000 36 FUNC GLOBAL DEFAULT UND fprintf@GLIBC_2.0 (3)
6: 00000000 4 OBJECT GLOBAL DEFAULT UND stdout@GLIBC_2.0 (3)
7: 00000000 346 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3
(4)
8: 00000520 92 FUNC GLOBAL DEFAULT 10 bar
9: 000004dc 66 FUNC GLOBAL DEFAULT 10 foo
10: 00001718 0 NOTYPE GLOBAL DEFAULT ABS _end
11: 00001708 0 NOTYPE GLOBAL DEFAULT ABS _edata
12: 0000170c 4 OBJECT GLOBAL DEFAULT 22 foo_var
13: 00001708 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
14: 0000038c 0 FUNC GLOBAL DEFAULT 8 _init
15: 000005b4 0 FUNC GLOBAL DEFAULT 11 _fini
16: 00001710 8 OBJECT GLOBAL DEFAULT 22 bar_var
Symbol table '.symtab' contains 61 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 000000b4 0 SECTION LOCAL DEFAULT 1
2: 000000fc 0 SECTION LOCAL DEFAULT 2
3: 0000020c 0 SECTION LOCAL DEFAULT 3
4: 000002c0 0 SECTION LOCAL DEFAULT 4
5: 000002e4 0 SECTION LOCAL DEFAULT 5
6: 00000334 0 SECTION LOCAL DEFAULT 6
7: 00000364 0 SECTION LOCAL DEFAULT 7
8: 0000038c 0 SECTION LOCAL DEFAULT 8
9: 000003a4 0 SECTION LOCAL DEFAULT 9
10: 00000410 0 SECTION LOCAL DEFAULT 10
11: 000005b4 0 SECTION LOCAL DEFAULT 11
12: 000005d0 0 SECTION LOCAL DEFAULT 12
13: 000005f0 0 SECTION LOCAL DEFAULT 13
14: 000015f4 0 SECTION LOCAL DEFAULT 14
15: 000015fc 0 SECTION LOCAL DEFAULT 15
16: 00001604 0 SECTION LOCAL DEFAULT 16
17: 00001608 0 SECTION LOCAL DEFAULT 17
18: 0000160c 0 SECTION LOCAL DEFAULT 18
19: 000016d4 0 SECTION LOCAL DEFAULT 19
20: 000016e4 0 SECTION LOCAL DEFAULT 20
21: 00001704 0 SECTION LOCAL DEFAULT 21
22: 00001708 0 SECTION LOCAL DEFAULT 22
23: 00000000 0 SECTION LOCAL DEFAULT 23
24: 00000410 0 FUNC LOCAL DEFAULT 10 call_gmon_start
25: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
26: 000015f4 0 OBJECT LOCAL DEFAULT 14 __CTOR_LIST__
27: 000015fc 0 OBJECT LOCAL DEFAULT 15 __DTOR_LIST__
28: 00001604 0 OBJECT LOCAL DEFAULT 16 __JCR_LIST__
29: 00001708 1 OBJECT LOCAL DEFAULT 22 completed.5758
30: 00001704 0 OBJECT LOCAL DEFAULT 21 p.5756
31: 00000440 0 FUNC LOCAL DEFAULT 10 __do_global_dtors_aux
32: 000004a0 0 FUNC LOCAL DEFAULT 10 frame_dummy
33: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
34: 000015f8 0 OBJECT LOCAL DEFAULT 14 __CTOR_END__
35: 00001600 0 OBJECT LOCAL DEFAULT 15 __DTOR_END__
36: 000005f0 0 OBJECT LOCAL DEFAULT 13 __FRAME_END__
37: 00001604 0 OBJECT LOCAL DEFAULT 16 __JCR_END__
38: 00000580 0 FUNC LOCAL DEFAULT 10 __do_global_ctors_aux
39: 00000000 0 FILE LOCAL DEFAULT ABS foo.c
40: 00000000 0 FILE LOCAL DEFAULT ABS bar.c
41: 000016e4 0 OBJECT LOCAL HIDDEN ABS _GLOBAL_OFFSET_TABLE_
42: 00001608 0 OBJECT LOCAL HIDDEN 17 __dso_handle
43: 000004d7 0 FUNC LOCAL HIDDEN 10 __i686.get_pc_thunk.bx
44: 0000160c 0 OBJECT LOCAL HIDDEN ABS _DYNAMIC
45: 00000520 92 FUNC GLOBAL DEFAULT 10 bar
46: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
47: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
48: 000005b4 0 FUNC GLOBAL DEFAULT 11 _fini
49: 0000170c 4 OBJECT GLOBAL DEFAULT 22 foo_var
50: 000004dc 66 FUNC GLOBAL DEFAULT 10 foo
51: 00000000 38 FUNC GLOBAL DEFAULT UND cos@@GLIBC_2.0
52: 00000000 351 FUNC GLOBAL DEFAULT UND fwrite@@GLIBC_2.0
53: 00000000 36 FUNC GLOBAL DEFAULT UND fprintf@@GLIBC_2.0
54: 00001708 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
55: 00001718 0 NOTYPE GLOBAL DEFAULT ABS _end
56: 00000000 4 OBJECT GLOBAL DEFAULT UND stdout@@GLIBC_2.0
57: 00001710 8 OBJECT GLOBAL DEFAULT 22 bar_var
58: 00001708 0 NOTYPE GLOBAL DEFAULT ABS _edata
59: 00000000 346 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1
60: 0000038c 0 FUNC GLOBAL DEFAULT 8 _init
[qtl@courier lib]$ objdump -t libfoobar.so
libfoobar.so: file format elf32-i386
SYMBOL TABLE:
000000b4 l d .gnu.hash 00000000 .gnu.hash
000000fc l d .dynsym 00000000 .dynsym
0000020c l d .dynstr 00000000 .dynstr
000002c0 l d .gnu.version 00000000 .gnu.version
000002e4 l d .gnu.version_r 00000000 .gnu.version_r
00000334 l d .rel.dyn 00000000 .rel.dyn
00000364 l d .rel.plt 00000000 .rel.plt
0000038c l d .init 00000000 .init
000003a4 l d .plt 00000000 .plt
00000410 l d .text 00000000 .text
000005b4 l d .fini 00000000 .fini
000005d0 l d .rodata 00000000 .rodata
000005f0 l d .eh_frame 00000000 .eh_frame
000015f4 l d .ctors 00000000 .ctors
000015fc l d .dtors 00000000 .dtors
00001604 l d .jcr 00000000 .jcr
00001608 l d .data.rel.ro 00000000 .data.rel.ro
0000160c l d .dynamic 00000000 .dynamic
000016d4 l d .got 00000000 .got
000016e4 l d .got.plt 00000000 .got.plt
00001704 l d .data 00000000 .data
00001708 l d .bss 00000000 .bss
00000000 l d .comment 00000000 .comment
00000410 l F .text 00000000 call_gmon_start
00000000 l df *ABS* 00000000 crtstuff.c
000015f4 l O .ctors 00000000 __CTOR_LIST__
000015fc l O .dtors 00000000 __DTOR_LIST__
00001604 l O .jcr 00000000 __JCR_LIST__
00001708 l O .bss 00000001 completed.5758
00001704 l O .data 00000000 p.5756
00000440 l F .text 00000000 __do_global_dtors_aux
000004a0 l F .text 00000000 frame_dummy
00000000 l df *ABS* 00000000 crtstuff.c
000015f8 l O .ctors 00000000 __CTOR_END__
00001600 l O .dtors 00000000 __DTOR_END__
000005f0 l O .eh_frame 00000000 __FRAME_END__
00001604 l O .jcr 00000000 __JCR_END__
00000580 l F .text 00000000 __do_global_ctors_aux
00000000 l df *ABS* 00000000 foo.c
00000000 l df *ABS* 00000000 bar.c
000016e4 l O *ABS* 00000000 .hidden _GLOBAL_OFFSET_TABLE_
00001608 l O .data.rel.ro 00000000 .hidden __dso_handle
000004d7 l F .text 00000000 .hidden __i686.get_pc_thunk.bx
0000160c l O *ABS* 00000000 .hidden _DYNAMIC
00000520 g F .text 0000005c bar
00000000 w *UND* 00000000 __gmon_start__
00000000 w *UND* 00000000 _Jv_RegisterClasses
000005b4 g F .fini 00000000 _fini
0000170c g O .bss 00000004 foo_var
000004dc g F .text 00000042 foo
00000000 F *UND* 00000026 cos@@GLIBC_2.0
00000000 F *UND* 0000015f fwrite@@GLIBC_2.0
00000000 F *UND* 00000024 fprintf@@GLIBC_2.0
00001708 g *ABS* 00000000 __bss_start
00001718 g *ABS* 00000000 _end
00000000 O *UND* 00000004 stdout@@GLIBC_2.0
00001710 g O .bss 00000008 bar_var
00001708 g *ABS* 00000000 _edata
00000000 w F *UND* 0000015a __cxa_finalize@@GLIBC_2.1.3
0000038c g F .init 00000000 _init
注意readelf同時顯示了.dynsym的信息, 而objdump實際上只顯示了.symtab部分的信息.
若是須要顯示動態部分的符號, 使用-T參數. 輸出以下:
[qtl@courier lib]$ objdump -T libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC SYMBOL TABLE:
00000000 w D *UND* 00000000 __gmon_start__
00000000 w D *UND* 00000000 _Jv_RegisterClasses
00000000 DF *UND* 00000026 GLIBC_2.0 cos
00000000 DF *UND* 0000015f GLIBC_2.0 fwrite
00000000 DF *UND* 00000024 GLIBC_2.0 fprintf
00000000 DO *UND* 00000004 GLIBC_2.0 stdout
00000000 w DF *UND* 0000015a GLIBC_2.1.3 __cxa_finalize
00000520 g DF .text 0000005c Base bar
000004dc g DF .text 00000042 Base foo
00001718 g D *ABS* 00000000 Base _end
00001708 g D *ABS* 00000000 Base _edata
0000170c g DO .bss 00000004 Base foo_var
00001708 g D *ABS* 00000000 Base __bss_start
0000038c g DF .init 00000000 Base _init
000005b4 g DF .fini 00000000 Base _fini
00001710 g DO .bss 00000008 Base bar_var
對readelf同時使用-D -s參數無效. 對照手冊頁說明也沒弄清楚-D的主要用途,
在這裏可能由於-s已經可以都顯示了.
10. 一次所有
兩個命令都提供了一個參數, 指定多個其餘參數的集合一塊兒顯示, 但顯示內容略有不一樣.
readelf -a: -h -l -S -r -s -d -n -V
objdump -x: -a -f -h -p -r -t
藉助BFD而更加通用一些, 能夠應付不一樣文件格式, readelf則並不藉助BFD,
而是直接讀取ELF格式文件的信息, 按readelf手冊頁上所說, 獲得的信息也略細緻一些.
幾個功能對比.
1. 反彙編代碼
查看源代碼被翻譯成的彙編代碼, 大概有3種方法,
1) 經過編譯器直接從源文件生成, 如gcc -S
2) 對目標代碼反彙編, 一種是靜態反彙編, 就是使用objdump
3) 另一種就是對運行時的代碼反彙編, 通常經過gdb
readelf並不提供反彙編功能.
objdump能夠指定反彙編哪一個節, 通常只有對包含指令的節反彙編纔有意義. 而對於一些
其餘的類型的節, objdump也能夠將特殊節的數據以解析後的形式呈現出來,
例如對於.plt, 輸出以下:
[qtl@courier lib]$ objdump -d -j .plt libfoobar.so
libfoobar.so: file format elf32-i386
Disassembly of section .plt:
000003a4 <__gmon_start__@plt-0x10>:
3a4: ff b3 04 00 00 00 pushl 0x4(%ebx)
3aa: ff a3 08 00 00 00 jmp *0x8(%ebx)
3b0: 00 00 add %al,(%eax)
...
000003b4 <__gmon_start__@plt>:
3b4: ff a3 0c 00 00 00 jmp *0xc(%ebx)
3ba: 68 00 00 00 00 push $0x0
3bf: e9 e0 ff ff ff jmp 3a4 <_init+0x18>
000003c4 <cos@plt>:
3c4: ff a3 10 00 00 00 jmp *0x10(%ebx)
3ca: 68 08 00 00 00 push $0x8
3cf: e9 d0 ff ff ff jmp 3a4 <_init+0x18>
000003d4 <fwrite@plt>:
3d4: ff a3 14 00 00 00 jmp *0x14(%ebx)
3da: 68 10 00 00 00 push $0x10
3df: e9 c0 ff ff ff jmp 3a4 <_init+0x18>
000003e4 <fprintf@plt>:
3e4: ff a3 18 00 00 00 jmp *0x18(%ebx)
3ea: 68 18 00 00 00 push $0x18
3ef: e9 b0 ff ff ff jmp 3a4 <_init+0x18>
000003f4 <__cxa_finalize@plt>:
3f4: ff a3 1c 00 00 00 jmp *0x1c(%ebx)
3fa: 68 20 00 00 00 push $0x20
3ff: e9 a0 ff ff ff jmp 3a4 <_init+0x18>
2. 顯示relocation節的條目
-r參數顯示elf文件的類型爲REL的節的信息, 使用-S參數能夠列出elf文件的
全部節的信息, 其中也就包括了REL節.
對於可重定位文件二者顯示條目一致, 最重要的offset和type以及Sym.Name都有.
下面是二者輸出的對比.
[qtl@courier lib]$ readelf -r bar.o
Relocation section '.rel.text' at offset 0x4bc contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00000008 00000b02 R_386_PC32 00000000 __i686.get_pc_thunk.bx
0000000e 00000c0a R_386_GOTPC 00000000 _GLOBAL_OFFSET_TABLE_
00000025 00000d04 R_386_PLT32 00000000 cos
0000002e 00000e03 R_386_GOT32 00000000 stdout
00000044 00000509 R_386_GOTOFF 00000000 .rodata
00000050 00000f04 R_386_PLT32 00000000 fprintf
[qtl@courier lib]$ objdump -r bar.o
bar.o: file format elf32-i386
RELOCATION RECORDS FOR [.text]:
OFFSET TYPE VALUE
00000008 R_386_PC32 __i686.get_pc_thunk.bx
0000000e R_386_GOTPC _GLOBAL_OFFSET_TABLE_
00000025 R_386_PLT32 cos
0000002e R_386_GOT32 stdout
00000044 R_386_GOTOFF .rodata
00000050 R_386_PLT32 fprintf
對於共享庫,
[qtl@courier lib]$ readelf -r libfoobar.so
Relocation section '.rel.dyn' at offset 0x334 contains 6 entries:
Offset Info Type Sym.Value Sym. Name
00001608 00000008 R_386_RELATIVE
00001704 00000008 R_386_RELATIVE
000016d4 00000106 R_386_GLOB_DAT 00000000 __gmon_start__
000016d8 00000206 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses
000016dc 00000606 R_386_GLOB_DAT 00000000 stdout
000016e0 00000706 R_386_GLOB_DAT 00000000 __cxa_finalize
Relocation section '.rel.plt' at offset 0x364 contains 5 entries:
Offset Info Type Sym.Value Sym. Name
000016f0 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__
000016f4 00000307 R_386_JUMP_SLOT 00000000 cos
000016f8 00000407 R_386_JUMP_SLOT 00000000 fwrite
000016fc 00000507 R_386_JUMP_SLOT 00000000 fprintf
00001700 00000707 R_386_JUMP_SLOT 00000000 __cxa_finalize
[qtl@courier lib]$ objdump -R libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC RELOCATION RECORDS
OFFSET TYPE VALUE
00001608 R_386_RELATIVE *ABS*
00001704 R_386_RELATIVE *ABS*
000016d4 R_386_GLOB_DAT __gmon_start__
000016d8 R_386_GLOB_DAT _Jv_RegisterClasses
000016dc R_386_GLOB_DAT stdout
000016e0 R_386_GLOB_DAT __cxa_finalize
000016f0 R_386_JUMP_SLOT __gmon_start__
000016f4 R_386_JUMP_SLOT cos
000016f8 R_386_JUMP_SLOT fwrite
000016fc R_386_JUMP_SLOT fprintf
00001700 R_386_JUMP_SLOT __cxa_finalize
有上面能夠看出, readelf的顯示分節, 而objdump則將兩個節合在一塊兒. readelf的
顯示更加清晰一些.
3. 顯示動態重定位條目(或者能夠認爲是動態連接相關的重定位條目)
(按objdump的man page說明, 只對dynamic object有效, 如某些類型的共享庫)
readelf和objdump等價的命令爲readelf -D -r file和objdump -R file.
對readelf使用-r和-D -r的區別, 對於共享庫在於數據的呈現方式略有不一樣. 這兩種
都將數據解析後呈現出來. 前者顯示的是相對於基地址的偏移, 後者則顯示絕對偏移量.
前者顯示條目數, 後者顯示字節數.
二者輸出對比:
[qtl@courier lib]$ readelf -D -r libfoobar.so
'REL' relocation section at offset 0x334 contains 48 bytes:
Offset Info Type Sym.Value Sym. Name
00001608 00000008 R_386_RELATIVE
00001704 00000008 R_386_RELATIVE
000016d4 00000106 R_386_GLOB_DAT 00000000 __gmon_start__
000016d8 00000206 R_386_GLOB_DAT 00000000 _Jv_RegisterClasses
000016dc 00000606 R_386_GLOB_DAT 00000000 stdout
000016e0 00000706 R_386_GLOB_DAT 00000000 __cxa_finalize
'PLT' relocation section at offset 0x364 contains 40 bytes:
Offset Info Type Sym.Value Sym. Name
000016f0 00000107 R_386_JUMP_SLOT 00000000 __gmon_start__
000016f4 00000307 R_386_JUMP_SLOT 00000000 cos
000016f8 00000407 R_386_JUMP_SLOT 00000000 fwrite
000016fc 00000507 R_386_JUMP_SLOT 00000000 fprintf
00001700 00000707 R_386_JUMP_SLOT 00000000 __cxa_finalize
[qtl@courier lib]$ objdump -R libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC RELOCATION RECORDS
OFFSET TYPE VALUE
00001608 R_386_RELATIVE *ABS*
00001704 R_386_RELATIVE *ABS*
000016d4 R_386_GLOB_DAT __gmon_start__
000016d8 R_386_GLOB_DAT _Jv_RegisterClasses
000016dc R_386_GLOB_DAT stdout
000016e0 R_386_GLOB_DAT __cxa_finalize
000016f0 R_386_JUMP_SLOT __gmon_start__
000016f4 R_386_JUMP_SLOT cos
000016f8 R_386_JUMP_SLOT fwrite
000016fc R_386_JUMP_SLOT fprintf
00001700 R_386_JUMP_SLOT __cxa_finalize
另外有必要說明的是若是對可重定位文件(.o文件)應用這兩個命令是無效的,
錯誤提示以下:
[qtl@courier lib]$ readelf -D -r bar.o
There are no dynamic relocations in this file.
[qtl@courier lib]$ objdump -R bar.o
bar.o: file format elf32-i386
objdump: bar.o: not a dynamic object
objdump: bar.o: Invalid operation
4. 顯示節信息: readelf -S和objdump -h
對於可重定位文件, objdump -h不能顯示.rel開頭的節和.shstrtab, .symtab, .strtab.
而readelf的顯示有一個.group節, 其內容爲節的group, 能夠用-g參數查看.
輸出以下:
[qtl@courier lib]$ readelf -S bar.o
There are 13 section headers, starting at offset 0x150:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .group GROUP 00000000 000034 000008 04 11 11 4
[ 2] .text PROGBITS 00000000 00003c 00005c 00 AX 0 0 4
[ 3] .rel.text REL 00000000 0004bc 000030 08 11 2 4
[ 4] .data PROGBITS 00000000 000098 000000 00 WA 0 0 4
[ 5] .bss NOBITS 00000000 000098 000000 00 WA 0 0 4
[ 6] .rodata PROGBITS 00000000 000098 00000e 00 A 0 0 1
[ 7] .comment PROGBITS 00000000 0000a6 00002e 00 0 0 1
[ 8] .text.__i686.get_ PROGBITS 00000000 0000d4 000004 00 AXG 0 0 1
[ 9] .note.GNU-stack PROGBITS 00000000 0000d8 000000 00 0 0 1
[10] .shstrtab STRTAB 00000000 0000d8 000075 00 0 0 1
[11] .symtab SYMTAB 00000000 000358 000110 10 12 10 4
[12] .strtab STRTAB 00000000 000468 000053 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[qtl@courier lib]$ objdump -h bar.o
bar.o: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 __i686.get_pc_thunk.bx 00000008 00000000 00000000 00000034 2**2
CONTENTS, READONLY, EXCLUDE, GROUP, LINK_ONCE_DISCARD
1 .text 0000005c 00000000 00000000 0000003c 2**2
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
2 .data 00000000 00000000 00000000 00000098 2**2
CONTENTS, ALLOC, LOAD, DATA
3 .bss 00000000 00000000 00000000 00000098 2**2
ALLOC
4 .rodata 0000000e 00000000 00000000 00000098 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .comment 0000002e 00000000 00000000 000000a6 2**0
CONTENTS, READONLY
6 .text.__i686.get_pc_thunk.bx 00000004 00000000 00000000 000000d4 2**0
CONTENTS, ALLOC, LOAD, READONLY, CODE
7 .note.GNU-stack 00000000 00000000 00000000 000000d8 2**0
CONTENTS, READONLY
對於共享庫, objdump -h仍然不能顯示.shstrtab, .symtab, .strtab三個節, 另外還有
一個區別在於readelf從一個NULL類型的節開始, 而objdump的輸出去掉了這個空的節.
[qtl@courier lib]$ readelf -S libfoobar.so
There are 27 section headers, starting at offset 0x8f0:
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .gnu.hash GNU_HASH 000000b4 0000b4 000048 04 A 2 0 4
[ 2] .dynsym DYNSYM 000000fc 0000fc 000110 10 A 3 1 4
[ 3] .dynstr STRTAB 0000020c 00020c 0000b3 00 A 0 0 1
[ 4] .gnu.version VERSYM 000002c0 0002c0 000022 02 A 2 0 2
[ 5] .gnu.version_r VERNEED 000002e4 0002e4 000050 00 A 3 2 4
[ 6] .rel.dyn REL 00000334 000334 000030 08 A 2 0 4
[ 7] .rel.plt REL 00000364 000364 000028 08 A 2 9 4
[ 8] .init PROGBITS 0000038c 00038c 000017 00 AX 0 0 4
[ 9] .plt PROGBITS 000003a4 0003a4 000060 04 AX 0 0 4
[10] .text PROGBITS 00000410 000410 0001a4 00 AX 0 0 16
[11] .fini PROGBITS 000005b4 0005b4 00001c 00 AX 0 0 4
[12] .rodata PROGBITS 000005d0 0005d0 00001d 00 A 0 0 1
[13] .eh_frame PROGBITS 000005f0 0005f0 000004 00 A 0 0 4
[14] .ctors PROGBITS 000015f4 0005f4 000008 00 WA 0 0 4
[15] .dtors PROGBITS 000015fc 0005fc 000008 00 WA 0 0 4
[16] .jcr PROGBITS 00001604 000604 000004 00 WA 0 0 4
[17] .data.rel.ro PROGBITS 00001608 000608 000004 00 WA 0 0 4
[18] .dynamic DYNAMIC 0000160c 00060c 0000c8 08 WA 3 0 4
[19] .got PROGBITS 000016d4 0006d4 000010 04 WA 0 0 4
[20] .got.plt PROGBITS 000016e4 0006e4 000020 04 WA 0 0 4
[21] .data PROGBITS 00001704 000704 000004 00 WA 0 0 4
[22] .bss NOBITS 00001708 000708 000010 00 WA 0 0 4
[23] .comment PROGBITS 00000000 000708 000114 00 0 0 1
[24] .shstrtab STRTAB 00000000 00081c 0000d2 00 0 0 1
[25] .symtab SYMTAB 00000000 000d28 0003d0 10 26 45 4
[26] .strtab STRTAB 00000000 0010f8 0001d7 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
[qtl@courier lib]$ objdump -h libfoobar.so
libfoobar.so: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 .gnu.hash 00000048 000000b4 000000b4 000000b4 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .dynsym 00000110 000000fc 000000fc 000000fc 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .dynstr 000000b3 0000020c 0000020c 0000020c 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .gnu.version 00000022 000002c0 000002c0 000002c0 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .gnu.version_r 00000050 000002e4 000002e4 000002e4 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .rel.dyn 00000030 00000334 00000334 00000334 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .rel.plt 00000028 00000364 00000364 00000364 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .init 00000017 0000038c 0000038c 0000038c 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
8 .plt 00000060 000003a4 000003a4 000003a4 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
9 .text 000001a4 00000410 00000410 00000410 2**4
CONTENTS, ALLOC, LOAD, READONLY, CODE
10 .fini 0000001c 000005b4 000005b4 000005b4 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .rodata 0000001d 000005d0 000005d0 000005d0 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
12 .eh_frame 00000004 000005f0 000005f0 000005f0 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
13 .ctors 00000008 000015f4 000015f4 000005f4 2**2
CONTENTS, ALLOC, LOAD, DATA
14 .dtors 00000008 000015fc 000015fc 000005fc 2**2
CONTENTS, ALLOC, LOAD, DATA
15 .jcr 00000004 00001604 00001604 00000604 2**2
CONTENTS, ALLOC, LOAD, DATA
16 .data.rel.ro 00000004 00001608 00001608 00000608 2**2
CONTENTS, ALLOC, LOAD, DATA
17 .dynamic 000000c8 0000160c 0000160c 0000060c 2**2
CONTENTS, ALLOC, LOAD, DATA
18 .got 00000010 000016d4 000016d4 000006d4 2**2
CONTENTS, ALLOC, LOAD, DATA
19 .got.plt 00000020 000016e4 000016e4 000006e4 2**2
CONTENTS, ALLOC, LOAD, DATA
20 .data 00000004 00001704 00001704 00000704 2**2
CONTENTS, ALLOC, LOAD, DATA
21 .bss 00000010 00001708 00001708 00000708 2**2
ALLOC
22 .comment 00000114 00000000 00000000 00000708 2**0
CONTENTS, READONLY
5. 顯示.dynamic節信息
只readelf -d有對應的功能, objdump沒有. 另外須要注意, 看重定位文件不須要動態
連接(加載), 因此沒有.dynamic節. 對於共享庫文件輸出以下:
[qtl@courier lib]$ readelf -d libfoobar.so
Dynamic section at offset 0x60c contains 21 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libm.so.6]
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x38c
0x0000000d (FINI) 0x5b4
0x6ffffef5 (GNU_HASH) 0xb4
0x00000005 (STRTAB) 0x20c
0x00000006 (SYMTAB) 0xfc
0x0000000a (STRSZ) 179 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000003 (PLTGOT) 0x16e4
0x00000002 (PLTRELSZ) 40 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x364
0x00000011 (REL) 0x334
0x00000012 (RELSZ) 48 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x2e4
0x6fffffff (VERNEEDNUM) 2
0x6ffffff0 (VERSYM) 0x2c0
0x6ffffffa (RELCOUNT) 2
0x00000000 (NULL) 0x0
6. 顯示程序段信息
第二個readelf支持而objdump沒有的功能. 命令參數爲readelf -l.
一樣, 對於可重定位文件而言沒有段. 這一點也能夠從ELF頭中看到, 命令爲readelf -h.
[qtl@courier lib]$ readelf -l libfoobar.so
Elf file type is DYN (Shared object file)
Entry point 0x410
There are 4 program headers, starting at offset 52
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x005f4 0x005f4 R E 0x1000
LOAD 0x0005f4 0x000015f4 0x000015f4 0x00114 0x00124 RW 0x1000
DYNAMIC 0x00060c 0x0000160c 0x0000160c 0x000c8 0x000c8 RW 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4
Section to Segment mapping:
Segment Sections...
00 .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn
.rel.plt .init .plt .text .fini .rodata .eh_frame
01 .ctors .dtors .jcr .data.rel.ro .dynamic .got .got.plt .data .bss
02 .dynamic
03
7. 以字節(HEX或字符)形式dump某節的內容
readelf -x <secname>
objdump -s
後者默認一次dump全部節的內容. 若是隻想dump某節的內容, 則用-j <secname>
參數指定. readelf一次只能dump某一節的內容. 二者輸出以下:
[qtl@courier lib]$ readelf -x .dynamic libfoobar.so
Hex dump of section '.dynamic':
0x0000160c 0000007b 00000001 00000071 00000001 ....q.......{...
0x0000161c 000005b4 0000000d 0000038c 0000000c ................
0x0000162c 0000020c 00000005 000000b4 6ffffef5 ...o............
0x0000163c 000000b3 0000000a 000000fc 00000006 ................
0x0000164c 000016e4 00000003 00000010 0000000b ................
0x0000165c 00000011 00000014 00000028 00000002 ....(...........
0x0000166c 00000334 00000011 00000364 00000017 ....d.......4...
0x0000167c 00000008 00000013 00000030 00000012 ....0...........
0x0000168c 00000002 6fffffff 000002e4 6ffffffe ...o.......o....
0x0000169c 00000002 6ffffffa 000002c0 6ffffff0 ...o.......o....
0x000016ac 00000000 00000000 00000000 00000000 ................
0x000016bc 00000000 00000000 00000000 00000000 ................
0x000016cc 00000000 00000000 ........
[qtl@courier lib]$ objdump -s -j .dynamic libfoobar.so
libfoobar.so: file format elf32-i386
Contents of section .dynamic:
160c 01000000 71000000 01000000 7b000000 ....q.......{...
161c 0c000000 8c030000 0d000000 b4050000 ................
162c f5feff6f b4000000 05000000 0c020000 ...o............
163c 06000000 fc000000 0a000000 b3000000 ................
164c 0b000000 10000000 03000000 e4160000 ................
165c 02000000 28000000 14000000 11000000 ....(...........
166c 17000000 64030000 11000000 34030000 ....d.......4...
167c 12000000 30000000 13000000 08000000 ....0...........
168c feffff6f e4020000 ffffff6f 02000000 ...o.......o....
169c f0ffff6f c0020000 faffff6f 02000000 ...o.......o....
16ac 00000000 00000000 00000000 00000000 ................
16bc 00000000 00000000 00000000 00000000 ................
16cc 00000000 00000000 ........
8. 查看ELF程序頭信息
readelf -h提供完整的信息, objdump -f只提供不多的信息.
9. 查看符號信息
readelf -s
objdump -t
兩個命令都提供相似nm的信息. 輸出以下:
[qtl@courier lib]$ readelf -s libfoobar.so
Symbol table '.dynsym' contains 17 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
2: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
3: 00000000 38 FUNC GLOBAL DEFAULT UND cos@GLIBC_2.0 (2)
4: 00000000 351 FUNC GLOBAL DEFAULT UND fwrite@GLIBC_2.0 (3)
5: 00000000 36 FUNC GLOBAL DEFAULT UND fprintf@GLIBC_2.0 (3)
6: 00000000 4 OBJECT GLOBAL DEFAULT UND stdout@GLIBC_2.0 (3)
7: 00000000 346 FUNC WEAK DEFAULT UND __cxa_finalize@GLIBC_2.1.3
(4)
8: 00000520 92 FUNC GLOBAL DEFAULT 10 bar
9: 000004dc 66 FUNC GLOBAL DEFAULT 10 foo
10: 00001718 0 NOTYPE GLOBAL DEFAULT ABS _end
11: 00001708 0 NOTYPE GLOBAL DEFAULT ABS _edata
12: 0000170c 4 OBJECT GLOBAL DEFAULT 22 foo_var
13: 00001708 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
14: 0000038c 0 FUNC GLOBAL DEFAULT 8 _init
15: 000005b4 0 FUNC GLOBAL DEFAULT 11 _fini
16: 00001710 8 OBJECT GLOBAL DEFAULT 22 bar_var
Symbol table '.symtab' contains 61 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 000000b4 0 SECTION LOCAL DEFAULT 1
2: 000000fc 0 SECTION LOCAL DEFAULT 2
3: 0000020c 0 SECTION LOCAL DEFAULT 3
4: 000002c0 0 SECTION LOCAL DEFAULT 4
5: 000002e4 0 SECTION LOCAL DEFAULT 5
6: 00000334 0 SECTION LOCAL DEFAULT 6
7: 00000364 0 SECTION LOCAL DEFAULT 7
8: 0000038c 0 SECTION LOCAL DEFAULT 8
9: 000003a4 0 SECTION LOCAL DEFAULT 9
10: 00000410 0 SECTION LOCAL DEFAULT 10
11: 000005b4 0 SECTION LOCAL DEFAULT 11
12: 000005d0 0 SECTION LOCAL DEFAULT 12
13: 000005f0 0 SECTION LOCAL DEFAULT 13
14: 000015f4 0 SECTION LOCAL DEFAULT 14
15: 000015fc 0 SECTION LOCAL DEFAULT 15
16: 00001604 0 SECTION LOCAL DEFAULT 16
17: 00001608 0 SECTION LOCAL DEFAULT 17
18: 0000160c 0 SECTION LOCAL DEFAULT 18
19: 000016d4 0 SECTION LOCAL DEFAULT 19
20: 000016e4 0 SECTION LOCAL DEFAULT 20
21: 00001704 0 SECTION LOCAL DEFAULT 21
22: 00001708 0 SECTION LOCAL DEFAULT 22
23: 00000000 0 SECTION LOCAL DEFAULT 23
24: 00000410 0 FUNC LOCAL DEFAULT 10 call_gmon_start
25: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
26: 000015f4 0 OBJECT LOCAL DEFAULT 14 __CTOR_LIST__
27: 000015fc 0 OBJECT LOCAL DEFAULT 15 __DTOR_LIST__
28: 00001604 0 OBJECT LOCAL DEFAULT 16 __JCR_LIST__
29: 00001708 1 OBJECT LOCAL DEFAULT 22 completed.5758
30: 00001704 0 OBJECT LOCAL DEFAULT 21 p.5756
31: 00000440 0 FUNC LOCAL DEFAULT 10 __do_global_dtors_aux
32: 000004a0 0 FUNC LOCAL DEFAULT 10 frame_dummy
33: 00000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
34: 000015f8 0 OBJECT LOCAL DEFAULT 14 __CTOR_END__
35: 00001600 0 OBJECT LOCAL DEFAULT 15 __DTOR_END__
36: 000005f0 0 OBJECT LOCAL DEFAULT 13 __FRAME_END__
37: 00001604 0 OBJECT LOCAL DEFAULT 16 __JCR_END__
38: 00000580 0 FUNC LOCAL DEFAULT 10 __do_global_ctors_aux
39: 00000000 0 FILE LOCAL DEFAULT ABS foo.c
40: 00000000 0 FILE LOCAL DEFAULT ABS bar.c
41: 000016e4 0 OBJECT LOCAL HIDDEN ABS _GLOBAL_OFFSET_TABLE_
42: 00001608 0 OBJECT LOCAL HIDDEN 17 __dso_handle
43: 000004d7 0 FUNC LOCAL HIDDEN 10 __i686.get_pc_thunk.bx
44: 0000160c 0 OBJECT LOCAL HIDDEN ABS _DYNAMIC
45: 00000520 92 FUNC GLOBAL DEFAULT 10 bar
46: 00000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__
47: 00000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses
48: 000005b4 0 FUNC GLOBAL DEFAULT 11 _fini
49: 0000170c 4 OBJECT GLOBAL DEFAULT 22 foo_var
50: 000004dc 66 FUNC GLOBAL DEFAULT 10 foo
51: 00000000 38 FUNC GLOBAL DEFAULT UND cos@@GLIBC_2.0
52: 00000000 351 FUNC GLOBAL DEFAULT UND fwrite@@GLIBC_2.0
53: 00000000 36 FUNC GLOBAL DEFAULT UND fprintf@@GLIBC_2.0
54: 00001708 0 NOTYPE GLOBAL DEFAULT ABS __bss_start
55: 00001718 0 NOTYPE GLOBAL DEFAULT ABS _end
56: 00000000 4 OBJECT GLOBAL DEFAULT UND stdout@@GLIBC_2.0
57: 00001710 8 OBJECT GLOBAL DEFAULT 22 bar_var
58: 00001708 0 NOTYPE GLOBAL DEFAULT ABS _edata
59: 00000000 346 FUNC WEAK DEFAULT UND __cxa_finalize@@GLIBC_2.1
60: 0000038c 0 FUNC GLOBAL DEFAULT 8 _init
[qtl@courier lib]$ objdump -t libfoobar.so
libfoobar.so: file format elf32-i386
SYMBOL TABLE:
000000b4 l d .gnu.hash 00000000 .gnu.hash
000000fc l d .dynsym 00000000 .dynsym
0000020c l d .dynstr 00000000 .dynstr
000002c0 l d .gnu.version 00000000 .gnu.version
000002e4 l d .gnu.version_r 00000000 .gnu.version_r
00000334 l d .rel.dyn 00000000 .rel.dyn
00000364 l d .rel.plt 00000000 .rel.plt
0000038c l d .init 00000000 .init
000003a4 l d .plt 00000000 .plt
00000410 l d .text 00000000 .text
000005b4 l d .fini 00000000 .fini
000005d0 l d .rodata 00000000 .rodata
000005f0 l d .eh_frame 00000000 .eh_frame
000015f4 l d .ctors 00000000 .ctors
000015fc l d .dtors 00000000 .dtors
00001604 l d .jcr 00000000 .jcr
00001608 l d .data.rel.ro 00000000 .data.rel.ro
0000160c l d .dynamic 00000000 .dynamic
000016d4 l d .got 00000000 .got
000016e4 l d .got.plt 00000000 .got.plt
00001704 l d .data 00000000 .data
00001708 l d .bss 00000000 .bss
00000000 l d .comment 00000000 .comment
00000410 l F .text 00000000 call_gmon_start
00000000 l df *ABS* 00000000 crtstuff.c
000015f4 l O .ctors 00000000 __CTOR_LIST__
000015fc l O .dtors 00000000 __DTOR_LIST__
00001604 l O .jcr 00000000 __JCR_LIST__
00001708 l O .bss 00000001 completed.5758
00001704 l O .data 00000000 p.5756
00000440 l F .text 00000000 __do_global_dtors_aux
000004a0 l F .text 00000000 frame_dummy
00000000 l df *ABS* 00000000 crtstuff.c
000015f8 l O .ctors 00000000 __CTOR_END__
00001600 l O .dtors 00000000 __DTOR_END__
000005f0 l O .eh_frame 00000000 __FRAME_END__
00001604 l O .jcr 00000000 __JCR_END__
00000580 l F .text 00000000 __do_global_ctors_aux
00000000 l df *ABS* 00000000 foo.c
00000000 l df *ABS* 00000000 bar.c
000016e4 l O *ABS* 00000000 .hidden _GLOBAL_OFFSET_TABLE_
00001608 l O .data.rel.ro 00000000 .hidden __dso_handle
000004d7 l F .text 00000000 .hidden __i686.get_pc_thunk.bx
0000160c l O *ABS* 00000000 .hidden _DYNAMIC
00000520 g F .text 0000005c bar
00000000 w *UND* 00000000 __gmon_start__
00000000 w *UND* 00000000 _Jv_RegisterClasses
000005b4 g F .fini 00000000 _fini
0000170c g O .bss 00000004 foo_var
000004dc g F .text 00000042 foo
00000000 F *UND* 00000026 cos@@GLIBC_2.0
00000000 F *UND* 0000015f fwrite@@GLIBC_2.0
00000000 F *UND* 00000024 fprintf@@GLIBC_2.0
00001708 g *ABS* 00000000 __bss_start
00001718 g *ABS* 00000000 _end
00000000 O *UND* 00000004 stdout@@GLIBC_2.0
00001710 g O .bss 00000008 bar_var
00001708 g *ABS* 00000000 _edata
00000000 w F *UND* 0000015a __cxa_finalize@@GLIBC_2.1.3
0000038c g F .init 00000000 _init
注意readelf同時顯示了.dynsym的信息, 而objdump實際上只顯示了.symtab部分的信息.
若是須要顯示動態部分的符號, 使用-T參數. 輸出以下:
[qtl@courier lib]$ objdump -T libfoobar.so
libfoobar.so: file format elf32-i386
DYNAMIC SYMBOL TABLE:
00000000 w D *UND* 00000000 __gmon_start__
00000000 w D *UND* 00000000 _Jv_RegisterClasses
00000000 DF *UND* 00000026 GLIBC_2.0 cos
00000000 DF *UND* 0000015f GLIBC_2.0 fwrite
00000000 DF *UND* 00000024 GLIBC_2.0 fprintf
00000000 DO *UND* 00000004 GLIBC_2.0 stdout
00000000 w DF *UND* 0000015a GLIBC_2.1.3 __cxa_finalize
00000520 g DF .text 0000005c Base bar
000004dc g DF .text 00000042 Base foo
00001718 g D *ABS* 00000000 Base _end
00001708 g D *ABS* 00000000 Base _edata
0000170c g DO .bss 00000004 Base foo_var
00001708 g D *ABS* 00000000 Base __bss_start
0000038c g DF .init 00000000 Base _init
000005b4 g DF .fini 00000000 Base _fini
00001710 g DO .bss 00000008 Base bar_var
對readelf同時使用-D -s參數無效. 對照手冊頁說明也沒弄清楚-D的主要用途,
在這裏可能由於-s已經可以都顯示了.
10. 一次所有
兩個命令都提供了一個參數, 指定多個其餘參數的集合一塊兒顯示, 但顯示內容略有不一樣.
readelf -a: -h -l -S -r -s -d -n -V
objdump -x: -a -f -h -p -r -t
相關文章
- 1. readelf nm objdump 命令詳解
- 2. objcopy/objdump/readelf等工具使用
- 3. 使用readelf和objdump解析目標文件
- 4. 常用的分析ELF文件的命令(readelf、objdump及od)
- 5. readelf
- 6. objdump
- 7. objdump -t
- 8. readelf 命令
- 9. objdump指令
- 10. objdump使用
- 更多相關文章...
- • PHP 類型比較 - PHP教程
- • XSL-FO 與 XSLT - XSL-FO 教程
- • Composer 安裝與使用
- • Java Agent入門實戰(一)-Instrumentation介紹與使用
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. readelf nm objdump 命令詳解
- 2. objcopy/objdump/readelf等工具使用
- 3. 使用readelf和objdump解析目標文件
- 4. 常用的分析ELF文件的命令(readelf、objdump及od)
- 5. readelf
- 6. objdump
- 7. objdump -t
- 8. readelf 命令
- 9. objdump指令
- 10. objdump使用