摘要:
内容、分配等表示每个片段的属性。CONTENTS表示文件中存在该段,但ELF中不存在BSS段。
一、首先看一下几个常用参数的基本含义:
objdump命令是Linux下的反汇编目标文件或者可执行文件的命令,它还有其他作用,下面以ELF格式可执行文件test为例详细介绍:
1、objdump -f test 显示test的文件头信息
2、objdump -d test 反汇编test中的需要执行指令的那些section
3、objdump -D test 与-d类似,但反汇编test中的所有section
4、objdump -h test 显示test的Section Header信息
5、objdump -x test 显示test的全部Header信息
6、objdump -s test 除了显示test的全部Header信息,还显示他们对应的十六进制文件代码
二、接着看一段程序:
int printf(const char*fromat,...); int global_init_var=84; intglobal_uninit_var; void func1(inti) { printf("%d ,i"); } intmain() { static int static_var=85; static intstatic_var2; int a=1; intb; func1(static_var+static_var2+a+b); returna; }
一、gcc -c SimpleSection.o
1、利用objdump -h命令将SimpleSection.o这个ELF文件的各个段基本信息打印出来,如下:
Sections:
Idx Name Size VMA LMA File off Algn
0 .text 0000004f0000000000000000000000000000000000000040 2**0
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .data 000000080000000000000000000000000000000000000090 2**2
CONTENTS, ALLOC, LOAD, DATA
2 .bss 000000040000000000000000000000000000000000000098 2**2
ALLOC
3 .rodata 000000060000000000000000000000000000000000000098 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .comment 0000002e000000000000000000000000000000000000009e 2**0
CONTENTS, READONLY
5 .note.GNU-stack 0000000000000000000000000000000000000000000000cc 2**0
CONTENTS, READONLY
6 .eh_frame 0000005800000000000000000000000000000000000000d0 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
Idx Name Size VMA LMA File off Algn
0 .text 0000004f0000000000000000000000000000000000000040 2**0
CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE
1 .data 000000080000000000000000000000000000000000000090 2**2
CONTENTS, ALLOC, LOAD, DATA
2 .bss 000000040000000000000000000000000000000000000098 2**2
ALLOC
3 .rodata 000000060000000000000000000000000000000000000098 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .comment 0000002e000000000000000000000000000000000000009e 2**0
CONTENTS, READONLY
5 .note.GNU-stack 0000000000000000000000000000000000000000000000cc 2**0
CONTENTS, READONLY
6 .eh_frame 0000005800000000000000000000000000000000000000d0 2**3
CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
除了基本的代码段、数据段(初始化的全局变量与局部静态变量)、BSS段(未初始化的全局变量和未初始化的局部静态变量)之外,还有之都数据段(.rodata),注释信息段(.comment),堆栈提示段(.note.GNU-stack),调试信息段(.eh_frame)。
其中Size表示该段的大小,File off表示段所在位置(距离ELF Header 00000000)的偏移。CONTENTS, ALLOC等表示各段的属性。CONTENTS表示该段在文件中存在,BSS段
其实在ELF中不存在内容。
2、利用objdump -x可以查看更多更详细的信息:(但是最详细的信息可以参见 readelf -a 命令)
SimpleSection.o: file format elf64-x86-64SimpleSection.o architecture: i386:x86-64, flags 0x00000011: HAS_RELOC, HAS_SYMS start address 0x0000000000000000 Sections: Idx Name Size VMA LMA File off Algn 0 .text 00000054 0000000000000000 0000000000000000 00000040 2**0CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE 1 .data 00000008 0000000000000000 0000000000000000 00000094 2**2CONTENTS, ALLOC, LOAD, DATA 2 .bss 00000004 0000000000000000 0000000000000000 0000009c 2**2ALLOC 3 .rodata 00000004 0000000000000000 0000000000000000 0000009c 2**0CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .comment 0000002e 0000000000000000 0000000000000000 000000a0 2**0CONTENTS, READONLY 5 .note.GNU-stack 00000000 0000000000000000 0000000000000000 000000ce 2**0CONTENTS, READONLY 6 .eh_frame 00000058 0000000000000000 0000000000000000 000000d0 2**3CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA SYMBOL TABLE: 0000000000000000 l df *ABS* 0000000000000000SimpleSection.c 0000000000000000 l d .text 0000000000000000.text 0000000000000000 l d .data 0000000000000000.data 0000000000000000 l d .bss 0000000000000000.bss 0000000000000000 l d .rodata 0000000000000000.rodata 0000000000000004 l O .data 0000000000000004 static_var.1730 0000000000000000 l O .bss 0000000000000004 static_var2.1731 0000000000000000 l d .note.GNU-stack 0000000000000000 .note.GNU-stack 0000000000000000 l d .eh_frame 0000000000000000.eh_frame 0000000000000000 l d .comment 0000000000000000.comment 0000000000000000 g O .data 0000000000000004global_init_var 0000000000000004 O *COM* 0000000000000004global_uninit_var 0000000000000000 g F .text 0000000000000021func1 0000000000000000 *UND* 0000000000000000printf 0000000000000021 g F .text 0000000000000033main RELOCATION RECORDS FOR [.text]: OFFSET TYPE VALUE 0000000000000011R_X86_64_32 .rodata 000000000000001b R_X86_64_PC32 printf-0x0000000000000004 0000000000000032R_X86_64_PC32 .data 0000000000000038 R_X86_64_PC32 .bss-0x0000000000000004000000000000004b R_X86_64_PC32 func1-0x0000000000000004 RELOCATION RECORDS FOR [.eh_frame]: OFFSET TYPE VALUE 0000000000000020R_X86_64_PC32 .text 0000000000000040 R_X86_64_PC32 .text+0x0000000000000021
二、gcc -g -c SimpleSection -o SimpleSection.o
增加了调试信息:
那么objdump -hSimpleSection.o 会多出很多调试信息段。
SimpleSection.o: file format elf64-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .text 00000054 0000000000000000 0000000000000000 00000040 2**0CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE 1 .data 00000008 0000000000000000 0000000000000000 00000094 2**2CONTENTS, ALLOC, LOAD, DATA 2 .bss 00000004 0000000000000000 0000000000000000 0000009c 2**2ALLOC 3 .rodata 00000004 0000000000000000 0000000000000000 0000009c 2**0CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .debug_info 000000ed 0000000000000000 0000000000000000 000000a0 2**0CONTENTS, RELOC, READONLY, DEBUGGING 5 .debug_abbrev 00000091 0000000000000000 0000000000000000 0000018d 2**0CONTENTS, READONLY, DEBUGGING 6 .debug_aranges 00000030 0000000000000000 0000000000000000 0000021e 2**0CONTENTS, RELOC, READONLY, DEBUGGING 7 .debug_line 0000004a 0000000000000000 0000000000000000 0000024e 2**0CONTENTS, RELOC, READONLY, DEBUGGING 8 .debug_str 000000ac 0000000000000000 0000000000000000 00000298 2**0CONTENTS, READONLY, DEBUGGING 9 .comment 0000002e 0000000000000000 0000000000000000 00000344 2**0CONTENTS, READONLY 10 .note.GNU-stack 00000000 0000000000000000 0000000000000000 00000372 2**0CONTENTS, READONLY 11 .eh_frame 00000058 0000000000000000 0000000000000000 00000378 2**3CONTENTS, ALLOC, LOAD, RELOC, READONLY, DATA
我们可以用 strip 命令去除调试信息,在发布版本。