Friday, August 3, 2012

How to view contents (disassembly) of an object file or an exe in Linux?

Use objdump command:
$ objdump -tD fizzbuzz
Option t displays the symbol table info and D outputs the disassemble info of all sections in the binary file.

Example output (2 segments from a long output):
fizzbuzz:     file format elf32-i386

SYMBOL TABLE:
08048114 l d .interp 00000000
08048128 l d .note.ABI-tag 00000000
08048148 l d .hash 00000000
08048178 l d .dynsym 00000000
080481e8 l d .dynstr 00000000
08048262 l d .gnu.version 00000000
08048270 l d .gnu.version_r 00000000
08048290 l d .rel.dyn 00000000
08048298 l d .rel.plt 00000000
080482b8 l d .init 00000000
080482d0 l d .plt 00000000
08048320 l d .text 00000000
080485cc l d .fini 00000000
080485e8 l d .rodata 00000000
0804960c l d .eh_frame 00000000
08049610 l d .ctors 00000000
08049618 l d .dtors 00000000
08049620 l d .dynamic 00000000
...
Disassembly of section .dynsym:

08048178 <.dynsym>:
...
8048188: 4b dec %ebx
8048189: 00 00 add %al,(%eax)
804818b: 00 e0 add %ah,%al
804818d: 82 (bad)
804818e: 04 08 add $0x8,%al
8048190: 36 00 00 add %al,%ss:(%eax)
8048193: 00 22 add %ah,(%edx)
8048195: 00 00 add %al,(%eax)
8048197: 00 12 add %dl,(%edx)
8048199: 00 00 add %al,(%eax)
804819b: 00 f0 add %dh,%al
804819d: 82 (bad)
804819e: 04 08 add $0x8,%al
80481a0: 21 00 and %eax,(%eax)
80481a2: 00 00 add %al,(%eax)
80481a4: 22 00 and (%eax),%al
80481a6: 00 00 add %al,(%eax)

Wednesday, August 1, 2012

How to view the textual content of a binary file in linux?

Linux strings command displays the textual content in the binary file that is longer than 3 characters. (to change that default behaviour use the flag -n 0)
$ strings fizzbuzz
 Example result:
$ strings fizzbuzz
/lib/ld-linux.so.2
libc.so.6
printf
__deregister_frame_info
_IO_stdin_used
__libc_start_main
__register_frame_info
__gmon_start__
GLIBC_2.0
PTRh@
FizzBuzz
Fizz
Buzz
Ref: http://linux.die.net/man/1/strings