How to use the command objdump (with examples)

How to use the command objdump (with examples)

Objdump is a command-line tool that allows users to display information about object files. It can be used to examine the contents of binary executables, libraries, and shared objects. Objdump provides various options to retrieve different information from object files, such as file header, section headers, disassembled output, and binary hex dump.

Use case 1: Display the file header information

Code:

objdump -f binary

Motivation:

This use case is helpful when you want to quickly retrieve the file header information of a binary file. The file header contains essential details about the binary file, such as the architecture, format, entry point address, and section headers’ offset.

Explanation:

  • objdump: The command itself.
  • -f: Specifies the format of the output.
  • binary: The name or path of the binary file to analyze.

Example output:

file format <format>
architecture <architecture>
entry point <entry-point-address>
...

Use case 2: Display all header information

Code:

objdump -x binary

Motivation:

This use case is useful when you want to retrieve detailed information about all headers present in a binary file. It provides a comprehensive overview of the binary file, including the file header, section headers, program headers, symbol table, and relocation information.

Explanation:

  • objdump: The command itself.
  • -x: Displays all header information.
  • binary: The name or path of the binary file to analyze.

Example output:

...

Use case 3: Display the disassembled output of executable sections

Code:

objdump -d binary

Motivation:

This use case is valuable when you need to understand the assembly code of the executable sections in a binary file. It disassembles the machine instructions and presents them in a human-readable format, allowing developers and reverse engineers to analyze and understand the inner workings of the program.

Explanation:

  • objdump: The command itself.
  • -d: Disassembles the executable sections.
  • binary: The name or path of the binary file to analyze.

Example output:

...

Disassembly of section .text:

0000000000000000 <_start>:
   0: 48 c7 c0 01 00 00 00    mov    $0x1,%rax
   7: 48 8d 35 5d 00 00 00    lea    0x5d(%rip),%rsi        # 69 <_start+0x69>
   e: 48 8d 3d 66 00 00 00    lea    0x66(%rip),%rdi        # 79 <_start+0x79>
...

Use case 4: Display the disassembled executable sections in intel syntax

Code:

objdump -M intel -d binary

Motivation:

This use case is useful when you prefer to view the disassembled executable sections in Intel syntax instead of the default AT&T syntax. The Intel syntax is generally more readable and commonly used by developers, especially those who are used to programming in assembly language targeting Intel processors.

Explanation:

  • objdump: The command itself.
  • -M intel: Specifies to use Intel syntax for disassembly.
  • -d: Disassembles the executable sections.
  • binary: The name or path of the binary file to analyze.

Example output:

...

Disassembly of section .text:

0000000000000000 <_start>:
   0: b8 01 00 00 00          mov    eax,0x1
   5: 48 8d 35 00 00 00 00    lea    rsi,[rip+0x0]        # 0xb
   c: 48 8d 3d 00 00 00 00    lea    rdi,[rip+0x0]        # 0x13
...

Use case 5: Display a complete binary hex dump of all sections

Code:

objdump -s binary

Motivation:

This use case is beneficial when you need to inspect the complete binary hex dump of all sections in a binary file. It provides a detailed visual representation of the file’s contents, showing the hexadecimal values of each byte in all sections. This can be helpful for analyzing the file structure, identifying patterns, or investigating potential data corruption.

Explanation:

  • objdump: The command itself.
  • -s: Shows a complete binary hex dump.
  • binary: The name or path of the binary file to analyze.

Example output:

...

Contents of section .text:
 0000 486303          .Hc.
 0003 6901c3          i..
 0006 0100b8          ....
 0009 5d8d           ]..

...

Conclusion:

The objdump command is a versatile tool for analyzing object files. It provides multiple options to retrieve different types of information, such as file headers, section headers, disassembled output, and binary hex dumps. By understanding these different use cases, you can effectively inspect and debug binary files, gaining deeper insights into their internal structures and behaviors.

Tags :

Related Posts

Using mitmweb Command (with examples)

Using mitmweb Command (with examples)

Introduction Mitmweb is a powerful tool for intercepting and inspecting web traffic through a man-in-the-middle HTTP proxy.

Read More
How to use the command 'btrfs device' (with examples)

How to use the command 'btrfs device' (with examples)

This article provides examples of using the ‘btrfs device’ command, which is used to manage devices in a btrfs filesystem.

Read More
How to use the command ln (with examples)

How to use the command ln (with examples)

The ln command is used to create links to files and directories.

Read More