目标文件格式分析工具: ar,nm,objdump,objcopy,readelf 之(nm,objdump,readelf篇)-白红宇

目标文件格式分析工具: ar,nm,objdump,objcopy,readelf 之(nm,objdump,readelf篇)

阅读量：5061 次

发布时间：2019-06-12

本文共 31075 字，大约阅读时间需要 103 分钟。

：列出目标文件中的符号。

：显示目标文件中的详细信息。

：显示关于 ELF 目标文件的信息。

参考

清单 1. hw.c 程序

#include 
        
         int main(void){  printf("Hello World!\n");  return 0;}

编译

cc hw.c

汇编输出

cc -S hw.c

这个命令生成了一个新的文件 hw.s，其中包含您通常无法看到的汇编输入文本，因为编译器在缺省情况下将生成 a.out 文件。正如所预期的，UNIX 汇编程序可以对这种输入文件进行汇编，以生成 a.out 文件。

清单 2. nm 命令的输出

nm a.out  08049f20 d _DYNAMIC08049ff4 d _GLOBAL_OFFSET_TABLE_080484bc R _IO_stdin_used         w _Jv_RegisterClasses08049f10 d __CTOR_END__08049f0c d __CTOR_LIST__08049f18 D __DTOR_END__08049f14 d __DTOR_LIST__080484d0 r __FRAME_END__08049f1c d __JCR_END__08049f1c d __JCR_LIST__0804a014 A __bss_start0804a00c D __data_start08048470 t __do_global_ctors_aux08048360 t __do_global_dtors_aux0804a010 D __dso_handle         w __gmon_start__0804846a T __i686.get_pc_thunk.bx08049f0c d __init_array_end08049f0c d __init_array_start08048400 T __libc_csu_fini08048410 T __libc_csu_init         U __libc_start_main@@GLIBC_2.00804a014 A _edata0804a01c A _end0804849c T _fini080484b8 R _fp_hw080482b8 T _init08048330 T _start0804a014 b completed.70210804a00c W data_start0804a018 b dtor_idx.7023080483c0 t frame_dummy080483e4 T main         U puts@@GLIBC_2.0

这些包含可执行代码的段称为正文段。同样地，数据段包含了不可执行的信息或数据。另一种类型的段，称为 BSS 段，它包含以符号数据开头的块。

对于 nm 命令列出的每个符号，它们的值使用十六进制来表示（缺省行为），并且在该符号前面加上了一个表示符号类型的编码字符。常见的各种编码包括：A 表示绝对 (absolute)，这意味着不能将该值更改为其他的连接；B 表示 BSS 段中的符号；而 C 表示引用未初始化的数据的一般符号。详解下表

符号类型	说明
A	该符号的值是绝对的，在以后的链接过程中，不允许进行改变。这样的符号值，常常出现在中断向量表中，例如用符号来表示各个中断向量函数在中断向量表中的位置。
B	该符号的值出现在非初始化数据段(bss)中。例如，在一个文件中定义全局static int test。则该符号test的类型为b，位于bss section中。其值表示该符号在bss段中的偏移。一般而言，bss段分配于RAM中
C	该符号为common。common symbol是未初始话数据段。该符号没有包含于一个普通section中。只有在链接过程中才进行分配。符号的值表示该符号需要的字节数。例如在一个c文件中，定义int test，并且该符号在别的地方会被引用，则该符号类型即为C。否则其类型为B。
D	该符号位于初始话数据段中。一般来说，分配到data section中。例如定义全局int baud_table[5] = {9600, 19200, 38400, 57600, 115200}，则会分配于初始化数据段中。
G	该符号也位于初始化数据段中。主要用于small object提高访问small data object的一种方式。
I	该符号是对另一个符号的间接引用。
N	该符号是一个debugging符号。
R	该符号位于只读数据区。例如定义全局const int test[] = {123, 123};则test就是一个只读数据区的符号。注意在cygwin下如果使用gcc直接编译成MZ格式时，源文件中的test对应_test，并且其符号类型为D，即初始化数据段中。但是如果使用m6812-elf-gcc这样的交叉编译工具，源文件中的test对应目标文件的test,即没有添加下划线，并且其符号类型为R。一般而言，位于rodata section。值得注意的是，如果在一个函数中定义const char *test = “abc”, const char test_int = 3。使用nm都不会得到符号信息，但是字符串“abc”分配于只读存储器中，test在rodata section中，大小为4。
S	符号位于非初始化数据区，用于small object。
T	该符号位于代码区text section。
U	该符号在当前文件中是未定义的，即该符号的定义在别的文件中。例如，当前文件调用另一个文件中定义的函数，在这个被调用的函数在当前就是未定义的；但是在定义它的文件中类型是T。但是对于全局变量来说，在定义它的文件中，其符号类型为C，在使用它的文件中，其类型为U。
V	该符号是一个weak object。
W	The symbol is a weak symbol that has not been specifically tagged as a weak object symbol.
-	该符号是a.out格式文件中的stabs symbol。
?	该符号类型没有定义

完

objdump 查看汇编输出

 objdump -d ./a.out ./a.out:     file format elf32-i386Disassembly of section .init:080482b8 <_init>: 80482b8:    55                       push   %ebp 80482b9:    89 e5                    mov    %esp,%ebp 80482bb:    53                       push   %ebx 80482bc:    83 ec 04                 sub    $0x4,%esp 80482bf:    e8 00 00 00 00           call   80482c4 <_init+0xc> 80482c4:    5b                       pop    %ebx 80482c5:    81 c3 30 1d 00 00        add    $0x1d30,%ebx 80482cb:    8b 93 fc ff ff ff        mov    -0x4(%ebx),%edx 80482d1:    85 d2                    test   %edx,%edx 80482d3:    74 05                    je     80482da <_init+0x22> 80482d5:    e8 1e 00 00 00           call   80482f8 <__gmon_start__@plt> 80482da:    e8 e1 00 00 00           call   80483c0 
     
       80482df:    e8 8c 01 00 00           call   8048470 <__do_global_ctors_aux> 80482e4:    58                       pop    %eax 80482e5:    5b                       pop    %ebx 80482e6:    c9                       leave   80482e7:    c3                       ret    Disassembly of section .plt:080482e8 <__gmon_start__@plt-0x10>: 80482e8:    ff 35 f8 9f 04 08        pushl  0x8049ff8 80482ee:    ff 25 fc 9f 04 08        jmp    *0x8049ffc 80482f4:    00 00                    add    %al,(%eax)    ...080482f8 <__gmon_start__@plt>: 80482f8:    ff 25 00 a0 04 08        jmp    *0x804a000 80482fe:    68 00 00 00 00           push   $0x0 8048303:    e9 e0 ff ff ff           jmp    80482e8 <_init+0x30>08048308 <__libc_start_main@plt>: 8048308:    ff 25 04 a0 04 08        jmp    *0x804a004 804830e:    68 08 00 00 00           push   $0x8 8048313:    e9 d0 ff ff ff           jmp    80482e8 <_init+0x30>08048318 
      
       : 8048318:    ff 25 08 a0 04 08        jmp    *0x804a008 804831e:    68 10 00 00 00           push   $0x10 8048323:    e9 c0 ff ff ff           jmp    80482e8 <_init+0x30>Disassembly of section .text:08048330 <_start>: 8048330:    31 ed                    xor    %ebp,%ebp 8048332:    5e                       pop    %esi 8048333:    89 e1                    mov    %esp,%ecx 8048335:    83 e4 f0                 and    $0xfffffff0,%esp 8048338:    50                       push   %eax 8048339:    54                       push   %esp 804833a:    52                       push   %edx 804833b:    68 00 84 04 08           push   $0x8048400 8048340:    68 10 84 04 08           push   $0x8048410 8048345:    51                       push   %ecx 8048346:    56                       push   %esi 8048347:    68 e4 83 04 08           push   $0x80483e4 804834c:    e8 b7 ff ff ff           call   8048308 <__libc_start_main@plt> 8048351:    f4                       hlt     8048352:    90                       nop 8048353:    90                       nop 8048354:    90                       nop 8048355:    90                       nop 8048356:    90                       nop 8048357:    90                       nop 8048358:    90                       nop 8048359:    90                       nop 804835a:    90                       nop 804835b:    90                       nop 804835c:    90                       nop 804835d:    90                       nop 804835e:    90                       nop 804835f:    90                       nop08048360 <__do_global_dtors_aux>: 8048360:    55                       push   %ebp 8048361:    89 e5                    mov    %esp,%ebp 8048363:    53                       push   %ebx 8048364:    83 ec 04                 sub    $0x4,%esp 8048367:    80 3d 14 a0 04 08 00     cmpb   $0x0,0x804a014 804836e:    75 3f                    jne    80483af <__do_global_dtors_aux+0x4f> 8048370:    a1 18 a0 04 08           mov    0x804a018,%eax 8048375:    bb 18 9f 04 08           mov    $0x8049f18,%ebx 804837a:    81 eb 14 9f 04 08        sub    $0x8049f14,%ebx 8048380:    c1 fb 02                 sar    $0x2,%ebx 8048383:    83 eb 01                 sub    $0x1,%ebx 8048386:    39 d8                    cmp    %ebx,%eax 8048388:    73 1e                    jae    80483a8 <__do_global_dtors_aux+0x48> 804838a:    8d b6 00 00 00 00        lea    0x0(%esi),%esi 8048390:    83 c0 01                 add    $0x1,%eax 8048393:    a3 18 a0 04 08           mov    %eax,0x804a018 8048398:    ff 14 85 14 9f 04 08     call   *0x8049f14(,%eax,4) 804839f:    a1 18 a0 04 08           mov    0x804a018,%eax 80483a4:    39 d8                    cmp    %ebx,%eax 80483a6:    72 e8                    jb     8048390 <__do_global_dtors_aux+0x30> 80483a8:    c6 05 14 a0 04 08 01     movb   $0x1,0x804a014 80483af:    83 c4 04                 add    $0x4,%esp 80483b2:    5b                       pop    %ebx 80483b3:    5d                       pop    %ebp 80483b4:    c3                       ret     80483b5:    8d 74 26 00              lea    0x0(%esi,%eiz,1),%esi 80483b9:    8d bc 27 00 00 00 00     lea    0x0(%edi,%eiz,1),%edi080483c0 
       
        : 80483c0:    55                       push   %ebp 80483c1:    89 e5                    mov    %esp,%ebp 80483c3:    83 ec 18                 sub    $0x18,%esp 80483c6:    a1 1c 9f 04 08           mov    0x8049f1c,%eax 80483cb:    85 c0                    test   %eax,%eax 80483cd:    74 12                    je     80483e1 
        
          80483cf:    b8 00 00 00 00           mov    $0x0,%eax 80483d4:    85 c0                    test   %eax,%eax 80483d6:    74 09                    je     80483e1 
         
           80483d8:    c7 04 24 1c 9f 04 08     movl   $0x8049f1c,(%esp) 80483df:    ff d0                    call   *%eax 80483e1:    c9                       leave   80483e2:    c3                       ret     80483e3:    90                       nop080483e4 
          
           : 80483e4: 55 push %ebp 80483e5: 89 e5 mov %esp,%ebp 80483e7: 83 e4 f0 and $0xfffffff0,%esp 80483ea: 83 ec 10 sub $0x10,%esp 80483ed: c7 04 24 c0 84 04 08 movl $0x80484c0,(%esp) 80483f4: e8 1f ff ff ff call 8048318 
           
             80483f9: b8 00 00 00 00 mov $0x0,%eax 80483fe: c9 leave 80483ff: c3 ret 08048400 <__libc_csu_fini>: 8048400: 55 push %ebp 8048401: 89 e5 mov %esp,%ebp 8048403: 5d pop %ebp 8048404: c3 ret 8048405: 8d 74 26 00 lea 0x0(%esi,%eiz,1),%esi 8048409: 8d bc 27 00 00 00 00 lea 0x0(%edi,%eiz,1),%edi08048410 <__libc_csu_init>: 8048410: 55 push %ebp 8048411: 89 e5 mov %esp,%ebp 8048413: 57 push %edi 8048414: 56 push %esi 8048415: 53 push %ebx 8048416: e8 4f 00 00 00 call 804846a <__i686.get_pc_thunk.bx> 804841b: 81 c3 d9 1b 00 00 add $0x1bd9,%ebx 8048421: 83 ec 1c sub $0x1c,%esp 8048424: e8 8f fe ff ff call 80482b8 <_init> 8048429: 8d bb 18 ff ff ff lea -0xe8(%ebx),%edi 804842f: 8d 83 18 ff ff ff lea -0xe8(%ebx),%eax 8048435: 29 c7 sub %eax,%edi 8048437: c1 ff 02 sar $0x2,%edi 804843a: 85 ff test %edi,%edi 804843c: 74 24 je 8048462 <__libc_csu_init+0x52> 804843e: 31 f6 xor %esi,%esi 8048440: 8b 45 10 mov 0x10(%ebp),%eax 8048443: 89 44 24 08 mov %eax,0x8(%esp) 8048447: 8b 45 0c mov 0xc(%ebp),%eax 804844a: 89 44 24 04 mov %eax,0x4(%esp) 804844e: 8b 45 08 mov 0x8(%ebp),%eax 8048451: 89 04 24 mov %eax,(%esp) 8048454: ff 94 b3 18 ff ff ff call *-0xe8(%ebx,%esi,4) 804845b: 83 c6 01 add $0x1,%esi 804845e: 39 fe cmp %edi,%esi 8048460: 72 de jb 8048440 <__libc_csu_init+0x30> 8048462: 83 c4 1c add $0x1c,%esp 8048465: 5b pop %ebx 8048466: 5e pop %esi 8048467: 5f pop %edi 8048468: 5d pop %ebp 8048469: c3 ret 0804846a <__i686.get_pc_thunk.bx>: 804846a: 8b 1c 24 mov (%esp),%ebx 804846d: c3 ret 804846e: 90 nop 804846f: 90 nop08048470 <__do_global_ctors_aux>: 8048470: 55 push %ebp 8048471: 89 e5 mov %esp,%ebp 8048473: 53 push %ebx 8048474: 83 ec 04 sub $0x4,%esp 8048477: a1 0c 9f 04 08 mov 0x8049f0c,%eax 804847c: 83 f8 ff cmp $0xffffffff,%eax 804847f: 74 13 je 8048494 <__do_global_ctors_aux+0x24> 8048481: bb 0c 9f 04 08 mov $0x8049f0c,%ebx 8048486: 66 90 xchg %ax,%ax 8048488: 83 eb 04 sub $0x4,%ebx 804848b: ff d0 call *%eax 804848d: 8b 03 mov (%ebx),%eax 804848f: 83 f8 ff cmp $0xffffffff,%eax 8048492: 75 f4 jne 8048488 <__do_global_ctors_aux+0x18> 8048494: 83 c4 04 add $0x4,%esp 8048497: 5b pop %ebx 8048498: 5d pop %ebp 8048499: c3 ret 804849a: 90 nop 804849b: 90 nopDisassembly of section .fini:0804849c <_fini>: 804849c: 55 push %ebp 804849d: 89 e5 mov %esp,%ebp 804849f: 53 push %ebx 80484a0: 83 ec 04 sub $0x4,%esp 80484a3: e8 00 00 00 00 call 80484a8 <_fini+0xc> 80484a8: 5b pop %ebx 80484a9: 81 c3 4c 1b 00 00 add $0x1b4c,%ebx 80484af: e8 ac fe ff ff call 8048360 <__do_global_dtors_aux> 80484b4: 59 pop %ecx 80484b5: 5b pop %ebx 80484b6: c9 leave 80484b7: c3 ret

完

readelf 查看调试信息输出

readelf -all ./a.out ELF Header:  Magic:   7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00   Class:                             ELF32  Data:                              2's complement, little endian  Version:                           1 (current)  OS/ABI:                            UNIX - System V  ABI Version:                       0  Type:                              EXEC (Executable file)  Machine:                           Intel 80386  Version:                           0x1  Entry point address:               0x8048330  Start of program headers:          52 (bytes into file)  Start of section headers:          4428 (bytes into file)  Flags:                             0x0  Size of this header:               52 (bytes)  Size of program headers:           32 (bytes)  Number of program headers:         8  Size of section headers:           40 (bytes)  Number of section headers:         30  Section header string table index: 27Section Headers:  [Nr] Name              Type            Addr     Off    Size   ES Flg Lk Inf Al  [ 0]                   NULL            00000000 000000 000000 00      0   0  0  [ 1] .interp           PROGBITS        08048134 000134 000013 00   A  0   0  1  [ 2] .note.ABI-tag     NOTE            08048148 000148 000020 00   A  0   0  4  [ 3] .note.gnu.build-i NOTE            08048168 000168 000024 00   A  0   0  4  [ 4] .hash             HASH            0804818c 00018c 000028 04   A  6   0  4  [ 5] .gnu.hash         GNU_HASH        080481b4 0001b4 000020 04   A  6   0  4  [ 6] .dynsym           DYNSYM          080481d4 0001d4 000050 10   A  7   1  4  [ 7] .dynstr           STRTAB          08048224 000224 00004a 00   A  0   0  1  [ 8] .gnu.version      VERSYM          0804826e 00026e 00000a 02   A  6   0  2  [ 9] .gnu.version_r    VERNEED         08048278 000278 000020 00   A  7   1  4  [10] .rel.dyn          REL             08048298 000298 000008 08   A  6   0  4  [11] .rel.plt          REL             080482a0 0002a0 000018 08   A  6  13  4  [12] .init             PROGBITS        080482b8 0002b8 000030 00  AX  0   0  4  [13] .plt              PROGBITS        080482e8 0002e8 000040 04  AX  0   0  4  [14] .text             PROGBITS        08048330 000330 00016c 00  AX  0   0 16  [15] .fini             PROGBITS        0804849c 00049c 00001c 00  AX  0   0  4  [16] .rodata           PROGBITS        080484b8 0004b8 000015 00   A  0   0  4  [17] .eh_frame         PROGBITS        080484d0 0004d0 000004 00   A  0   0  4  [18] .ctors            PROGBITS        08049f0c 000f0c 000008 00  WA  0   0  4  [19] .dtors            PROGBITS        08049f14 000f14 000008 00  WA  0   0  4  [20] .jcr              PROGBITS        08049f1c 000f1c 000004 00  WA  0   0  4  [21] .dynamic          DYNAMIC         08049f20 000f20 0000d0 08  WA  7   0  4  [22] .got              PROGBITS        08049ff0 000ff0 000004 04  WA  0   0  4  [23] .got.plt          PROGBITS        08049ff4 000ff4 000018 04  WA  0   0  4  [24] .data             PROGBITS        0804a00c 00100c 000008 00  WA  0   0  4  [25] .bss              NOBITS          0804a014 001014 000008 00  WA  0   0  4  [26] .comment          PROGBITS        00000000 001014 000048 01  MS  0   0  1  [27] .shstrtab         STRTAB          00000000 00105c 0000ee 00      0   0  1  [28] .symtab           SYMTAB          00000000 0015fc 000410 10     29  45  4  [29] .strtab           STRTAB          00000000 001a0c 0001fa 00      0   0  1Key to Flags:  W (write), A (alloc), X (execute), M (merge), S (strings)  I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)  O (extra OS processing required) o (OS specific), p (processor specific)There are no section groups in this file.Program Headers:  Type           Offset   VirtAddr   PhysAddr   FileSiz MemSiz  Flg Align  PHDR           0x000034 0x08048034 0x08048034 0x00100 0x00100 R E 0x4  INTERP         0x000134 0x08048134 0x08048134 0x00013 0x00013 R   0x1      [Requesting program interpreter: /lib/ld-linux.so.2]  LOAD           0x000000 0x08048000 0x08048000 0x004d4 0x004d4 R E 0x1000  LOAD           0x000f0c 0x08049f0c 0x08049f0c 0x00108 0x00110 RW  0x1000  DYNAMIC        0x000f20 0x08049f20 0x08049f20 0x000d0 0x000d0 RW  0x4  NOTE           0x000148 0x08048148 0x08048148 0x00044 0x00044 R   0x4  GNU_STACK      0x000000 0x00000000 0x00000000 0x00000 0x00000 RW  0x4  GNU_RELRO      0x000f0c 0x08049f0c 0x08049f0c 0x000f4 0x000f4 R   0x1 Section to Segment mapping:  Segment Sections...   00        01     .interp    02     .interp .note.ABI-tag .note.gnu.build-id .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame    03     .ctors .dtors .jcr .dynamic .got .got.plt .data .bss    04     .dynamic    05     .note.ABI-tag .note.gnu.build-id    06        07     .ctors .dtors .jcr .dynamic .got Dynamic section at offset 0xf20 contains 21 entries:  Tag        Type                         Name/Value 0x00000001 (NEEDED)                     Shared library: [libc.so.6] 0x0000000c (INIT)                       0x80482b8 0x0000000d (FINI)                       0x804849c 0x00000004 (HASH)                       0x804818c 0x6ffffef5 (GNU_HASH)                   0x80481b4 0x00000005 (STRTAB)                     0x8048224 0x00000006 (SYMTAB)                     0x80481d4 0x0000000a (STRSZ)                      74 (bytes) 0x0000000b (SYMENT)                     16 (bytes) 0x00000015 (DEBUG)                      0x0 0x00000003 (PLTGOT)                     0x8049ff4 0x00000002 (PLTRELSZ)                   24 (bytes) 0x00000014 (PLTREL)                     REL 0x00000017 (JMPREL)                     0x80482a0 0x00000011 (REL)                        0x8048298 0x00000012 (RELSZ)                      8 (bytes) 0x00000013 (RELENT)                     8 (bytes) 0x6ffffffe (VERNEED)                    0x8048278 0x6fffffff (VERNEEDNUM)                 1 0x6ffffff0 (VERSYM)                     0x804826e 0x00000000 (NULL)                       0x0Relocation section '.rel.dyn' at offset 0x298 contains 1 entries: Offset     Info    Type            Sym.Value  Sym. Name08049ff0  00000106 R_386_GLOB_DAT    00000000   __gmon_start__Relocation section '.rel.plt' at offset 0x2a0 contains 3 entries: Offset     Info    Type            Sym.Value  Sym. Name0804a000  00000107 R_386_JUMP_SLOT   00000000   __gmon_start__0804a004  00000207 R_386_JUMP_SLOT   00000000   __libc_start_main0804a008  00000307 R_386_JUMP_SLOT   00000000   putsThere are no unwind sections in this file.Symbol table '.dynsym' contains 5 entries:   Num:    Value  Size Type    Bind   Vis      Ndx Name     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND      1: 00000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__     2: 00000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.0 (2)     3: 00000000     0 FUNC    GLOBAL DEFAULT  UND puts@GLIBC_2.0 (2)     4: 080484bc     4 OBJECT  GLOBAL DEFAULT   16 _IO_stdin_usedSymbol table '.symtab' contains 65 entries:   Num:    Value  Size Type    Bind   Vis      Ndx Name     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND      1: 08048134     0 SECTION LOCAL  DEFAULT    1      2: 08048148     0 SECTION LOCAL  DEFAULT    2      3: 08048168     0 SECTION LOCAL  DEFAULT    3      4: 0804818c     0 SECTION LOCAL  DEFAULT    4      5: 080481b4     0 SECTION LOCAL  DEFAULT    5      6: 080481d4     0 SECTION LOCAL  DEFAULT    6      7: 08048224     0 SECTION LOCAL  DEFAULT    7      8: 0804826e     0 SECTION LOCAL  DEFAULT    8      9: 08048278     0 SECTION LOCAL  DEFAULT    9     10: 08048298     0 SECTION LOCAL  DEFAULT   10     11: 080482a0     0 SECTION LOCAL  DEFAULT   11     12: 080482b8     0 SECTION LOCAL  DEFAULT   12     13: 080482e8     0 SECTION LOCAL  DEFAULT   13     14: 08048330     0 SECTION LOCAL  DEFAULT   14     15: 0804849c     0 SECTION LOCAL  DEFAULT   15     16: 080484b8     0 SECTION LOCAL  DEFAULT   16     17: 080484d0     0 SECTION LOCAL  DEFAULT   17     18: 08049f0c     0 SECTION LOCAL  DEFAULT   18     19: 08049f14     0 SECTION LOCAL  DEFAULT   19     20: 08049f1c     0 SECTION LOCAL  DEFAULT   20     21: 08049f20     0 SECTION LOCAL  DEFAULT   21     22: 08049ff0     0 SECTION LOCAL  DEFAULT   22     23: 08049ff4     0 SECTION LOCAL  DEFAULT   23     24: 0804a00c     0 SECTION LOCAL  DEFAULT   24     25: 0804a014     0 SECTION LOCAL  DEFAULT   25     26: 00000000     0 SECTION LOCAL  DEFAULT   26     27: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c    28: 08049f0c     0 OBJECT  LOCAL  DEFAULT   18 __CTOR_LIST__    29: 08049f14     0 OBJECT  LOCAL  DEFAULT   19 __DTOR_LIST__    30: 08049f1c     0 OBJECT  LOCAL  DEFAULT   20 __JCR_LIST__    31: 08048360     0 FUNC    LOCAL  DEFAULT   14 __do_global_dtors_aux    32: 0804a014     1 OBJECT  LOCAL  DEFAULT   25 completed.7021    33: 0804a018     4 OBJECT  LOCAL  DEFAULT   25 dtor_idx.7023    34: 080483c0     0 FUNC    LOCAL  DEFAULT   14 frame_dummy    35: 00000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c    36: 08049f10     0 OBJECT  LOCAL  DEFAULT   18 __CTOR_END__    37: 080484d0     0 OBJECT  LOCAL  DEFAULT   17 __FRAME_END__    38: 08049f1c     0 OBJECT  LOCAL  DEFAULT   20 __JCR_END__    39: 08048470     0 FUNC    LOCAL  DEFAULT   14 __do_global_ctors_aux    40: 00000000     0 FILE    LOCAL  DEFAULT  ABS test.c    41: 08049ff4     0 OBJECT  LOCAL  DEFAULT   23 _GLOBAL_OFFSET_TABLE_    42: 08049f0c     0 NOTYPE  LOCAL  DEFAULT   18 __init_array_end    43: 08049f0c     0 NOTYPE  LOCAL  DEFAULT   18 __init_array_start    44: 08049f20     0 OBJECT  LOCAL  DEFAULT   21 _DYNAMIC    45: 0804a00c     0 NOTYPE  WEAK   DEFAULT   24 data_start    46: 08048400     5 FUNC    GLOBAL DEFAULT   14 __libc_csu_fini    47: 08048330     0 FUNC    GLOBAL DEFAULT   14 _start    48: 00000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__    49: 00000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses    50: 080484b8     4 OBJECT  GLOBAL DEFAULT   16 _fp_hw    51: 0804849c     0 FUNC    GLOBAL DEFAULT   15 _fini    52: 00000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@@GLIBC_    53: 080484bc     4 OBJECT  GLOBAL DEFAULT   16 _IO_stdin_used    54: 0804a00c     0 NOTYPE  GLOBAL DEFAULT   24 __data_start    55: 0804a010     0 OBJECT  GLOBAL HIDDEN    24 __dso_handle    56: 08049f18     0 OBJECT  GLOBAL HIDDEN    19 __DTOR_END__    57: 08048410    90 FUNC    GLOBAL DEFAULT   14 __libc_csu_init    58: 0804a014     0 NOTYPE  GLOBAL DEFAULT  ABS __bss_start    59: 0804a01c     0 NOTYPE  GLOBAL DEFAULT  ABS _end    60: 00000000     0 FUNC    GLOBAL DEFAULT  UND puts@@GLIBC_2.0    61: 0804a014     0 NOTYPE  GLOBAL DEFAULT  ABS _edata    62: 0804846a     0 FUNC    GLOBAL HIDDEN    14 __i686.get_pc_thunk.bx    63: 080483e4    28 FUNC    GLOBAL DEFAULT   14 main    64: 080482b8     0 FUNC    GLOBAL DEFAULT   12 _initHistogram for bucket list length (total of 3 buckets): Length  Number     % of total  Coverage      0  0          (  0.0%)      1  2          ( 66.7%)     50.0%      2  1          ( 33.3%)    100.0%Histogram for `.gnu.hash' bucket list length (total of 2 buckets): Length  Number     % of total  Coverage      0  1          ( 50.0%)      1  1          ( 50.0%)    100.0%Version symbols section '.gnu.version' contains 5 entries: Addr: 000000000804826e  Offset: 0x00026e  Link: 6 (.dynsym)  000:   0 (*local*)       0 (*local*)       2 (GLIBC_2.0)     2 (GLIBC_2.0)    004:   1 (*global*)   Version needs section '.gnu.version_r' contains 1 entries: Addr: 0x0000000008048278  Offset: 0x000278  Link: 7 (.dynstr)  000000: Version: 1  File: libc.so.6  Cnt: 1  0x0010:   Name: GLIBC_2.0  Flags: none  Version: 2Notes at offset 0x00000148 with length 0x00000020:  Owner        Data size    Description  GNU        0x00000010    NT_GNU_ABI_TAG (ABI version tag)Notes at offset 0x00000168 with length 0x00000024:  Owner        Data size    Description  GNU        0x00000014    NT_GNU_BUILD_ID (unique build ID bitstring)

这个命令生成的输出如所示。ELF Header 为该文件中所有段入口显示了详细的摘要。在列举出这些 Header 中的内容之前，您可以看到 Header 的具体数目。在研究一个较大的目标文件时，该信息可能非常有用。

正如从该输出中看到的，简单的 a.out Hello World 文件中包含了大量有价值的细节信息，包括版本信息、柱状图、各种符号类型的表格，等等。通过使用本文中介绍的这几种工具分析目标文件，您可以慢慢地对可执行程序进行研究。

除了所有这些段之外，编译器可以将调试信息放入到目标文件中，并且还可以显示这些信息。输入下面的命令，仔细分析编译器的输出（假设您扮演了调试程序的角色）：

编译需要加-g 参数保留调试信息符号

cc -g hw.c

readelf --debug-dump a.outContents of the .debug_aranges section:  Length:                   28  Version:                  2  Offset into .debug_info:  0x0  Pointer Size:             4  Segment Size:             0    Address    Length    080483e4 0000001c     00000000 00000000 Contents of the .debug_pubnames section:  Length:                              23  Version:                             2  Offset into .debug_info section:     0x0  Size of area in .debug_info section: 143    Offset    Name    75        mainContents of the .debug_info section:  Compilation Unit @ offset 0x0:   Length:        0x8b (32-bit)   Version:       2   Abbrev Offset: 0   Pointer Size:  4 <0>: Abbrev Number: 1 (DW_TAG_compile_unit)    < c>   DW_AT_producer    : (indirect string, offset: 0x54): GNU C 4.4.3        <10>   DW_AT_language    : 1    (ANSI C)    <11>   DW_AT_name        : (indirect string, offset: 0x4d): test.c        <15>   DW_AT_comp_dir    : (indirect string, offset: 0x42): /root        <19>   DW_AT_low_pc      : 0x80483e4        <1d>   DW_AT_high_pc     : 0x8048400        <21>   DW_AT_stmt_list   : 0x0     <1><25>: Abbrev Number: 2 (DW_TAG_base_type)    <26>   DW_AT_byte_size   : 4        <27>   DW_AT_encoding    : 7    (unsigned)    <28>   DW_AT_name        : (indirect string, offset: 0x27): unsigned int     <1><2c>: Abbrev Number: 2 (DW_TAG_base_type)    <2d>   DW_AT_byte_size   : 1        <2e>   DW_AT_encoding    : 8    (unsigned char)    <2f>   DW_AT_name        : (indirect string, offset: 0x34): unsigned char     <1><33>: Abbrev Number: 2 (DW_TAG_base_type)    <34>   DW_AT_byte_size   : 2        <35>   DW_AT_encoding    : 7    (unsigned)    <36>   DW_AT_name        : (indirect string, offset: 0x0): short unsigned int     <1><3a>: Abbrev Number: 2 (DW_TAG_base_type)    <3b>   DW_AT_byte_size   : 4        <3c>   DW_AT_encoding    : 7    (unsigned)    <3d>   DW_AT_name        : (indirect string, offset: 0x22): long unsigned int     <1><41>: Abbrev Number: 2 (DW_TAG_base_type)    <42>   DW_AT_byte_size   : 1        <43>   DW_AT_encoding    : 6    (signed char)    <44>   DW_AT_name        : (indirect string, offset: 0x36): signed char     <1><48>: Abbrev Number: 2 (DW_TAG_base_type)    <49>   DW_AT_byte_size   : 2        <4a>   DW_AT_encoding    : 5    (signed)    <4b>   DW_AT_name        : (indirect string, offset: 0x13): short int     <1><4f>: Abbrev Number: 3 (DW_TAG_base_type)    <50>   DW_AT_byte_size   : 4        <51>   DW_AT_encoding    : 5    (signed)    <52>   DW_AT_name        : int     <1><56>: Abbrev Number: 2 (DW_TAG_base_type)    <57>   DW_AT_byte_size   : 8        <58>   DW_AT_encoding    : 5    (signed)    <59>   DW_AT_name        : (indirect string, offset: 0x60): long long int     <1><5d>: Abbrev Number: 2 (DW_TAG_base_type)    <5e>   DW_AT_byte_size   : 8        <5f>   DW_AT_encoding    : 7    (unsigned)    <60>   DW_AT_name        : (indirect string, offset: 0x1d): long long unsigned int     <1><64>: Abbrev Number: 2 (DW_TAG_base_type)    <65>   DW_AT_byte_size   : 4        <66>   DW_AT_encoding    : 5    (signed)    <67>   DW_AT_name        : (indirect string, offset: 0x65): long int     <1><6b>: Abbrev Number: 4 (DW_TAG_base_type)    <6c>   DW_AT_byte_size   : 4        <6d>   DW_AT_encoding    : 7    (unsigned) <1><6e>: Abbrev Number: 2 (DW_TAG_base_type)    <6f>   DW_AT_byte_size   : 1        <70>   DW_AT_encoding    : 6    (signed char)    <71>   DW_AT_name        : (indirect string, offset: 0x3d): char     <1><75>: Abbrev Number: 5 (DW_TAG_subprogram)    <76>   DW_AT_external    : 1        <77>   DW_AT_name        : (indirect string, offset: 0x48): main        <7b>   DW_AT_decl_file   : 1        <7c>   DW_AT_decl_line   : 4        <7d>   DW_AT_prototyped  : 1        <7e>   DW_AT_type        : <0x4f>        <82>   DW_AT_low_pc      : 0x80483e4        <86>   DW_AT_high_pc     : 0x8048400        <8a>   DW_AT_frame_base  : 0x0    (location list)Contents of the .debug_abbrev section:  Number TAG   1      DW_TAG_compile_unit    [has children]    DW_AT_producer     DW_FORM_strp    DW_AT_language     DW_FORM_data1    DW_AT_name         DW_FORM_strp    DW_AT_comp_dir     DW_FORM_strp    DW_AT_low_pc       DW_FORM_addr    DW_AT_high_pc      DW_FORM_addr    DW_AT_stmt_list    DW_FORM_data4   2      DW_TAG_base_type    [no children]    DW_AT_byte_size    DW_FORM_data1    DW_AT_encoding     DW_FORM_data1    DW_AT_name         DW_FORM_strp   3      DW_TAG_base_type    [no children]    DW_AT_byte_size    DW_FORM_data1    DW_AT_encoding     DW_FORM_data1    DW_AT_name         DW_FORM_string   4      DW_TAG_base_type    [no children]    DW_AT_byte_size    DW_FORM_data1    DW_AT_encoding     DW_FORM_data1   5      DW_TAG_subprogram    [no children]    DW_AT_external     DW_FORM_flag    DW_AT_name         DW_FORM_strp    DW_AT_decl_file    DW_FORM_data1    DW_AT_decl_line    DW_FORM_data1    DW_AT_prototyped   DW_FORM_flag    DW_AT_type         DW_FORM_ref4    DW_AT_low_pc       DW_FORM_addr    DW_AT_high_pc      DW_FORM_addr    DW_AT_frame_base   DW_FORM_data4Raw dump of debug contents of section .debug_line:  Offset:                      0x0  Length:                      51  DWARF Version:               2  Prologue Length:             29  Minimum Instruction Length:  1  Initial value of 'is_stmt':  1  Line Base:                   -5  Line Range:                  14  Opcode Base:                 13 Opcodes:  Opcode 1 has 0 args  Opcode 2 has 1 args  Opcode 3 has 1 args  Opcode 4 has 1 args  Opcode 5 has 1 args  Opcode 6 has 0 args  Opcode 7 has 0 args  Opcode 8 has 0 args  Opcode 9 has 1 args  Opcode 10 has 0 args  Opcode 11 has 0 args  Opcode 12 has 1 args The Directory Table is empty. The File Name Table:  Entry    Dir    Time    Size    Name  1    0    0    0    test.c Line Number Statements:  Extended opcode 2: set Address to 0x80483e4  Special opcode 9: advance Address by 0 to 0x80483e4 and Line by 4 to 5  Special opcode 132: advance Address by 9 to 0x80483ed and Line by 1 to 6  Special opcode 174: advance Address by 12 to 0x80483f9 and Line by 1 to 7  Special opcode 76: advance Address by 5 to 0x80483fe and Line by 1 to 8  Advance PC by 2 to 0x8048400  Extended opcode 1: End of SequenceContents of the .debug_frame section:00000000 00000010 ffffffff CIE  Version:               1  Augmentation:          ""  Code alignment factor: 1  Data alignment factor: -4  Return address column: 8  DW_CFA_def_cfa: r4 (esp) ofs 4  DW_CFA_offset: r8 (eip) at cfa-4  DW_CFA_nop  DW_CFA_nop00000014 00000014 00000000 FDE cie=00000000 pc=080483e4..08048400  DW_CFA_advance_loc: 1 to 080483e5  DW_CFA_def_cfa_offset: 8  DW_CFA_advance_loc: 2 to 080483e7  DW_CFA_offset: r5 (ebp) at cfa-8  DW_CFA_def_cfa_register: r5 (ebp)Contents of the .debug_str section:  0x00000000 73686f72 7420756e 7369676e 65642069 short unsigned i  0x00000010 6e740073 686f7274 20696e74 006c6f6e nt.short int.lon  0x00000020 67206c6f 6e672075 6e736967 6e656420 g long unsigned   0x00000030 696e7400 756e7369 676e6564 20636861 int.unsigned cha  0x00000040 72002f72 6f6f7400 6d61696e 00746573 r./root.main.tes  0x00000050 742e6300 474e5520 4320342e 342e3300 t.c.GNU C 4.4.3.  0x00000060 6c6f6e67 206c6f6e 6720696e 7400     long long int.Contents of the .debug_loc section:    Offset   Begin    End      Expression    00000000 080483e4 080483e5 (DW_OP_breg4 (esp): 4)    00000000 080483e5 080483e7 (DW_OP_breg4 (esp): 8)    00000000 080483e7 08048400 (DW_OP_breg5 (ebp): 8)    00000000

这个命令生成的输出如所示。调试工具，如 GDB，可以读取这些调试信息，并且当程序在调试器中运行的同时，您可以使用该工具显示更具描述性的标记，而不是对代码进行反汇编时的原始地址值。

参考

转载于:https://www.cnblogs.com/wangkangluo1/archive/2012/07/02/2572433.html

你可能感兴趣的文章