objdump

objdump
- show content of binary
- disassemble

show content of binary

Print the full content of an ELF binary:

$ objdump -s /bin/ls
# or
$ objdump --full-contents /bin/ls

Print ordinary binary:

$ objdump -s -b binary /etc/ld.so.cache

Print specified section of an ELF binary:

$ objdump -s -j .interp /bin/ls

/bin/ls:     file format elf64-x86-64

Contents of section .interp:
 400238 2f6c6962 36342f6c 642d6c69 6e75782d  /lib64/ld-linux-
 400248 7838362d 36342e73 6f2e3200           x86-64.so.2.

List sections of an ELF binary:

# use [-h|--section-headers|--headers] option
$ objdump -h /bin/ls | head -10

/bin/ls:     file format elf64-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       0000001c  0000000000400238  0000000000400238  00000238  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  0000000000400254  0000000000400254  00000254  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  0000000000400274  0000000000400274  00000274  2**2

Specify the address range:

$ objdump -s --start-address=<start addr> --stop-address=<stop addr> <binary>

disassemble

$ objdump -d
# or
$ objdump --disassemble

反编译所有section：

$ objdump -D
# or
$ objdump --disassemble-all

不显示汇编指令的byte值：

--no-show-raw-insn

加上汇编指令所在的相对地址，如<main+0x1>：

--prefix-address
# need add --show-raw-insn to show the binary value

指定section：

$ objdump -d -j .init a.o

显示源代码行数（该object file必须包含debug info）：

[-l|--line-numbers]

显示汇编代码对应的源代码（源代码需要在编译时的路径）：

[-S|--source]

Wiki

by yszheda

objdump

show content of binary

disassemble