发表新帖
发表新帖

How to disassemble one single function using objdump?

后端 未结
关注
7 1070
囚心锁ツ
囚心锁ツ 2020-11-29 17:59

I\'ve got a binary installed on my system, and would like to look at the disassembly of a given function. Preferrably using objdump, but other solutions would b

7条回答
  • 执念已碎
    执念已碎 (楼主)
    2020-11-29 18:47

    Disassemble One Single Function using Objdump

    I have two solutions:

    1. Commandline Based

    This method works perfectly and additional a simple one. I use objdump with the -d flag and pipe it through awk. The disassembled output looks like

    000000000000068a 
    :
68a:    55                      push   %rbp
68b:    48 89 e5                mov    %rsp,%rbp
68e:    48 83 ec 20             sub    $0x20,%rsp

    To start with, I begin with the description of the objdump output. A section or function is separated by an empty line. Therefore changing the FS (Field Separator) to newline and the RS (Record Separator) to twice newline let you easily search for your recommended function, since it is simply to find within the $1 field!

    objdump -d name_of_your_obj_file | awk -F"\n" -v RS="\n\n" '$1 ~ /main/'

    Of course you can replace main with any other function you would like to print.

    2. Bash Script

    I have written a small bash script for this issue. Paste and copy it and save it as e.g. dasm file.

    #!/bin/bash
# Author: abu
# filename: dasm
# Description: puts disassembled objectfile to std-out

if [ $# = 2 ]; then
        sstrg="^[[:xdigit:]]{2,}+.*<$2>:$"
        objdump -d $1 | awk -F"\n" -v RS="\n\n" '$1 ~ /'"$sstrg"'/'
elif [ $# = 1 ]; then
        objdump -d $1 | awk -F"\n" -v RS="\n\n" '{ print $1 }'
else
    echo "You have to add argument(s)"
    echo "Usage:   "$0 " arg1 arg2"  
    echo "Description: print disassembled label to std-out"
    echo "             arg1: name of object file"
    echo "             arg2: name of function to be disassembled"
    echo "         "$0 " arg1    ... print labels and their rel. addresses" 
fi

    Change the x-access and invoke it with e.g.:

    chmod +x dasm
./dasm test main

    This is much faster than invoking gdb with a script. Beside the way using objdump will not load the libraries into memory and is therefore safer!

    Vitaly Fadeev programmed an auto-completion to this script, which is really a nice feature and speeds up typing.

    The script can be found here.

    0 讨论(0)
 看不清?
提交回复
热议问题