objdump

问题 I've got a binary installed on my system, and would like to look at the disassembly of a given function. Preferrably using objdump , but other solutions would be acceptable as well. From this questions I've learned that I might be able to disassemble part of the code if I only know the boundary addresses. From this answer I've learned how to turn my split debug symbols back into a single file. But even operating on that single file, and even disassembling all the code (i.e. without start or

问题 Are there any Linux programs that can disassemble an OSX universal x86/x86_64 fat Mach-O binary like objdump? GNU binutils' objdump supports ELF and Windows PE files but not Mach-O. 回答1: AFAIK, the native Darwin binary tools are part of the cctools package. They don't have the same command line syntax or output as the GNU binutils. Later binutils (i.e., 2.22) supports the Mach-O format however. You can get these prebuilt, with the ' g ' prefix to the tool names, as mentioned here.

问题 I've been using objdump to look at assembly code in Linux ELF binaries. Sometimes there is an indirect jump through a jump table that is stored in the rodata (read-only data) section. How to get objdump or any other tool to show me the contents of this data section? I could execute the program and examine the relevant addresses in the debugger, but I don't want to do that because it has to be done interactively. The ideal answer will identify a tool that will not only show me the contents but

问题 Is there anyway this can be done? I\'ve used objdump but that doesn\'t produce assembly output that will be accepted by any assembler that I know of. I\'d like to be able to change instructions within an executable and then test it afterwards. 回答1: I don't think there is any reliable way to do this. Machine code formats are very complicated, more complicated than assembly files. It isn't really possible to take a compiled binary (say, in ELF format) and produce a source assembly program which

问题 How can I tell, with something like objdump , if an object file has been built with -fPIC ? 回答1: The answer depends on the platform. On most platforms, if output from readelf --relocs foo.o | egrep '(GOT|PLT|JU?MP_SLOT)' is empty, then either foo.o was not compiled with -fPIC , or foo.o doesn't contain any code where -fPIC matters. 回答2: I just had to do this on a PowerPC target to find which shared object (.so) was being built without -fPIC. What I did was run readelf -d libMyLib1.so and look