Tools of Binutils ( Objdump)

In these articles we article are going to discuss one of the famous tools of Binutils known as objdump.

If you are not aware of Binutils or if Binutils sounds like rocket science then please click here to know what Binutils is.

What objdump is?

objdump is?a part of the GNU Binutils which is used to give the data inside executables and other binary data into human-readable format. We can also define objdump as a command-line program to showcase the various information about object files on Unix likes operating system

In a simple word objdump is a Binutils tool that disassembles the object and another format of the executable in the assembly format.

Main Purpose of the objdump?

When we have the executable or the object code of the source code but we don't have the source code and we have to get the maximum information from the file. In these scenarios, objdump is a very useful tool to get the maximum information from the file whose source code is not available with us and to analyze the binary.

The main purpose of the objdump tool is to debug and understand the executable file.

It is used for the following listed purposes:

• To retrieve archive header
• To get the offset of the file
• To get the bfdname
• To get the demangle
• To debug the file
• To disassemble the file
• To retrieve the file headers

Syntax of Objdump

objdump <option(s)> <file(s)
        

Using Objdump

1. To get the function header of an object file. This command will print all the header inside the file.

?objdump.exe -f a.out


a.out:? ? ?file format pe-x86-64
architecture: i386:x86-64, flags 0x00000039:
HAS_RELOC, HAS_DEBUG, HAS_SYMS, HAS_LOCALS
start address 0x0000000000000000
        

a.out is the name of the executable whose header you want to find.

    -f
       --file-headers
           Display summary information from the overall header of each
           of the objfile files
               [-p|--private-headers]
for                [-p|--private-headers]
-p
       --private-headers
           Print information that is specific to the object file format.
           The exact information printed depends upon the object file
           format.  For some object file formats, no additional
           information is printed.        

Here -p output

$ objdump.exe -p a.out


a.out:? ? ?file format pe-x86-64


Characteristics 0x4
? ? ? ? line numbers stripped


Time/Date? ? ? ? ? ? ? ?Thu Jan 01 05:30:00 1970
Magic? ? ? ? ? ? ? ? ? ?0000
MajorLinkerVersion? ? ? 0
MinorLinkerVersion? ? ? 0
SizeOfCode? ? ? ? ? ? ? 0000000000000000
SizeOfInitializedData? ?0000000000000000
SizeOfUninitializedData 0000000000000000
AddressOfEntryPoint? ? ?0000000000000000
BaseOfCode? ? ? ? ? ? ? 0000000000000000
ImageBase? ? ? ? ? ? ? ?0000000000000000
SectionAlignment? ? ? ? 00000000
FileAlignment? ? ? ? ? ?00000000
MajorOSystemVersion? ? ?0
MinorOSystemVersion? ? ?0
MajorImageVersion? ? ? ?0
MinorImageVersion? ? ? ?0
MajorSubsystemVersion? ?0
MinorSubsystemVersion? ?0
Win32Version? ? ? ? ? ? 00000000
SizeOfImage? ? ? ? ? ? ?00000000
SizeOfHeaders? ? ? ? ? ?00000000
CheckSum? ? ? ? ? ? ? ? 00000000
Subsystem? ? ? ? ? ? ? ?00000000? ? ? ? (unspecified)
DllCharacteristics? ? ? 00000000
SizeOfStackReserve? ? ? 0000000000000000
SizeOfStackCommit? ? ? ?0000000000000000
SizeOfHeapReserve? ? ? ?0000000000000000
SizeOfHeapCommit? ? ? ? 0000000000000000
LoaderFlags? ? ? ? ? ? ?00000000
NumberOfRvaAndSizes? ? ?00000000


The Data Directory
Entry 0 0000000000000000 00000000 Export Directory [.edata (or where ever we found it)]
Entry 1 0000000000000000 00000000 Import Directory [parts of .idata]
Entry 2 0000000000000000 00000000 Resource Directory [.rsrc]
Entry 3 0000000000000000 00000000 Exception Directory [.pdata]
Entry 4 0000000000000000 00000000 Security Directory
Entry 5 0000000000000000 00000000 Base Relocation Directory [.reloc]
Entry 6 0000000000000000 00000000 Debug Directory
Entry 7 0000000000000000 00000000 Description Directory
Entry 8 0000000000000000 00000000 Special Directory
Entry 9 0000000000000000 00000000 Thread Storage Directory [.tls]
Entry a 0000000000000000 00000000 Load Configuration Directory
Entry b 0000000000000000 00000000 Bound Import Directory
Entry c 0000000000000000 00000000 Import Address Table Directory
Entry d 0000000000000000 00000000 Delay Import Directory
Entry e 0000000000000000 00000000 CLR Runtime Header
Entry f 0000000000000000 00000000 Reserved


The Function Table (interpreted .pdata section contents)
vma:? ? ? ? ? ? ? ? ? ? BeginAddress? ? ?EndAddress? ? ? ?UnwindData
?0000000000000000:? ? ? 0000000000000000 0000000000000051 0000000000000000
?000000000000000c:? ? ? 0000000000000051 0000000000000078 000000000000000c


Dump of .xdata
?0000000000000000 (rva: 00000000): 0000000000000000 - 0000000000000051
warning: xdata section corrupt
?000000000000000c (rva: 0000000c): 0000000000000051 - 0000000000000078
warning: xdata section corrupt

        

Flags?

Usage?

-a (--archive-header)

If any of the objfile files are archives, display the archive header information (in a format similar to ls -l).Besides the information you could list with ar tv, objdump -a shows the object file format of each archive member.

-b bfdname

????--target=bfdname

Specify that the object-code format for the object files is bfdname.? This option may not be necessary; objdump can

automatically recognize many formats.

For example,

objdump -b oasys -m vax -h fu.o

displays summary information from the section headers (-h) of fu.o, which is explicitly identified (-m) as a VAX object file in the format produced by Oasys compilers.? You can list the formats available with the -i option.

-C

???????--demangle[=style]

Decode (demangle) low-level symbol names into user-level

?names.? Besides removing any initial underscore prepend by

the system, this makes C++ function names readable.

Different compilers have different mangling styles The

?optional demangling style argument can be used to choose an appropriate demangling style for your compiler.

??????-d

???????--disassemble

???????--disassemble=symbol

Display the assembler mnemonics for the machine instructions

???????????from the input file.? This option only disassembles those

???????????sections which are expected to contain instructions.? If the

???????????optional symbol argument is given, then display the assembler

???????????mnemonics starting at symbol.? If symbol is a function name

???????????then disassembly will stop at the end of the function,

???????????otherwise it will stop when the next symbol is encountered.

???????????If there are no matches for symbol then nothing will be

???????????displayed.

Similarly in order to see other options of the objdump https://man7.org/linux/man-pages/man1/objdump.1.html