Today we are going to focus on "dumping" tools, as opposed to interactive tools like gdb. These tools dump all information that can be extracted from the executable to stdout or a file.
For this lab, continue to use lab1.cpp
from Lab 1. Also feel
free to try out all these tools, including gdb, on your own code. This is
strongly encouraged.
strings
command extracts human-readable information from any
file, including executables. Depending on how the executable is compiled and
processed, this can reveal information such as the function and variable names,
pathways on the developer's system, and so on.
The strings
command can be very verbose, so I recommend piping it
to less (or redirecting to a file):
strings <filename> | lessThis may or may not reveal much information, depending on how the executable was compiled. For example, you might not get much insight beyond what libraries the executable uses and string-based prompts/print-outs in the program.
To simply dump the contents of a file in hex, use the following:
hexdump <filename>This can be rather wordy, so another common technique is to invoke the
xxd
command from within the vi editor to display the file in
hex (with a sidebar of ASCII). Open the binary file in vi and then issue the
following vi command to convert it to hex:
:%!xxdYou can then use standard vi commands to move around (and change, although I don't recommend trying to make changes at this point) the binary file. When you are done, you can issue the following vi command to convert back to binary:
:%!xxd -rOr if you've made no changes, you can just use
:q!
to quit vi
without saving.
readelf
command dumps information about an ELF format
executable (the executable format for Linux). In some cases, readelf will
even show the original source code filename in the output.
You must give a display option to readelf, refer to the man page or the above
tutorial for more information on the display options. The most common option
to begin with is --all
(abbreviated -a
), as in the
following:
readelf -a <filename> | lessAgain, this is a verbose command, so piping to less or redirecting to a file is recommended.
objdump
command is a non-interactive way to disassemble a
binary. It can be more useful on stripped binaries than gdb
,
but can also generate a lot more information to dig through.
As with readelf, there are many display options for objdump. The simplest
for disassembly is --disassemble
(abbreviated -d
)
or --disassemble-all
(abbreviated -D
):
objdump -d <filename> | less