如何在 Linux 上检查 ELF 文件的数据部分的内容?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/1685483/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How can I examine contents of a data section of an ELF file on Linux?
提问by Norman Ramsey
I've been using objdumpto look at assembly code in Linux ELF binaries.
我一直在objdump查看 Linux ELF 二进制文件中的汇编代码。
Sometimes there is an indirect jump through a jump table that is stored in the rodata(read-only data) section.
有时会通过存储在rodata(只读数据)部分中的跳转表进行间接跳转。
How to get objdumpor any other tool to show me the contents of this data section?
如何获取objdump或任何其他工具向我显示此数据部分的内容?
I could execute the program and examine the relevant addresses in the debugger, but I don't want to do that because it has to be done interactively.
我可以执行程序并检查调试器中的相关地址,但我不想这样做,因为它必须以交互方式完成。
The ideal answer will identify a tool that will not only show me the contents but will let me control the display format, much as oddoes.
理想的答案将确定一个工具,它不仅可以向我显示内容,而且可以让我控制显示格式,就像od那样。
采纳答案by hobbs
objdump -s -j .rodata exefile
gives a side-by-side hex/printable ASCII dump of the contents of the rodatasection like:
给出该rodata部分内容的并排十六进制/可打印 ASCII 转储,例如:
Contents of section .rodata:
0000 67452301 efcdab89 67452301 efcdab89 gE#.....gE#.....
0010 64636261 68676665 64636261 68676665 dcbahgfedcbahgfe
It doesn't look like there's anything in there to control formatting, but it's a start. You could always undump the hex and feed it to od, I suppose :)
看起来没有任何东西可以控制格式,但这是一个开始。我想你总是可以卸载十六进制并将其提供给 od :)
回答by ysdx
You can get the RAW (not hexdump-ed) ELF section with:
您可以使用以下命令获取 RAW(非 hexdump-ed)ELF 部分:
# To a file:
objcopy file /dev/null --dump-section .text=text.data
# To stdout:
objcopy file /dev/null --dump-section .text=/dev/stdout | cat
Here I'm using | catin order to force stdout to be a pipe. /dev/stdoutmight work unexpectedly if stdout is a file. .text=-does not send to stdout but to the -file.
我在这里使用| cat是为了强制 stdout 成为管道。/dev/stdout如果 stdout 是一个文件,则可能会意外工作。.text=-不发送到标准输出,而是发送到-文件。
However objcopy and objdump have some deficiencies(because they are based on BFD which abstracts different executable formats).
但是objcopy 和 objdump 有一些不足(因为它们基于 BFD,抽象了不同的可执行格式)。
Update:I wrote a toolto do this which does not rely on BFD.
更新:我编写了一个不依赖于 BFD的工具来执行此操作。
