objdump
objdump is a command-line program for displaying various information about object files on Unix-like operating systems. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine-grained control over executables and other binary data. objdump uses the BFD library to read the contents of object files. Similar utilities are Borland TDUMP, Microsoft DUMPBIN and readelf.
Operating system | Unix and Unix-like |
---|---|
Type | Command |
License | GNU GPL |
Note that on certain platforms (e.g. macOS), the objdump binary may actually be a link to llvm's objdump, with different command-line options and behavior.
Example
For example,
$ objdump -D -M intel file.bin | grep main.: -A20
This performs disassembly on the file «file.bin», with the assembly code shown in Intel syntax. We then redirect it to grep, which searches the main function and displays 20 lines of its code.
Example output:
4004ed: 55 push rbp
4004ee: 48 89 e5 mov rbp,rsp
4004f1: c7 45 ec 00 00 00 00 mov DWORD PTR [rbp-0x14],0x0
4004f8: c7 45 f0 01 00 00 00 mov DWORD PTR [rbp-0x10],0x1
4004ff: c7 45 f4 02 00 00 00 mov DWORD PTR [rbp-0xc],0x2
400506: c7 45 f8 03 00 00 00 mov DWORD PTR [rbp-0x8],0x3
40050d: c7 45 fc 04 00 00 00 mov DWORD PTR [rbp-0x4],0x4
400514: c7 45 ec 00 00 00 00 mov DWORD PTR [rbp-0x14],0x0
40051b: eb 13 jmp 400530 <main+0x43>
40051d: 8b 05 15 0b 20 00 mov eax,DWORD PTR [rip+0x200b15] # 601038 <globalA>
400523: 83 e8 01 sub eax,0x1
400526: 89 05 0c 0b 20 00 mov DWORD PTR [rip+0x200b0c],eax # 601038 <globalA>
40052c: 83 45 ec 01 add DWORD PTR [rbp-0x14],0x1
400530: 8b 05 02 0b 20 00 mov eax,DWORD PTR [rip+0x200b02] # 601038 <globalA>
400536: 39 45 ec cmp DWORD PTR [rbp-0x14],eax
400539: 7c e2 jl 40051d <main+0x30>
40053b: 5d pop rbp
40053c: c3 ret
40053d: 0f 1f 00 nop DWORD PTR [rax]