vmlinux反汇编_看vmlinux的符号信息
⽤xx-objdump来查看binary的信息,尤其是调试信息
这⼏天,⼀直在研究mips仿真器为什么不能源码级别调试汇编代码,
⼀直再看 vmlinux的debug symbol的相关的东西 ,特此做⼀些备忘录。
尤其是 ⼀些objdump的选项。
⼜深⼊研究了下ELF的东西。
ELF太重要了。
以下都是vmlinux和head.o为例的。
1,看起来,每个版本的objdump的⽀持都不⼀样的。
⾄少输出的选项也是不⼀样的。
当然最有⽤就是:
-
D :反汇编所有的sections
-d :反汇编executable sections
-S :混合显⽰汇编代码和原始代码,太有⽤了******
-t :显⽰调试信息,尤其是可以显⽰出⾏号和⽂件名和路径(配合-l)
-l, --line-numbersInclude line numbers and filenames in output
下⾯就是endian的选择了
-EB --endian=bigAssume big endian format when disassembling
-EL --endian=littleAssume little endian format when disassembling
下⾯输出的elf32-tradbigmips是⽀持的平台
[bob@localhost linux-2.6.20.9]$ /home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-objdump -b
/
home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-objdump: option requires an argument --b
Usage: /home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-objdump
Display information from object .
At least one of the following switches must be given:
-a, --archive-headersDisplay archive header information
-f, --file-headersDisplay the contents of the overall file header
-p, --private-headersDisplay object format specific file header contents
-h, --[section-]headersDisplay the contents of the section headers
-x, --all-headersDisplay the contents of all headers
-d, --disassembleDisplay assembler contents of executable sections
-D, --disassemble-allDisplay assembler contents of all sections
-S, --sourceIntermix source code with disassembly
-s, --full-contentsDisplay the full contents of all sections requested
-g, --debuggingDisplay debug information in object file
-G, --stabsDisplay (in raw form) any STABS info in the file
-t, --symsDisplay the contents of the symbol table(s)
-T, --dynamic-symsDisplay the contents of the dynamic symbol table
-r, --relocDisplay the relocation entries in the file
-R, --dynamic-relocDisplay the dynamic relocation entries in the file
-v, --versionDisplay this program's version number
-i, --infoList object formats and architectures supported
-H, --helpDisplay this information
The following switches are optional:
-b, --target=BFDNAMESpecify the target object format as BFDNAME
-m, --architecture=MACHINESpecify the target architecture as MACHINE
-j, --section=NAMEOnly display information for section NAME
-M, --disassembler-options=OPT Pass text OPT on to the disassembler
-EB --endian=bigAssume big endian format when disassembling
-EL --endian=littleAssume little endian format when disassembling
--file-start-contextInclude context from start of file (with -S)
-l, --line-numbersInclude line numbers and filenames in output
-C, --demangle[=STYLE]Decode mangled/processed symbol names
The STYLE, if specified, can be `auto', 'gnu',
'lucid', 'arm', 'hp', 'edg', or 'gnu-new-abi'
-w, --wideFormat output for more than 80 columns
-z, --disassemble-zeroesDo not skip blocks of zeroes when disassembling
--start-address=ADDROnly process data whoes address is >= ADDR
--stop-address=ADDROnly process data whoes address is <= ADDR
--prefix-addressesPrint complete address alongside disassembly
--[no-]show-raw-insnDisplay hex alongside symbolic disassembly
--adjust-vma=OFFSETAdd OFFSET to all displayed section addresses
/home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-objdump: supported targets:elf32-tradbigmipself32-tradlittlemips elf64-tradbigmips elf64-tradlittlemips ecoff-bigmips ecoff-
littlemips elf64-little elf64-big elf32-little elf32-big srec symbolsrec tekhex binary ihex
/home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-objdump: supported architectures: mips
mips:3000 mips:3900 mips:4000 mips:4010 mips:4100 mips:4111 mips:4300 mips:4400 mips:4600 mips:4650 mips:5000 mips:6000 mips:8000 mips:10000 mips:12000 mips:16 mips:mips5 mips:isa32 mips:isa64
mips:sb1
2,⽤法:⽐如
#mips-linux-objdump -D -l -t -x -S arch/mips/kernel/head.o
可以看到类似:
/home/work/data3/standby/dv_kernel_suspend2/linux/arch/mips/kernel/head.S:245
lit1, 0xFFFFFFF8这个上⾯⽂件的245 line
44:3c09ffffluit1,0xffff
48:3529fff8orit1,t1,0xfff8这两个是反汇编后的指令
这样我们可以很轻松的看出lit1, 0xFFFFFFF8在汇编后,实际上是两条指令。
还有对应的⾏号和⽂件路径
其实这样,我我们就可以知道代码实际上是如何执⾏的。
3,readelf也可以显⽰symbol信息:
/home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-readelf -s arch/mips/kernel/head.o
4,readelf -h最有⽤的就是可以显⽰kernel的⼊⼝点了。
[bob@localhost linux]$ /home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-readelf -h vmlinux
ELF Header:
Magic:7f 45 4c 46 01 02 01 00 00 00 00 00 00 00 00 00
Class:ELF32
Data:2's complement, big endian
Version:1 (current)
OS/ABI:UNIX - System V
ABI Version:0
Type:EXEC (Executable file)
Machine:MIPS R3000
Version:0x1
Entry point address:0x8025e040
Start of program headers:52 (bytes into file)
Start of section headers:31477732 (bytes into file)
Flags:0x10001001, noreorder, o32, mips2
Size of this header:52 (bytes)
Size of program headers:32 (bytes)
Number of program headers:3
Size of section headers:40 (bytes)
Number of section headers:31
Section header string table index: 28reference group
5,xx-ld –M⾮常有⽤,可以到很多重要的信息
Xx-ld可以跟其他的选项,man ld
⽐如编译kernel,最后的连接的过程:
/home/bob/gcc-3.2.2-uClibc-0.9.19/mips-linux/bin/mips-linux-ld -G 0 -static-T arch/mips/ld.script
arch/mips/kernel/head.o arch/mips/kernel/init_task.o init/main.o init/version.o init/do_mounts.o --start-group
arch/mips/kernel/kernel.o arch/mips/mm/mm.o kernel/kernel.o mm/mm.o fs/fs.o ipc/ipc.o arch/mips/math-
emu/fpu_emulator.o arch/mips/emma2_se/emma2.odrivers/char/char.o drivers/block/block.o drivers/misc/misc.o drivers/net/net.o drivers/ide/idedriver.o drivers/pci/driver.o drivers/mtd/mtdlink.o drivers/net/wireless/wireless_net.o drivers/usb/usbdrv.o drivers/media/media.o drivers/md/mddev.o net/network.o arch/mips/lib/lib.a
/home/work/data3/standby/dv_kernel_suspend2/linux/lib/lib.a --end-group-o vmlinux–M
你可以在后⾯加⼀个–M参数。
`-M'
`--print-map'
打印⼀个连接位图到标准输出.⼀个连接位图提供的关于连接的信息有如下⼀些:
*⽬标⽂件和符号被映射到内存的哪些地⽅.
*普通符号如何被分配空间.
*所有被连接进来的档案⽂件,还有导致档案⽂件被包含进来的那个符号.
⾮常之详细。
⽐如:
.text.init0x000000008025e0000xb0 arch/mips/kernel/head.o
0x000000008025e000except_vec2_generic
0x000000008025e038except_vec_nmi
0x000000008025e040kernel_entry
0x000000008025e028except_vec4
0x000000008025e030except_vec_ejtag_debug
.text.init0x000000008025e0b00x758 init/main.o
0x000000008025e1a4calibrate_delay
0x000000008025e564start_kernel
。
。。。
显⽰由谁连接来的。
LOAD arch/mips/kernel/head.o
LOAD arch/mips/kernel/init_task.o
LOAD init/main.o
LOAD init/version.o
LOAD init/do_mounts.o
START GROUP
LOAD arch/mips/kernel/kernel.o
LOAD arch/mips/mm/mm.o
LOAD kernel/kernel.o
LOAD mm/mm.o
LOAD fs/fs.o
LOAD ipc/ipc.o
LOAD arch/mips/math-emu/fpu_emulator.o
LOAD arch/mips/emma2_se/emma2.o
LOAD drivers/char/char.o
LOAD drivers/block/block.o
LOAD drivers/misc/misc.o
LOAD drivers/net/net.o
LOAD drivers/ide/idedriver.o
LOAD drivers/pci/driver.o
LOAD drivers/mtd/mtdlink.o
LOAD drivers/net/wireless/wireless_net.o
LOAD drivers/usb/usbdrv.o
LOAD drivers/media/media.o
LOAD drivers/md/mddev.o
LOAD net/network.o
LOAD arch/mips/lib/lib.a
LOAD /home/work/data3/standby/dv_kernel_suspend2/linux/lib/lib.a END GROUP
OUTPUT(vmlinux elf32-tradbigmips)
还可以看出⼀些段上的详细内容,不过,⼀些东西,我也不知道:
。。。
.
debug_line0x00000000000000000x3b913a
.debug_line0x00000000000000000x93 arch/mips/kernel/head.o
.debug_line0x00000000000000930x299d arch/mips/kernel/init_task.o .debug_line0x0000000000002a300x313e init/main.o
.debug_line0x0000000000005b6e0x79 init/version.o
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论