如何使用objdump反汇编一个函数? [英] How to disassemble one single function using objdump?

问题描述

我的系统上安装了二进制文件，并希望查看给定功能的反汇编.最好使用objdump，但其他解决方案也是可以接受的.

I've got a binary installed on my system, and would like to look at the disassembly of a given function. Preferrably using objdump, but other solutions would be acceptable as well.

来自这个问题我了解到，如果我只知道边界地址.通过此答案，我已经学会了如何将拆分后的调试符号变回单个文件.

From this questions I've learned that I might be able to disassemble part of the code if I only know the boundary addresses. From this answer I've learned how to turn my split debug symbols back into a single file.

但是即使对单个文件进行操作，甚至反汇编所有代码(即没有开始或停止地址，但对objdump使用简单的-d参数)，我仍然在任何地方都看不到该符号.只要所讨论的函数是静态的，就有意义，因此不会导出.但是，valgrind将报告函数名称，因此必须将其存储在某个位置.

But even operating on that single file, and even disassembling all the code (i.e. without start or stop address, but plain -d parameter to objdump), I still don't see that symbol anywhere. Which makes sense insofar as the function in question is static, so it isn't exported. Nevertheless, valgrind will report the function name, so it has to be stored somewhere.

查看调试部分的详细信息，我发现在.debug_str部分中提到的名称，但是我不知道有什么工具可以将其转换为地址范围.

Looking at the details of the debug sections, I find that name mentioned in the .debug_str section, but I don't know a tool which can turn this into an address range.

推荐答案

我建议使用gdb作为最简单的方法.您甚至可以单线完成此操作，例如:

I would suggest using gdb as the simplest approach. You can even do it as a one-liner, like:

gdb -batch -ex 'file /bin/ls' -ex 'disassemble main'

这篇关于如何使用objdump反汇编一个函数?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！