objdump explained

objdump
Operating System:Unix and Unix-like
Genre:Command
License:GNU GPL

objdump is a command-line program for displaying various information about object files on Unix-like operating systems. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine-grained control over executables and other binary data. objdump uses the BFD library to read the contents of object files. Similar utilities are Borland TDUMP, Microsoft DUMPBIN and readelf.

On certain platforms (e.g. macOS), the objdump binary may actually be a link to LLVM's objdump, with different command-line options and behavior.

Example

For example,

$ objdump -D -M intel file.bin | grep main.: -A20

This performs disassembly on the file «file.bin», with the assembly code shown in Intel syntax. We then redirect it to grep, which searches the main function and displays 20 lines of its code.

Example output: 4004ed

: 4004ed: 55 push rbp 4004ee: 48 89 e5 mov rbp,rsp 4004f1: c7 45 ec 00 00 00 00 mov DWORD PTR [rbp-0x14],0x0 4004f8: c7 45 f0 01 00 00 00 mov DWORD PTR [rbp-0x10],0x1 4004ff: c7 45 f4 02 00 00 00 mov DWORD PTR [rbp-0xc],0x2 400506: c7 45 f8 03 00 00 00 mov DWORD PTR [rbp-0x8],0x3 40050d: c7 45 fc 04 00 00 00 mov DWORD PTR [rbp-0x4],0x4 400514: c7 45 ec 00 00 00 00 mov DWORD PTR [rbp-0x14],0x0 40051b: eb 13 jmp 400530 40051d: 8b 05 15 0b 20 00 mov eax,DWORD PTR [rip+0x200b15] # 601038 400523: 83 e8 01 sub eax,0x1 400526: 89 05 0c 0b 20 00 mov DWORD PTR [rip+0x200b0c],eax # 601038 40052c: 83 45 ec 01 add DWORD PTR [rbp-0x14],0x1 400530: 8b 05 02 0b 20 00 mov eax,DWORD PTR [rip+0x200b02] # 601038 400536: 39 45 ec cmp DWORD PTR [rbp-0x14],eax 400539: 7c e2 jl 40051d 40053b: 5d pop rbp 40053c: c3 ret 40053d: 0f 1f 00 nop DWORD PTR [rax]

See also

External links