objdump -C The -C flag enables demangling: printf ‘ template<typename T> T add(T x, T y) { return x + y; } void h() { add(1, 2); add(1.0, 2.0); } ‘ > a.cpp g++ -g -std=c++11 a.cpp objdump -CS a.out The output contains demangled names: int main() { add(1, 2); 60c: e8 28 00 00 … Read more
objdump uses the DWARF debugging information compiled into the binary, which references the source file name. objdump tries to open the named source file to load the source and display it in the output. If the binary isn’t compiled with debugging information, or objdump can’t find the source file, then you don’t get source code … Read more
You can use nm and size to get the size of functions and ELF sections. To get the size of the functions (and objects with static storage duration): $ nm –print-size –size-sort –radix=d tst.o The second column shows the size in decimal of function and objects. To get the size of the sections: $ size … Read more
from binutils/readelf.c: /* The difference between readelf and objdump: Both programs are capabale of displaying the contents of ELF format files, so why does the binutils project have two file dumpers ? The reason is that objdump sees an ELF file through a BFD filter of the world; if BFD has a bug where, say, … Read more
I found the solution to my own question on a different forum. It looks something like this: objdump -b binary –adjust-vma=0xabcd1000 -D file.bin I’ve tested this and it works.
See Why Does GCC LEA EIZ?: Apparently %eiz is a pseudo-register that just evaluates to zero at all times (like r0 on MIPS). … I eventually found a mailing list post by binutils guru Ian Lance Taylor that reveals the answer. Sometimes GCC inserts NOP instructions into the code stream to ensure proper alignment and … Read more
I don’t think there is any reliable way to do this. Machine code formats are very complicated, more complicated than assembly files. It isn’t really possible to take a compiled binary (say, in ELF format) and produce a source assembly program which will compile to the same (or similar-enough) binary. To gain an understanding of … Read more
The answer depends on the platform. On most platforms, if output from readelf –relocs foo.o | egrep ‘(GOT|PLT|JU?MP_SLOT)’ is empty, then either foo.o was not compiled with -fPIC, or foo.o doesn’t contain any code where -fPIC matters.
COLUMN ONE: the symbol’s value COLUMN TWO: a set of characters and spaces indicating the flag bits that are set on the symbol. There are seven groupings which are listed below: group one: (l,g,,!) local, global, neither, both. group two: (w,) weak or strong symbol. group three: (C,) symbol denotes a constructor or an ordinary … Read more
What you’re looking for is -M intel. Use it as follows. objdump -M intel -d program_name