Skip to content

Latest commit

 

History

History
277 lines (212 loc) · 4.32 KB

objdump.md

File metadata and controls

277 lines (212 loc) · 4.32 KB
Raw

Objdump Comprehensive Cheatsheet

Installation Instructions

Windows

# Using Chocolatey
choco install binutils

# Using MSYS2
pacman -S mingw-w64-x86_64-binutils

Linux (Ubuntu/Debian)

sudo apt-get update
sudo apt-get install binutils

macOS

# Using Homebrew
brew install binutils

# Using MacPorts
sudo port install binutils

Basic Commands and Usage

Basic File Analysis

  1. Display File Headers
objdump -f executable
  1. Display All Headers
objdump -x executable
  1. Disassemble All Sections
objdump -d executable
  1. Display Relocation Entries
objdump -r executable

Disassembly Options

  1. Intel Syntax Disassembly
objdump -M intel -d executable
  1. AT&T Syntax Disassembly
objdump -M att -d executable
  1. Disassemble Specific Section
objdump -d -j .text executable
  1. Source Code Intermixed
objdump -S executable

Symbol Table Analysis

  1. Display Symbol Table
objdump -t executable
  1. Display Dynamic Symbol Table
objdump -T executable

Section Analysis

  1. Display All Sections Content
objdump -s executable
  1. Display Full Contents of Sections
objdump -s -j .rodata executable

Advanced Options

  1. Show File Offsets
objdump --show-raw-insn -d executable
  1. Demangle C++ Symbols
objdump -C -d executable
  1. Display Debug Information
objdump --dwarf executable

Format-Specific Options

  1. Display Architecture Specific Information
objdump -a executable
  1. Display Private Headers
objdump -p executable

Analysis Techniques

  1. Find String References
objdump -s -j .rodata executable | grep "string"
  1. Analyze Function Calls
objdump -d executable | grep "call"
  1. Extract All Strings
objdump -s -j .rodata executable

Advanced Analysis

  1. Display Line Numbers
objdump -l -d executable
  1. Show All Information
objdump -x -d -s executable
  1. Analyze Dynamic Relocations
objdump -R executable

Section Information

  1. Display Section Headers
objdump -h executable
  1. Show Section Contents and Disassembly
objdump -s -d executable

Special Purpose Analysis

  1. Extract CTF (Compact C Type Format) Data
objdump --ctf executable
  1. Display Source File Names
objdump -W executable

Binary Analysis Tips

  1. Find Entry Point
objdump -f executable | grep "start address"
  1. Examine GOT (Global Offset Table)
objdump -R executable | grep "GLOB"
  1. Analyze PLT (Procedure Linkage Table)
objdump -d -j .plt executable

Common Use Cases

Malware Analysis

# Extract all strings and disassembly
objdump -s -d suspicious_file > analysis.txt

# Look for suspicious functions
objdump -d suspicious_file | grep -E "system|exec|shell"

Reverse Engineering

# Generate full disassembly with source
objdump -S -d --no-show-raw-insn binary > disassembly.txt

# Analyze specific function
objdump -d binary | grep -A20 "<function_name>:"

Debugging

# Get debugging symbols
objdump -g executable

# Show line numbers with disassembly
objdump -d -l executable

Best Practices

  • Always back up binaries before analysis
  • Use multiple analysis passes with different options
  • Combine with other tools (strings, readelf, etc.)
  • Document findings systematically
  • Verify findings with multiple approaches

Common Issues and Solutions

Permission Issues

# Fix permission denied
chmod +x executable

Large Files

# Handle large output
objdump -d large_executable | tee analysis.txt

Symbol Resolution

# Resolve stripped binaries
objdump -d stripped_binary --syms

Advanced Usage Examples

Custom Format Output

objdump -s --section=.data -j .data executable

Scripting Integration

# Extract all function names
objdump -t executable | grep "F .text" | cut -d " " -f12

Security Analysis

# Check for security features
objdump -x executable | grep -E "RELRO|BIND_NOW|NX"