objdump与readelf.pdf

objdump 与 readelf对比objdump 与readelfobjdump 和readelf 都可以用来查看二进制文件的一些内部信息. 区别在于 objdump借助 BFD 而更加通用一些, 可以应付不同文件格式, readelf则并不借助 BFD,而是直接读取 ELF 格式文件的信息, 按 readelf 手册页上所说, 得到的信息也略细致一些.几个功能对比. 1. 反汇编代码查看源代码被翻译成的汇编代码, 大概有 3 种方法,1) 通过编译器直接从源文件生成, 如 gcc -S2) 对目标代码反汇编, 一种是静态反汇编, 就是使用objdump3) 另外一种就是对运行时的代码反汇编, 一般通过 gdbreadelf 并不提供反汇编功能. objdump 可以指定反汇编哪个节, 一般只有对包含指令的节反汇编才有意义. 而对于一些其他的类型的节, objdump 也可以将特殊节的数据以解析后的形式呈现出来,例如对于.plt, 输出如下: [qtl@courier lib]$ objdump -d -j .pltlibfoobar.so libfoobar.so:file formatelf32-i386Disassembly of section .plt:000003a4<__gmon_start__@plt-0x10>:3a4:ff b3 04 00 00 00pushl0x4(%ebx)3aa:ff a3 08 00 00 00jmp*0x8(%ebx)3b0:00 00add%al,(%eax) ...000003b4 <__gmon_start__@plt>:3b4:ff a3 0c 00 00 00jmp*0xc(%ebx)3ba:68 00 00 00 00push$0x03bf:e9 e0 ff ff ffjmp3a4<_init+0x18>000003c4 <cos@plt>:3c4:ff a3 10 00 00 00jmp*0x10(%ebx)3ca:68 08 00 00 00push$0x83cf:e9 d0 ff ff ffjmp3a4<_init+0x18>000003d4 <fwrite@plt>:3d4:ff a3 14 00 00 00jmp*0x14(%ebx)3da:68 10 00 00 00push$0x103df:e9 c0 ff ff ffjmp3a4<_init+0x18>000003e4 <fprintf@plt>:3e4:ff a3 18 00 00 00jmp*0x18(%ebx)3ea:68 18 00 00 00push$0x183ef:e9 b0 ff ff ffjmp3a4<_init+0x18>000003f4 <__cxa_finalize@plt>:3f4:ff a3 1c 00 00 00jmp*0x1c(%ebx)3fa:68 20 00 00 00push$0x203ff:e9 a0 ff ff ffjmp3a4<_init+0x18>2. 显示 relocation 节的条目-r 参数显示 elf 文件的类型为 REL 的节的信息, 使用-S 参数可以列出 elf 文件的所有节的信息, 其中也就包括了 REL 节. 对于可重定位文件两者显示条目一致, 最重要的offset和type以及Sym.Name都有.下面是两者输出的对比. [qtl@courier lib]$ readelf -r bar.oRelocation section '.rel.text' at offset 0x4bc contains 6entries:OffsetInfoTypeSym.ValueSym.Name0000000800000b02 R_386_PC3200000000__i686.get_pc_thunk.bx0000000e00000c0a R_386_GOTPC00000000_GLOBAL_OFFSET_TABLE_0000002500000d04 R_386_PLT3200000000cos0000002e00000e03 R_386_GOT3200000000stdout0000004400000509 R_386_GOTOFF00000000 .rodata0000005000000f04 R_386_PLT3200000000fprintf[qtl@courier lib]$ objdump -r bar.o bar.o:fileformat elf32-i386RELOCATION RECORDS FOR [.text]:OFFSETTYPEVALUE00000008 R_386_PC32__i686.get_pc_thunk.bx0000000e R_386_GOTPC_GLOBAL_OFFSET_TABLE_00000025 R_386_PLT32cos0000002e R_386_GOT32stdout00000044 R_386_GOTOFF .rodata00000050 R_386_PLT32fprintf 对于共享库,[qtl@courier lib]$ readelf -r libfoobar.so Relocation section'.rel.dyn' at offset 0x334 contains 6 entries:OffsetInfoTypeSym.ValueSym.Name0000160800000008 R_386_RELATIVE0000170400000008 R_386_RELATIVE000016d400000106 R_386_GLOB_DAT00000000__gmon_start__000016d800000206 R_386_GLOB_DAT00000000_Jv_RegisterClasses000016dc00000606 R_386_GLOB_DAT00000000stdout000016e000000706 R_386_GLOB_DAT00000000__cxa_finalizeRelocation section '.rel.plt' at offset 0x364contains 5 entries:OffsetInfoTypeSym.ValueSym.Name000016f000000107 R_386_JUMP_SLOT00000000__gmon_start__000016f400000307 R_386_JUMP_SLOT00000000cos000016f800000407 R_386_JUMP_SLOT00000000fwrite000016fc00000507 R_386_JUMP_SLOT00000000fprintf0000170000000707 R_386_JUMP_SLOT00000000__cxa_finalize[qtl@courier lib]$ objdump -R libfoobar.solibfoobar.so:file format elf32-i386DYNAMICRELOCATION RECORDSOFFSETTYPEVALUE00001608 R_386_RELATIVE*ABS*00001704 R_386_RELATIVE*ABS*000016d4 R_386_GLOB_DAT__gmon_start__000016d8 R_386_GLOB_DAT_Jv_RegisterClasses000016dc R_386_GLOB_DATstdout000016e0 R_386_GLOB_DAT__cxa_finalize000016f0 R_386_JUMP_SLOT__gmon_start__000016f4 R_386_JUMP_SLOTcos000016f8 R_386_JUMP_SLOTfwrite000016fc R_386_JUMP_SLOTfprintf00001700 R_386_JUMP_SLOT__cxa_finalize 有上面可以看出, readelf 的显示分节, 而 objdump 则将两个节合在一起. readelf 的显示更加清晰一些. 3. 显示动态重定位条目(或者可以认为是动态链接相关的重定位条目)(按 objdump 的 man page 说明, 只对 dynamic object 有效,如某些类型的共享库)readelf 和 objdump 等价的命令为 readelf -D -r file 和objdump -R file. 对 readelf 使用-r 和-D -r 的区别, 对于共享库在于数据的呈现方式略有不同. 这两种都将数据解析后呈现出来. 前者显示的是相对于基地址的偏移, 后者则显示绝对偏移量.前者显示条目数, 后者显示字节数. 两者输出对比:[qtl@courier lib]$ readelf -D -r libfoobar.so 'REL' relocationsection at offset 0x334 contains 48 bytes:OffsetInfoTypeSym.ValueSym.Name0000160800000008 R_386_RELATIVE0000170400000008 R_386_RELATIVE000016d400000106 R_386_GLOB_DAT00000000__gmon_start__000016d800000206 R_386_GLOB_DAT00000000_Jv_RegisterClasses000016dc00000606 R_386_GLOB_DAT00000000stdout000016e000000706 R_386_GLOB_DAT00000000__cxa_finalize'PLT' relocation section at offset 0x364contains 40 bytes:OffsetInfoTypeSym.ValueSym.Name000016f000000107 R_386_JUMP_SLOT00000000__gmon_start__000016f400000307 R_386_JUMP_SLOT00000000cos000016f800000407 R_386_JUMP_SLOT00000000fwrite000016fc00000507 R_386_JUMP_SLOT00000000fprintf0000170000000707 R_386_JUMP_SLOT00000000__cxa_finalize[qtl@courier lib]$ objdump -R libfoobar.solibfoobar.so:file format elf32-i386DYNAMICRELOCATION RECORDSOFFSETTYPEVALUE00001608 R_386_RELATIVE*ABS*00001704R_386_RELATIVE*ABS*000016d4 R_386_GLOB_DAT__gmon_start__000016d8 R_386_GLOB_DAT_Jv_RegisterClasses000016dc R_386_GLOB_DATstdout000016e0 R_386_GLOB_DAT__cxa_finalize000016f0 R_386_JUMP_SLOT__gmon_start__000016f4 R_386_JUMP_SLOTcos000016f8 R_386_JUMP_SLOTfwrite000016fc R_386_JUMP_SLOTfprintf00001700 R_386_JUMP_SLOT__cxa_finalize 另外有必要说明的是如果对可重定位文件(.o 文件)应用这两个命令是无效的,错误提示如下:[qtl@courier lib]$ readelf -D -r bar.oThere are no dynamicrelocations in this file.[qtl@courier lib]$ objdump -Rbar.obar.o:file format elf32-i386objdump: bar.o: not adynamic objectobjdump: bar.o: Invalid operation4. 显示节信息: readelf -S和 objdump -h对于可重定位文件, objdump -h 不能显示.rel 开头的节和.shstrtab, .symtab, .strtab.而 readelf 的显示有一个.group 节, 其内容为节的 group, 可以用-g 参数查看.输出如下:[qtl@courier lib]$ readelf -S bar.oThere are 13 section headers, starting at offset0x150:Section Headers:[Nr] NameTypeAddrOffSizeES Flg Lk Inf Al[ 0]NULL00000000000000 000000 0000 0[ 1] .groupGROUP00000000000034 000008 041111 4[ 2] .textPROGBITS0000000000003c 00005c 00AX00 4[ 3] .rel.textREL000000000004bc 000030 08112 4[ 4] .dataPROGBITS000098 000000 00WA00 4[ 5] .bssNOBITS000098 000000 00WA00 4[ 6] .rodataPROGBITS000098 00000e 00A00 1[ 7] .commentPROGBITS0000a6 00002e 0000 1[ 8] .text.__i686.get_ PROGBITS0000d4 000004 00 AXG00 1[ 9] .note.GNU-stackPROGBITS0000d8 000000 0000 1000000000000000000000000000000000000000000000000[10] .shstrtabSTRTAB000000000000d8 000075 0000 1[11] .symtabSYMTAB00000000000358 000110 101210 4[12] .strtabSTRTAB00000000000468 000053 0000 1Key to Flags:W (write), A (alloc), X (execute), M (merge), S (strings)I (info), L (link order), G (group), x (unknown)O (extra OS processing required) o (OS specific), p(processor specific)[qtl@courier lib]$ objdump -hbar.obar.o:file format elf32-i386Sections:Idx NameSizeVMALMAFile offAlgn0 __i686.get_pc_thunk.bx 000000080000000000000000000000342**2CONTENTS, READONLY, EXCLUDE,GROUP, LINK_ONCE_DISCARD1 .text0000005c00000000000000000000003c2**2CONTENTS, ALLOC, LOAD, RELOC,READONLY, CODE2 .data000000000000000000000000000000982**2CONTENTS, ALLOC, LOAD, DATA3 .bss000000000000000000000000000000982**2ALLOC4 .rodata0000000e0000000000000000000000982**0CONTENTS, ALLOC, LOAD,READONLY, DATA5 .comment0000002e0000000000000000000000a62**0CONTENTS, READONLY6 .text.__i686.get_pc_thunk.bx 000000040000000000000000000000d42**0CONTENTS, ALLOC, LOAD,READONLY, CODE7 .note.GNU-stack 000000000000000000000000000000d82**0CONTENTS, READONLY对于共享库,objdump -h 仍然不能显示.shstrtab, .symtab, .strtab 三个节,另外还有一个区别在于 readelf 从一个 NULL 类型的节开始, 而objdump 的输出去掉了这个空的节.[qtl@courier lib]$ readelf -S libfoobar.soThere are 27 section headers, starting at offset0x8f0:Section Headers:[Nr] NameTypeAddrOffSizeES Flg Lk Inf Al[ 0]NULL00000000000000 000000 0000 0[ 1] .gnu.hashGNU_HASH000000b40000b4 000048 04A20 4[ 2] .dynsymDYNSYM000000fc0000fc 000110 10A31 4[ 3] .dynstrSTRTAB0000020c00020c 0000b3 00A00 1[ 4] .gnu.versionVERSYM000002c00002c0 000022 02A20 2[ 5] .gnu.version_rVERNEED0002e4 000050 00A32 4[ 6] .rel.dynREL000334 000030 08A20 4[ 7] .rel.pltREL000364 000028 08A29 4[ 8] .initPROGBITS00038c 000017 00AX00 4[ 9] .pltPROGBITS0003a4 000060 04AX00 4000002e400000334000003640000038c000003a4[10] .textPROGBITS00000410000410 0001a4 00AX00 16[11] .finiPROGBITS000005b40005b4 00001c 00AX00 4[12] .rodata0005d0 00001d 00[13] .eh_frame0005f0 000004 00[14] .ctors0005f4 000008 00[15] .dtors0005fc 000008 00[16] .jcr000604 000004 00[17] .data.rel.roPROGBITSA00 1PROGBITSA00 4PROGBITSWA00 4PROGBITSWA00 4PROGBITSWA00 4PROGBITS000005d0000005f0000015f4000015fc0000160400001608000608 000004 00WA00 4[18] .dynamicDYNAMIC0000160c00060c 0000c8 08WA30 4[19] .got0006d4 000010 04[20] .got.plt0006e4 000020 04[21] .data000704 000004 00[22] .bss000708 000010 00[23] .comment000708 000114 00[24] .shstrtab00081c 0000d2 00PROGBITSWA00 4PROGBITSWA00 4PROGBITSWA00 4NOBITSWA00 4PROGBITS00 1STRTAB00 1000016d4000016e400001704000017080000000000000000[25] .symtabSYMTAB00000000000d28 0003d0 102645 4[26] .strtabSTRTAB000000000010f8 0001d7 0000 1Key to Flags:W (write), A (alloc), X (execute), M (merge), S (strings)I (info), L (link order), G (group), x (unknown)O (extra OS processing required) o (OS specific), p(processor specific)[qtl@courier lib]$ objdump -hlibfoobar.so libfoobar.so:file formatelf32-i386Sections:Idx NameSizeVMALMAFile offAlgn0 .gnu.hash00000048000000b4000000b4000000b42**2CONTENTS, ALLOC, LOAD,READONLY, DATA1 .dynsym00000110000000fc000000fc000000fc2**2CONTENTS, ALLOC, LOAD,READONLY, DATA2 .dynstr000000b30000020c0000020c0000020c2**0CONTENTS, ALLOC, LOAD,READONLY, DATA3 .gnu.version00000022000002c0000002c0000002c02**1CONTENTS, ALLOC, LOAD,READONLY, DATA4 .gnu.version_r 00000050000002e4000002e4000002e42**2CONTENTS, ALLOC, LOAD,READONLY, DATA5 .rel.dyn000000300000033400000334000003342**2CONTENTS, ALLOC, LOAD,READONLY, DATA6 .rel.plt000000280000036400000364000003642**2CONTENTS, ALLOC, LOAD,READONLY, DATA7 .init000000170000038c0000038c0000038c2**2CONTENTS, ALLOC, LOAD,READONLY, CODE8 .plt00000060000003a4000003a4000003a42**2CONTENTS, ALLOC, LOAD,READONLY, CODE9 .text000001a40000041000000410000004102**4CONTENTS, ALLOC, LOAD,READONLY, CODE10 .fini0000001c000005b4000005b4000005b42**2CONTENTS, ALLOC, LOAD,READONLY, CODE11 .rodata0000001d000005d0000005d0000005d02**0CONTENTS, ALLOC, LOAD,READONLY, DATA12 .eh_frame00000004000005f0000005f0000005f02**2CONTENTS, ALLOC, LOAD,READONLY, DATA13 .ctors00000008000015f4000015f4000005f42**2CONTENTS, ALLOC, LOAD, DATA14 .dtors00000008000015fc000015fc000005fc2**2CONTENTS, ALLOC, LOAD, DATA15 .jcr000000040000160400001604000006042**2CONTENTS, ALLOC, LOAD, DATA16 .data.rel.ro000000040000160800001608000006082**2CONTENTS, ALLOC, LOAD, DATA17 .dynamic000000c80000160c0000160c0000060c2**2CONTENTS, ALLOC, LOAD, DATA18 .got00000010000016d4000016d4000006d42**2CONTENTS, ALLOC, LOAD, DATA19 .got.plt00000020000016e4000016e4000006e42**2CONTENTS, ALLOC, LOAD, DATA20 .data000000040000170400001704000007042**2CONTENTS, ALLOC, LOAD, DATA21 .bss000000100000170800001708000007082**2ALLOC22 .comment000001140000000000000000000007082**0CONTENTS, READONLY5. 显示.dynamic 节信息只 readelf -d 有对应的功能, objdump 没有. 另外需要注意,看重定位文件不需要动态链接(加载), 所以没有.dynamic 节. 对于共享库文件输出如下: [qtl@courier lib]$ readelf -d libfoobar.so Dynamicsection at offset 0x60c contains 21 entries:TagTypeName/Value0x00000001 (NEEDED)library: [libm.so.6]0x00000001 (NEEDED)library: [libc.so.6]0x0000000c (INIT)0x0000000d (FINI)0x6ffffef5 (GNU_HASH)0x00000005 (STRTAB)0x00000006 (SYMTAB)SharedShared0x38c0x5b40xb40x20c0xfc0x0000000a (STRSZ)179(bytes)0x0000000b (SYMENT)16(bytes)0x00000003 (PLTGOT)0x00000002 (PLTRELSZ)0x00000014 (PLTREL)0x00000017 (JMPREL)0x00000011 (REL)0x00000012 (RELSZ)0x00000013 (RELENT)0x6ffffffe (VERNEED)0x16e440 (bytes)REL0x3640x33448 (bytes)8 (bytes)0x2e40x6fffffff (VERNEEDNUM)20x6ffffff0 (VERSYM)0x2c00x6ffffffa (RELCOUNT)20x00000000 (NULL)0x06. 显示程序段信息第二个 readelf 支持而 objdump 没有的功能. 命令参数为readelf -l.同样, 对于可重定位文件而言没有段. 这一点也可以从 ELF头中看到, 命令为 readelf -h. [qtl@courier lib]$ readelf -llibfoobar.so Elf file type is DYN (Shared object file)Entry point 0x410There are 4 program headers, starting atoffset 52Program Headers:TypeOffsetVirtAddrPhysAddrFileSiz MemSizFlg AlignLOAD0x000000 0x00000000 0x000000000x005f4 0x005f4 R E 0x1000LOAD0x0005f4 0x000015f4 0x000015f40x00114 0x00124 RW0x1000DYNAMIC0x00060c 0x0000160c 0x0000160c0x000c8 0x000c8 RW0x4GNU_STACK0x000000 0x000000000x00000000 0x00000 0x00000 RW0x4 Section toSegment mapping:Segment Sections...00 .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn.rel.plt .init .plt .text .fini .rodata .eh_frame01 .ctors .dtors .jcr .data.rel.ro .dynamic .got .got.plt .data .bss02 .dynamic037. 以字节(HEX 或字符)形式 dump 某节的内容readelf -x <secname>objdump -s后者默认一次 dump 所有节的内容. 如果只想 dump 某节的内容, 则用-j <secname>参数指定. readelf 一次只能 dump 某一节的内容. 两者输出如下: [qtl@courier lib]$ readelf -x .dynamic libfoobar.soHex dump of section '.dynamic':0x0000160c 0000007b 00000001 0000007100000001 ....q.......{...0x0000161c 000005b4 0000000d 0000038c0000000c ................0x0000162c 0000020c 00000005 000000b46ffffef5 ...o............0x0000163c 000000b3 0000000a 000000fc00000006 ................0x0000164c 000016e4 00000003 000000100000000b ................0x0000165c 00000011 00000014 0000002800000002 ....(...........0x0000166c 00000334 00000011 0000036400000017 ....d.......4...0x0000167c 00000008 00000013 0000003000000012 ....0...........0x0000168c 00000002 6fffffff 000002e46ffffffe ...o.......o....0x0000169c 00000002 6ffffffa 000002c06ffffff0 ...o.......o....0x000016ac 00000000 00000000 0000000000000000 ................0x000016bc 00000000 00000000 0000000000000000 ................0x000016cc0000000000000000 ........[qtl@courier lib]$ objdump -s -j .dynamiclibfoobar.so libfoobar.so:file formatelf32-i386Contents of section .dynamic:160c 01000000 71000000 010000007b000000 ....q.......{...161c 0c000000 8c030000 0d000000b4050000 ................162c f5feff6f b4000000 05000000 0c020000 ...o............163c 06000000 fc000000 0a000000b3000000 ................164c 0b000000 10000000 03000000e4160000 ................165c 02000000 28000000 1400000011000000 ....(...........166c 17000000 64030000 1100000034030000 ....d.......4...167c 12000000 30000000 1300000008000000 ....0...........168c feffff6f e4020000 ffffff6f 02000000169c f0ffff6f c0020000 faffff6f 0200000016ac 00000000 00000000 0000000000000000 ................ ...o.......o.... ...o.......o....16bc 00000000 00000000 0000000000000000 ................16cc 00000000 00000000 ........8. 查看 ELF 程序头信息readelf -h 提供完整的信息, objdump -f只提供很少的信息. 9.查看符号信息readelf -sobjdump -t两个命令都提供类似 nm 的信息. 输出如下: [qtl@courierlib]$ readelf -s libfoobar.so Symbol table '.dynsym'contains 17 entries:Num:ValueSize TypeBindVisNdxName0: 000000000 NOTYPELOCALDEFAULTUND1: 000000000 NOTYPEWEAKDEFAULTUND __gmon_start__2: 000000000 NOTYPEUND _Jv_RegisterClasses3: 0000000038 FUNCUND cos@GLIBC_2.0 (2)4: 00000000351 FUNCUND fwrite@GLIBC_2.0 (3)5: 0000000036 FUNCUND fprintf@GLIBC_2.0 (3)6: 000000004 OBJECTUND stdout@GLIBC_2.0 (3)7: 00000000346 FUNCUND __cxa_finalize@GLIBC_2.1.3WEAKDEFAULTGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULTWEAKDEFAULT(4)8: 0000052092 FUNCGLOBAL DEFAULT10 bar9: 000004dc10 foo10: 00001718ABS _end11: 00001708ABS _edata12: 0000170c22 foo_var13: 00001708ABS __bss_start14: 0000038c66 FUNC0 NOTYPE0 NOTYPE4 OBJECT0 NOTYPE0 FUNCGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULT8 _init15: 000005b40 FUNCGLOBAL DEFAULT11 _fini16: 000017108 OBJECTGLOBAL DEFAULT22 bar_varSymbol table '.symtab' contains 61 entries:Num:ValueSize TypeBindVisNdxName0: 000000000 NOTYPELOCALDEFAULTUND1: 000000b40 SECTION LOCALDEFAULT12: 000000fc0 SECTION LOCALDEFAULT23: 0000020c0 SECTION LOCALDEFAULT34: 000002c00 SECTION LOCALDEFAULT45: 000002e40 SECTION LOCALDEFAULT56: 0000033467: 0000036478: 0000038c89: 000003a4910: 00000410100 SECTION LOCAL0 SECTION LOCAL0 SECTION LOCAL0 SECTION LOCAL0 SECTION LOCALDEFAULTDEFAULTDEFAULTDEFAULTDEFAULT11: 000005b40 SECTION LOCALDEFAULT1112: 000005d00 SECTION LOCALDEFAULT1213: 000005f01314: 000015f41415: 000015fc1516: 000016041617: 000016081718: 0000160c0 SECTION LOCAL0 SECTION LOCAL0 SECTION LOCAL0 SECTION LOCAL0 SECTION LOCAL0 SECTION LOCALDEFAULTDEFAULTDEFAULTDEFAULTDEFAULTDEFAULT1819: 000016d40 SECTION LOCALDEFAULT1920: 000016e42021: 000017042122: 000017082223: 000000002324: 0000041010 call_gmon_start25: 00000000ABS crtstuff.c0 SECTION LOCALDEFAULT0 SECTION LOCALDEFAULT0 SECTION LOCALDEFAULT0 SECTION LOCALDEFAULT0 FUNCLOCALDEFAULT0 FILELOCALDEFAULT26: 000015f40 OBJECTLOCALDEFAULT14 __CTOR_LIST__27: 000015fc0 OBJECTLOCALDEFAULT15 __DTOR_LIST__28: 000016040 OBJECT16 __JCR_LIST__29: 000017081 OBJECT22 completed.575830: 000017040 OBJECT21 p.575631: 000004400 FUNC10 __do_global_dtors_aux32: 000004a00 FUNC10 frame_dummyLOCALLOCALLOCALLOCALLOCALDEFAULTDEFAULTDEFAULTDEFAULTDEFAULT33: 000000000 FILELOCALDEFAULTABS crtstuff.c34: 000015f80 OBJECTLOCALDEFAULT14 __CTOR_END__35: 000016000 OBJECTLOCALDEFAULT15 __DTOR_END__36: 000005f00 OBJECTLOCALDEFAULT13 __FRAME_END__37: 000016040 OBJECTLOCALDEFAULT16 __JCR_END__38: 000005800 FUNCLOCALDEFAULT10 __do_global_ctors_aux39: 000000000 FILELOCALDEFAULTABS foo.c40: 000000000 FILELOCALDEFAULTABS bar.c41: 000016e40 OBJECTLOCALHIDDENABS _GLOBAL_OFFSET_TABLE_42: 000016080 OBJECT17 __dso_handle43: 000004d70 FUNC10 __i686.get_pc_thunk.bx44: 0000160c0 OBJECTABS _DYNAMIC45: 0000052092 FUNC10 bar46: 000000000 NOTYPEUND __gmon_start__47: 000000000 NOTYPEUND _Jv_RegisterClassesLOCALHIDDENHIDDENLOCALHIDDENGLOBAL DEFAULTWEAKDEFAULTWEAKDEFAULTLOCAL48: 000005b40 FUNCGLOBAL DEFAULT11 _fini49: 0000170c4 OBJECTGLOBAL DEFAULT22 foo_var50: 000004dc66 FUNC10 foo51: 0000000038 FUNCUND cos@@GLIBC_2.052: 00000000351 FUNCUND fwrite@@GLIBC_2.053: 0000000036 FUNCUND fprintf@@GLIBC_2.054: 000017080 NOTYPEABS __bss_startGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULTGLOBAL DEFAULT55: 000017180 NOTYPEGLOBAL DEFAULTABS _end56: 000000004 OBJECTGLOBAL DEFAULTUND stdout@@GLIBC_2.057: 000017108 OBJECTGLOBAL DEFAULT22 bar_var58: 000017080 NOTYPEGLOBAL DEFAULTABS _edata59: 00000000346 FUNCWEAKDEFAULTUND __cxa_finalize@@GLIBC_2.160: 0000038c0 FUNCGLOBAL DEFAULT8 _init[qtl@courier lib]$ objdump -t libfoobar.so libfoobar.so:file format elf32-i386SYMBOL TABLE:000000b4 ld .gnu.hash00000000 .gnu.hash000000fc ld .dynsym00000000 .dynsym0000020c ld .dynstr00000000 .dynstr000002c0 l00000000000002e4 l0000000000000334 l0000000000000364 l000000000000038c l000003a4 ld .gnu.version .gnu.versiond .gnu.version_r .gnu.version_rd .rel.dyn .rel.dynd .rel.plt .rel.pltd .init00000000d .plt00000000 .init .plt00000410 ld .text00000000 .text000005b4 ld .fini00000000 .fini000005d0 ld .rodata00000000000005f0 l00000000000015f4 l000015fc l00001604 l00001608 l000000000000160c l00000000 .rodatad .eh_frame .eh_framed .ctors 00000000d .dtors 00000000d .jcr00000000d .data.rel.ro .data.rel.rod .dynamic .dynamic .jcr .ctors .dtors000016d4 ld .got00000000 .got000016e4 ld .got.plt00000000 .got.plt00001704 ld .data0000000000001708 ld .bss0000000000000000 ld .comment00000000 .comment00000410 lF .text00000000call_gmon_start00000000 ldf *ABS*00000000crtstuff.c000015f4 lO .ctors 00000000__CTOR_LIST__000015fc lO .dtors 00000000 .data .bss__DTOR_LIST__00001604 lO .jcr00000000__JCR_LIST__00001708 lO .bss00000001completed.575800001704 lO .data00000000p.575600000440 lF .text00000000__do_global_dtors_aux000004a0 lF .text00000000frame_dummy00000000 ldf *ABS*00000000crtstuff.c000015f8 lO .ctors 00000000__CTOR_END__00001600 lO .dtors 00000000__DTOR_END__000005f0 lO .eh_frame00000000__FRAME_END__00001604 lO .jcr00000000__JCR_END__00000580 lF .text00000000__do_global_ctors_aux00000000 ldf *ABS*0000000000000000 ldf *ABS*00000000000016e4 lO *ABS*00000000 .hidden_GLOBAL_OFFSET_TABLE_00001608 lO .data.rel.rofoo.cbar.c00000000 .hidden __dso_handle000004d7 lF .text00000000 .hidden__i686.get_pc_thunk.bx0000160c lO *ABS*00000000 .hidden _DYNAMIC00000520 gF .text0000005c00000000w*UND*00000000__gmon_start__00000000w*UND*00000000_Jv_RegisterClasses000005b4 gF .fini000000000000170c gO .bss00000004foo_var000004dc gF .text00000042bar_finifoo00000000F *UND*00000026cos@@GLIBC_2.000000000F *UND*0000015ffwrite@@GLIBC_2.000000000F *UND*00000024fprintf@@GLIBC_2.000001708 g*ABS*00000000__bss_start00001718 g*ABS*00000000_end00000000O *UND*00000004stdout@@GLIBC_2.000001710 gO .bss00000008bar_var00001708 g*ABS*00000000_edata00000000wF *UND*0000015a__cxa_finalize@@GLIBC_2.1.30000038c gF .init00000000_init 注意 readelf 同时显示了.dynsym 的信息, 而 objdump 实际上只显示了.symtab 部分的信息.如果需要显示动态部分的符号, 使用-T 参数. 输出如下:[qtl@courier lib]$ objdump -T libfoobar.so libfoobar.so:file format elf32-i386DYNAMIC SYMBOL TABLE:00000000wD*UND*00000000__gmon_start__00000000wD*UND*00000000_Jv_RegisterClasses00000000DF *UND*00000026GLIBC_2.0cos00000000DF *UND*0000015fGLIBC_2.0fwrite00000000DF *UND*00000024GLIBC_2.0fprintf00000000stdout00000000w__cxa_finalize00000520 g000004dc g00001718 g_end00001708 g_edataDO *UND*00000004GLIBC_2.0DF *UND*0000015aGLIBC_2.1.3DF .text0000005cBasebarDF .text00000042BasefooD*ABS*00000000BaseD*ABS*00000000Base0000170c gDO .bss00000004Basefoo_var00001708 gD*ABS*00000000Base__bss_start0000038c gDF .init00000000Base_init000005b4 gDF .fini00000000Base_fini00001710 gDO .bss00000008Basebar_var对readelf同时使用-D -s参数无效. 对照手册页说明也没弄清楚-D 的主要用途,在这里可能因为-s 已经能够都显示了. 10. 一次全部两个命令都提供了一个参数, 指定多个其他参数的集合一起显示, 但显示内容略有不同.readelf -a:-h -l -S-r -s -d -n -Vobjdump -x: -a -f-h -p -r -t。