<a href="https://colab.research.google.com/github/YonatanSchuster/CSS-Challenges/blob/master/Copy_of_Linux_Objdump_Command_tutorial.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

# Linux Objdump Command Examples 
(Disassemble a Binary File)

by Himanshu Arora on September 21, 2012

[Link to original post location (The Geek Stuff)](https://www.thegeekstuff.com/2012/09/objdump-examples/)

Googl Colab version (with minor modifications) By Yoram Segal April 22, 2021

### Important note
To practice with this notebook,

 **You must copy this notebook to your local Google Drive.**

Use the following notebook Menu command:

`File->Save a copy in Drive`

##  **Objdump** command
Objdump command in Linux is used to provide thorough information on object files. This command is mainly used by the programmers who work on compilers, but still its a very handy tool for **cyber programmers** also when it comes to debugging. In this tutorial, we will understand how to use objdump command through some examples.

Basic syntax of objdump is :



```
$ objdump [options] objfile...
```
There is a wide range of options available for this command. We will try to cover a good amount of them in this tutorial.


## Examples

The ELF binary file (compiled C code file) of the following C program is used in all the examples mentioned in this article. It name after comilation is **factorial**

Run the following code section in order to creat a valide C code

In [None]:
!echo "#include<stdio.h>" > myObjDump.c
!echo " " >> myObjDump.c
!echo " " >> myObjDump.c
!echo "int main(void)" >> myObjDump.c
!echo "{ " >> myObjDump.c
!echo "    int n = 6; " >> myObjDump.c
!echo "    float f=1; " >> myObjDump.c
!echo "    int i = 1; " >> myObjDump.c
!echo "    for(;i<=n;i++) " >> myObjDump.c
!echo "        f=f*i; " >> myObjDump.c
!echo "   printf(\"\n Factorial is : [%f]\n\",f); " >> myObjDump.c
!echo "   return 0; " >> myObjDump.c
!echo "} " >> myObjDump.c
!echo " " >> myObjDump.c
!cat myObjDump.c 

#include<stdio.h>
 
 
int main(void)
{ 
    int n = 6; 
    float f=1; 
    int i = 1; 
    for(;i<=n;i++) 
        f=f*i; 
   printf("\n Factorial is : [%f]\n",f); 
   return 0; 
} 
 


Compile the C code in order to create our working file **"factorial"**

In [None]:
!gcc myObjDump.c -o factorial

Note: The above **factorial** is just a test code that was being used for some other purpose, but I found it simple enough to use for this article.

### 1. Display the contents of the overall file header using -f option
Consider the following example :

In [None]:
!objdump -f factorial

So we see that the information related to the overall file header was shown in the output.

NOTE: The executable format used in the examples is ELF. To know more about it, refer to our article on [ELF file format](https://www.thegeekstuff.com/2012/07/elf-object-file-format/).

### 2.Display object format specific file header contents using -p option
The following example prints the object file format specific information.

In [None]:
! objdump -p factorial

### 3. Display the contents of the section headers using -h option

There can be various sections in an object file. Information related to them can be printed using -h option.

The following examples shows various sections.

In [None]:
!objdump -h factorial

So we see that the information related to all the section headers was printed in the output. 

In the output above, 
> **Size** is the size of the loaded section, 

> **VMA** represents the virtual memory address, 

> **LMA** represents the logical memory address, 

> **File** off is this section’s offset from the beginning of the file, 

> **Algn** represents alignment,

> **CONTENTS, ALLOC, LOAD, READONLY, DATA** are flags that represent that a particular section is to be LOADED or is READONLY etc.




### 4. Display the contents of all headers using -x option

Information related to all the headers in the object file can be retrieved using the -x option.

The following example displays **all** the sections:

In [None]:
!objdump -x factorial

### 5. Display assembler contents of executable sections using -d option

Consider the following example. The assembler contents of executable sections (in the object file) are displayed in this output:

In [None]:
!objdump -d factorial

### 6. Display assembler contents of all sections using -D option

In case **the assembler contents of all the sections is required** in output, the option -D can be used.

Since the output will be very long, you can clipp it page by page but only if you are running this command in a regular Linux terminal and not inside this Google Colab. 

If you use a regular Linux terminal, you can use the pager command for controlling the output: 

```
# objdump -D factorial | pager
```

For this google Colab notebook consider the following command :

In [None]:
!objdump -D factorial 

### 7. Display the full contents of all sections using -s option

Consider the following example :

In [None]:
!objdump -s factorial

So we see that the complete contents for all the sections were displayed in the output.

### 8. Display debug information using -g option

Consider the following example:

In [None]:
!objdump -g factorial

### 9. Display the contents of symbol table (or tables) using the -t option

Consider the following example :

In [None]:
!objdump -t factorial

### 10. Display the contents of dynamic symbol table using -T option

Dynamic symbols are those which are resolved during run time. The information related to these symbols can be retrieved using the -D option.

Consider the following example :

In [None]:
! objdump -T factorial

### 11. Display the dynamic relocation entries in the file using -R option

Consider the following example:

In [None]:
!objdump -R factorial

12. Display section of interest using -j option

This is extremely useful when you know the section related to which the information is required. The option -j is used in this case.
(For the list of avalible sections see Example 3 above)

Consider the following example :

In [None]:
!objdump -s -j.init factorial

So we see that information related to .init section was displayed above.

### 13. Accept input options from a file using @ option

If you want, the options to objdump can be read from a file. This can be done using ‘@’ option.

Consider the following example :

In [None]:
!objdump -v -i

In this example above, we have used the -v and -i options. While -v is used to print the version information, -i is used to provide supported object formats and architectures.

Now let's created a file and add these two options there.

In [None]:
!echo "-v -i">options.txt
!cat options.txt

Execute the **objdump** by calling the **options.txt** file as shown below. This displays the same output as above, as it is reading the options from the options.txt file.

In [None]:
!objdump @options.txt