DISASSEMBLING FILES

BASIC DISASSEMBLY: .TEXT (EXECUTABLE CODE)

root@sre:~$ objdump -M intel -d helloWorld
 helloWorld:     file format elf64-x86-64

 Disassembly of section .text:

 0000000000401000 <_start>:
  401000:	b8 01 00 00 00       	mov    eax,0x1
  401005:	bf 01 00 00 00       	mov    edi,0x1
  40100a:	48 be 00 20 40 00 00 	movabs rsi,0x402000
  401011:	00 00 00
  401014:	ba 12 00 00 00       	mov    edx,0x12
  401019:	0f 05                	syscall
  40101b:	b8 3c 00 00 00       	mov    eax,0x3c
  401020:	bf 00 00 00 00       	mov    edi,0x0
  401025:	0f 05                	syscall

 * the -M intel specifies to write the instructions in the Intel syntax
   instead of the default AT&T syntax
 * the -d option instructs objdump to disassemble all executable sections in the binary.
    -  this only disassemble the .text section of the code

BASIC DISASSEMBLY: STRING & .DATA (NON EXECUTABLE CODE)

root@sre:~$ objdump -sj .data helloWorld
 helloWorld:     file format elf64-x86-64

 Contents of section .data:
  402000 48656c6c 6f204854 42204163 6164656d  Hello HTB Academ
  402010 7921                                 y!

 * the -s option dumps the full contents (hex + ASCII) of the specified section(s). It 
   shows all data bytes, not just strings. It’s useful to inspect raw data like 
   initialized variables.
 * the -j option restricts the output to the specified section only (e.g., .data). it 
   can be combined with -s or -d to limit their scope to that section
 * the .data section usually contains initialized, non-executable data. Therefore:
    - disassembling (-d) the .data section usually produces no output or warnings, 
      because there’s no valid code there.
 * the -j option only examines the .data section
    - it restricts the output to the .data section only
       - remember .data is NOT executable; trying to disassemble .data usually gives
         no output or warnings
          - it’s usually more meaningful to use -d with executable sections like .text, 
            and -s with data sections like .data.

DISPLAYING ASSEMBLY CODE W/O MACHINE CODE

root@sre:~$ objdump -M intel --no-show-raw-insn --no-addresses -d helloWorld

helloWorld:     file format elf64-x86-64

Disassembly of section .text:

<_start>:
        mov    eax,0x1
        mov    edi,0x1
        movabs rsi,0x402000
        mov    edx,0x12
        syscall 
        mov    eax,0x3c
        mov    edi,0x0
        syscall
        
 * the --no-show-raw-insn --no-addresses flags disables machine code int the output

PreviousOBJDUMP NextVIEWING ADDRESSES

Last updated 3 months ago