linux汇编nasm、反汇编ndisasm

NASM(The Netwide Assembler),是一款基于80x86和x86-64平台的汇编语言编译程序,其设计初衷是为了实现编译器程序跨平台和模块化的特性。

NASM支持大量的文件格式,包括Linux,*BSD,a.out,ELF,COFF,Mach−O,Microsoft 16−bit OBJ,Win32以及Win64,同时也支持简单的二进制文件生成。它的语法被设计的简单易懂,相较Intel的语法更为简单,支持目前已知的所有x86架构之上的扩展语法,同时也拥有对宏命令的良好支持

-o  指定输出文件名
-f  指定输出格式

nasm支持的输出格式有

    *bin      flat-form binary files (e.g. DOS .COM, .SYS)
    ith       Intel hex
    srec      Motorola S-records
    aout      Linux a.out object files
    aoutb     NetBSD/FreeBSD a.out object files
    coff      COFF (i386) object files (e.g. DJGPP for DOS)
    elf32     ELF32 (i386) object files (e.g. Linux)
    elf64     ELF64 (x86_64) object files (e.g. Linux)
    elfx32    ELFX32 (x86_64) object files (e.g. Linux)
    as86      Linux as86 (bin86 version 0.3) object files
    obj       MS-DOS 16-bit/32-bit OMF object files
    win32     Microsoft Win32 (i386) object files
    win64     Microsoft Win64 (x86-64) object files
    rdf       Relocatable Dynamic Object File Format v2.0
    ieee      IEEE-695 (LADsoft variant) object file format
    macho32   NeXTstep/OpenStep/Rhapsody/Darwin/MacOS X (i386) object files
    macho64   NeXTstep/OpenStep/Rhapsody/Darwin/MacOS X (x86_64) object files
    dbg       Trace of all info passed to output stage
    elf       ELF (short name for ELF32)
    macho     MACHO (short name for MACHO32)
    win       WIN (short name for WIN32)


ndisasm

-e    忽略文件开头的字节数
-k offset,length   偏移字节数,要跳过的字节长度
-b(16 32 64)       默认为16位模式
root@DESKTOP-MBTVBV7:~/ccc# objdump -h main.o
main.o:     file format elf64-x86-64
Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .data         0000000d  0000000000000000  0000000000000000  00000200  2**2
                  CONTENTS, ALLOC, LOAD, DATA
  1 .text         00000022  0000000000000000  0000000000000000  00000210  2**4
                  CONTENTS, ALLOC, LOAD, RELOC, READONLY, CODE

从objdump可以看出,指令在文件偏移0x210处,长度为0x22

root@DESKTOP-MBTVBV7:~/ccc# objdump -d main.o
0000000000000000 <eeee>:
   0:   b8 01 00 00 00          mov    $0x1,%eax
   5:   bf 01 00 00 00          mov    $0x1,%edi
   a:   be 00 00 00 00          mov    $0x0,%esi
   f:   ba 0d 00 00 00          mov    $0xd,%edx
  14:   0f 05                   syscall 
  16:   b8 3c 00 00 00          mov    $0x3c,%eax
  1b:   bf 00 00 00 00          mov    $0x0,%edi
  20:   0f 05                   syscall

这里是GAS汇编AT&T语法,如果看的不舒服可以用ndisasm反汇编,由于ndisasm指令不能自己识别指令所在位置,所以得自己指定偏移地址

h结尾代表16进制,下面意思为,先跳过文件main.o的 0x210 个字节,然后开始反汇编,反汇编了 0x22 个字节时,往后跳过 10000 字节,如果后面还有字节就继续,如果没有了则终止

root@DESKTOP-MBTVBV7:~/ccc# ndisasm -b 64 main.o -e 210h -k 22h,10000
00000000  B801000000        mov eax,0x1
00000005  BF01000000        mov edi,0x1
0000000A  BE00000000        mov esi,0x0
0000000F  BA0D000000        mov edx,0xd
00000014  0F05              syscall
00000016  B83C000000        mov eax,0x3c
0000001B  BF00000000        mov edi,0x0
00000020  0F05              syscall
00000022  skipping 0x2710 bytes


上一篇: objdump、ld、ldd、readelf
下一篇: strip
作者邮箱: 203328517@qq.com