diff options
| author | johannst <johannst@users.noreply.github.com> | 2020-03-14 18:01:23 +0000 |
|---|---|---|
| committer | johannst <johannst@users.noreply.github.com> | 2020-03-14 18:01:23 +0000 |
| commit | 21e8db012f8c46f75e43a40da3f3e2676363c291 (patch) | |
| tree | bf0dc931f0cb679b8423c602c802ab05dea7314b /print.html | |
| parent | e5426455329d5b9439491d697405b8386836a154 (diff) | |
| download | notes-21e8db012f8c46f75e43a40da3f3e2676363c291.tar.gz notes-21e8db012f8c46f75e43a40da3f3e2676363c291.zip | |
deploy: 951ccb67565f34a0aa1b23ad6eef647aed5e0b4b
Diffstat (limited to 'print.html')
| -rw-r--r-- | print.html | 512 |
1 files changed, 510 insertions, 2 deletions
@@ -83,7 +83,7 @@ <nav id="sidebar" class="sidebar" aria-label="Table of contents"> <div id="sidebar-scrollbox" class="sidebar-scrollbox"> - <ol class="chapter"><li class="expanded "><a href="gdb.html"><strong aria-hidden="true">1.</strong> gdb</a></li></ol> + <ol class="chapter"><li class="expanded "><a href="ld.so.html"><strong aria-hidden="true">1.</strong> ld.so</a></li><li class="expanded "><a href="git.html"><strong aria-hidden="true">2.</strong> git</a></li><li class="expanded "><a href="gdb.html"><strong aria-hidden="true">3.</strong> gdb</a></li><li class="expanded "><a href="radare2.html"><strong aria-hidden="true">4.</strong> radare2</a></li><li class="expanded "><a href="emacs.html"><strong aria-hidden="true">5.</strong> emacs</a></li><li class="expanded "><a href="fish.html"><strong aria-hidden="true">6.</strong> fish</a></li><li class="expanded "><a href="strace.html"><strong aria-hidden="true">7.</strong> strace</a></li><li class="expanded "><a href="lsof.html"><strong aria-hidden="true">8.</strong> lsof</a></li><li class="expanded "><a href="pidstat.html"><strong aria-hidden="true">9.</strong> pidstat</a></li><li class="expanded "><a href="time.html"><strong aria-hidden="true">10.</strong> time</a></li><li class="expanded "><a href="pmap.html"><strong aria-hidden="true">11.</strong> pmap</a></li><li class="expanded "><a href="pstack.html"><strong aria-hidden="true">12.</strong> pstack</a></li><li class="expanded "><a href="perf.html"><strong aria-hidden="true">13.</strong> perf</a></li><li class="expanded "><a href="oprofile.html"><strong aria-hidden="true">14.</strong> OProfile</a></li><li class="expanded "><a href="od.html"><strong aria-hidden="true">15.</strong> od</a></li><li class="expanded "><a href="xxd.html"><strong aria-hidden="true">16.</strong> xxd</a></li><li class="expanded "><a href="readelf.html"><strong aria-hidden="true">17.</strong> readelf</a></li><li class="expanded "><a href="objdump.html"><strong aria-hidden="true">18.</strong> objdump</a></li><li class="expanded "><a href="nm.html"><strong aria-hidden="true">19.</strong> nm</a></li><li class="expanded "><a href="c++filt.html"><strong aria-hidden="true">20.</strong> c++filt</a></li></ol> </div> <div id="sidebar-resize-handle" class="sidebar-resize-handle"></div> </nav> @@ -150,7 +150,206 @@ <div id="content" class="content"> <main> - <h1><a class="header" href="#gdb1" id="gdb1">gdb(1)</a></h1> + <h1><a class="header" href="#ldso8" id="ldso8">ld.so(8)</a></h1> +<h2><a class="header" href="#environment-variables" id="environment-variables">Environment variables</a></h2> +<pre><code class="language-console"> LD_PRELOAD=<l_so> colon separated list of libso's to be pre loaded + LD_DEBUG=<opts> comman separated list of debug options + =help list available options + =libs show library search path + =files processing of input files + =symbols show search path for symbol lookup + =bindings show against which definition a symbol is bound +</code></pre> +<h2><a class="header" href="#ld_preload-load--init-order" id="ld_preload-load--init-order">LD_PRELOAD load & init order</a></h2> +<pre><code class="language-markdown"> > ldd ./main + >> libc.so.6 => /usr/lib/libc.so.6 + + > LD_PRELOAD=liba.so:libb.so ./main + --> + preloaded in this order + <-- + initialized in this order + + - preload order determines the order libs are inserted into the link map + + - resulting link map: + +------+ +------+ +------+ +------+ + | main | -> | liba | -> | libb | -> | libc | + +------+ +------+ +------+ +------+ + + - see preload and init order in action + > LD_DEBUG=files LD_PRELOAD=liba.so:libb.so ./main + # load order (-> determines link map) + >> file=liba.so [0]; generating link map + >> file=libb.so [0]; generating link map + >> file=libc.so.6 [0]; generating link map + + # init order + >> calling init: /usr/lib/libc.so.6 + >> calling init: <path>/libb.so + >> calling init: <path>/liba.so + >> initialize program: ./main + + - see the symbol lookup in action and therefore the link map order + > LD_DEBUG=symbols,bindings LD_PRELOAD=liba.so:libb.so ./main + >> symbol=memcpy; lookup in file=./main [0] + >> symbol=memcpy; lookup in file=<path>/liba.so [0] + >> symbol=memcpy; lookup in file=<path>/libb.so [0] + >> symbol=memcpy; lookup in file=/usr/lib/libc.so.6 [0] + >> binding file ./main [0] to /usr/lib/libc.so.6 [0]: normal symbol + `memcpy' [GLIBC_2.14] +</code></pre> +<h2><a class="header" href="#dynamic-linking-x86_64" id="dynamic-linking-x86_64">dynamic linking (x86_64)</a></h2> +<pre><code class="language-makrdown"> - dynamic linking basically works via one indirect jump. It uses a + combination of function trampolines (.plt) and a function pointer table + (.got.plt). On the first call the trampoline sets up some metadata and + then jumps to the ld.so runtime resolve function, which in turn patches + the table with the correct function pointer. + .plt ....... contains function trampolines, usually located in code + segment (rx permission) + .got.plt ... hold the function pointer table + + - following r2 dump shows this + - [0x00401030] indirect jump for 'puts' using function pointer in + _GLOBAL_OFFSET_TABLE_[3] + - initially points to instruction behind 'puts' trampoline [0x00401036] + - this pushes relocation index and then jumps to the first trampoline + [0x00401020] + - the first trampoline jumps to _GLOBAL_OFFSET_TABLE_[2] which will be + filled at program startup by the ld.so with its resolve function + - the resolve function fixes the relocation referenced by the + relocation index pushed by the 'puts' trampoline + - the relocation entry tells the resolve function which symbol to + search for and where to put the function pointer + > readelf -r <main> + >> Relocation section '.rela.plt' at offset 0x4b8 contains 1 entry: + >> Offset Info Type Sym. Value Sym. Name + Addend + >> 000000404018 000200000007 R_X86_64_JUMP_SLO 0000000000000000 puts@GLIBC_2.2.5 + 0 + - offset points to _GLOBAL_OFFSET_TABLE_[3] + + [0x00401040]> pd 4 @ section..got.plt + ;-- section..got.plt: + ;-- .got.plt: ; [22] -rw- section size 32 named .got.plt + ;-- _GLOBAL_OFFSET_TABLE_: + 0x00404000 .qword 0x0000000000403e10 ; section..dynamic ; obj._DYNAMIC + 0x00404008 .qword 0x0000000000000000 + ; CODE XREF from section..plt @ +0x6 + 0x00404010 .qword 0x0000000000000000 + ;-- reloc.puts: + ; CODE XREF from sym.imp.puts @ 0x401030 + 0x00404018 .qword 0x0000000000401036 ; RELOC 64 puts + + [0x00401040]> pd 6 @ section..plt + ;-- section..plt: + ;-- .plt: ; [12] -r-x section size 32 named .plt + ┌─> 0x00401020 ff35e22f0000 push qword [0x00404008] + ╎ 0x00401026 ff25e42f0000 jmp qword [0x00404010] + ╎ 0x0040102c 0f1f4000 nop dword [rax] + ┌ 6: int sym.imp.puts (const char *s); + └ ╎ 0x00401030 ff25e22f0000 jmp qword [reloc.puts] + ╎ 0x00401036 6800000000 push 0 + └─< 0x0040103b e9e0ffffff jmp sym..plt +</code></pre> +<h1><a class="header" href="#git1" id="git1">git(1)</a></h1> +<h2><a class="header" href="#misc" id="misc">Misc</a></h2> +<pre><code class="language-markdown"> git add -p [<file>] ............ partial staging (interactive) +</code></pre> +<h2><a class="header" href="#remote" id="remote">remote</a></h2> +<pre><code class="language-markdown"> git remote -v .................. list remotes verbose (with URLs) + git remote show [-n] <remote> .. list info for <remote> (like remote HEAD, + remote branches, tracking mapping) +</code></pre> +<h2><a class="header" href="#branching" id="branching">branching</a></h2> +<pre><code class="language-markdown"> git branch [-a] ................ list available branches; -a to include + remote branches + git branch -vv ................. list branch & annotate with head sha1 & + remote tracking branch + git branch <bname> ............. create branch with name <bname> + git checkout <bname> ........... switch to branch with name <bname> + git push -u origin <rbname> .... push branch to origin (or other remote), and + setup <rbname> as tracking branch +</code></pre> +<h2><a class="header" href="#resetting" id="resetting">resetting</a></h2> +<pre><code class="language-markdown"> git reset [opt] <ref|commit> + opt: + --mixed .................... resets index, but not working tree + --hard ..................... matches the working tree and index to that + of the tree being switched to any changes to + tracked files in the working tree since + <commit> are lost + git reset HEAD <file> .......... remove file from staging + git reset --soft HEAD~1 ........ delete most recent commit but keep work + git reset --hard HEAD~1 ........ delete most recent commit and delete work +</code></pre> +<h2><a class="header" href="#tags" id="tags">tags</a></h2> +<pre><code class="language-markdown"> git tag -a <tname> -m "descr" ........ creates an annotated tag (full object + containing tagger, date, ...) + git tag -l ........................... list available tags + git checkout tag/<tname> ............. checkout specific tag + git checkout tag/<tname> -b <bname> .. checkout specific tag in a new branch +</code></pre> +<h2><a class="header" href="#diff" id="diff">diff</a></h2> +<pre><code class="language-markdown"> git diff HEAD:<fname> origin/HEAD:<fname> ... diff files for different refs + git diff -U$(wc -l <fname>) <fname> ......... shows complete file with diffs + instead of usual diff snippets +</code></pre> +<h2><a class="header" href="#log" id="log">log</a></h2> +<pre><code class="language-markdown"> git log --oneline .... shows log in single line per commit -> alias for + '--pretty=oneline --abbrev-commit' + git log --graph ...... text based graph of commit history + git log --decorate ... decorate log with REFs +</code></pre> +<h2><a class="header" href="#patching" id="patching">patching</a></h2> +<pre><code class="language-markdown"> git format-patch <opt> <since>/<revision range> + opt: + -N ................... use [PATCH] instead [PATCH n/m] in subject when + generating patch description (for patches spanning + multiple commits) + --start-number <n> ... start output file generation with <n> as start + number instead '1' + since spcifier: + -3 .................. e.g: create a patch from last three commits + <comit hash> ........ create patch with commits starting after <comit hash> + + git am <patch> ......... apply patch and create a commit for it + + git apply --stat <PATCH> ... see which files the patch would change + git apply --check <PATCH> .. see if the patch can be applied cleanly + git apply <PATCH> .......... apply the patch locally without creating a commit + + # eg: generate patches for each commit from initial commit on + git format-patch -N $(git rev-list --max-parents=0 HEAD) + + # generate single patch file from a certain commit/ref + git format-patch <COMMIT/REF> --stdout > my-patch.patch +</code></pre> +<h2><a class="header" href="#submodules" id="submodules">submodules</a></h2> +<pre><code class="language-markdown"> git submodule add <url> [<path>] .......... add new submodule to current project + git clone --recursive <url> ............... clone project and recursively all + submodules (same as using + 'git submodule update --init + --recursive' after clone) + git submodule update --init --recursive ... checkout submodules recursively + using the commit listed in the + super-project (in detached HEAD) + git submodule update --remote <submod> .... fetch & merge remote changes for + <submod>, this will pull + origin/HEAD or a branch specified + for the submodule +</code></pre> +<h2><a class="header" href="#inspection" id="inspection">inspection</a></h2> +<pre><code class="language-markdown"> git ls-tree [-r] <ref> .... show git tree for <ref>, -r to recursively ls sub-trees + git show <obj> ............ show <obj> + git cat-file -p <obj> ..... print content of <obj> +</code></pre> +<h2><a class="header" href="#revision_range" id="revision_range">revision_range</a></h2> +<pre><code class="language-markdown"> HEAD ........ last commit + HEAD~1 ...... last commit-1 + HEAD~N ...... last commit-N (linear backwards when in tree structure, check + difference between HEAD^ and HEAD~) + git rev-list --max-parents=0 HEAD ........... first commit +</code></pre> +<h1><a class="header" href="#gdb1" id="gdb1">gdb(1)</a></h1> <h1><a class="header" href="#cli" id="cli">CLI</a></h1> <pre><code class="language-markdown"> gdb [opts] [prg [-c coredump | -p pid]] gdb [opts] --args prg <prg-args> @@ -280,6 +479,315 @@ which calls <code>finish</code>.</p> handler end </code></pre> +<h1><a class="header" href="#radare21" id="radare21">radare2(1)</a></h1> +<h2><a class="header" href="#print" id="print">print</a></h2> +<pre><code class="language-markdown"> + pd <n> [@ <addr>] # print disassembly for <n> instructions + # with optional temporary seek to <addr> +</code></pre> +<h2><a class="header" href="#flags" id="flags">flags</a></h2> +<pre><code class="language-markdown"> fs # list flag-spaces + fs <fs> # select flag-space <fs> + f # print flags of selected flag-space +</code></pre> +<h2><a class="header" href="#help" id="help">help</a></h2> +<pre><code class="language-markdown"> ?*~<kw> # '?*' list all commands and '~' grep for <kw> + ?*~... # '..' less mode /'...' interactive search +</code></pre> +<h2><a class="header" href="#relocation" id="relocation">relocation</a></h2> +<pre><code class="language-markdown"> > r2 -B <baddr> <exe> # open <exe> mapped to addr <baddr> + oob <addr> # reopen current file at <baddr> +</code></pre> +<h1><a class="header" href="#emacs1" id="emacs1">emacs(1)</a></h1> +<h2><a class="header" href="#help-1" id="help-1">help</a></h2> +<pre><code class="language-markdown"> C-h f describe function + C-h b list buffer available keymaps + <kseq> C-h list possible keymaps with <kseq> + eg C-x C-h -> list keymaps beginning with C-x +</code></pre> +<h2><a class="header" href="#window" id="window">window</a></h2> +<pre><code class="language-markdown"> C-x 0 kill focused window + C-x 1 kill all other windows + C-x 2 split horizontal + C-x 3 split vertical +</code></pre> +<h2><a class="header" href="#blockrect" id="blockrect">block/rect</a></h2> +<pre><code class="language-markdown"> C-x <SPC> activate rectangle-mark-mode + M-x string-rectangle <RET> insert text in marked rect +</code></pre> +<h2><a class="header" href="#mass-edit" id="mass-edit">mass edit</a></h2> +<pre><code class="language-makrdown"> C-x h mark whole buffer (mark-whole-buffer) + M-x delete-matching-line <RET> delete lines matching regex + M-x % search & replace region (query-replace) + C-M-x % search & replace regex (query-replace-regexp) +</code></pre> +<h2><a class="header" href="#grep" id="grep">grep</a></h2> +<pre><code class="language-markdown"> M-x find-grep <RET> run find-grep result in *grep* buffer + n/p navigate next/previous match in *grep* buffer +</code></pre> +<h2><a class="header" href="#lisp-mode" id="lisp-mode">lisp mode</a></h2> +<pre><code class="language-markdown"> M-x lisp-interaction-mode activate lisp mode + C-M-x evaluate top expr under cursor + C-x C-e eval-last-sexp + C-u C-x C-e eval-last-sexp and prints result in current buffer +</code></pre> +<h2><a class="header" href="#narrow" id="narrow">narrow</a></h2> +<pre><code class="language-markdown"> C-x n n show only focused region (narrow) + C-x n w show whole buffer (wide) +</code></pre> +<h2><a class="header" href="#org" id="org">org</a></h2> +<pre><code class="language-markdown"> M-up/M-down re-arrange items in same hierarchy + M-left/M-right change item hierarchy + C-RET create new item below current + C-S-RET create new TODO item below current + S-left/S-right cycle TODO states +</code></pre> +<h3><a class="header" href="#org-source" id="org-source">org source</a></h3> +<pre><code class="language-markdown"> <s TAB generate a source block + C-c ' edit source block (in lang specific buffer) + C-c C-c eval source block +</code></pre> +<h1><a class="header" href="#fish1" id="fish1">fish(1)</a></h1> +<h2><a class="header" href="#keymaps" id="keymaps">keymaps</a></h2> +<pre><code class="language-markdown"> Shift-Tab ........... tab-completion with search + Alt-Up / Alt-Down ... search history with token under the cursor + Alt-l ............... list content of dir under cursor + Alt-p ............... append '2>&1 | less;' to current cmdline +</code></pre> +<h2><a class="header" href="#debug" id="debug">debug</a></h2> +<pre><code class="language-markdown"> status print-stack-trace .. prints function stacktrace (can be used in scripts) + breakpoint ................ halt script execution and gives shell (C-d | exit + to continue) +</code></pre> +<h1><a class="header" href="#strace1" id="strace1">strace(1)</a></h1> +<pre><code class="language-markdown">strace [opts] [prg] + -f .......... follow child processes on fork(2) + -p <pid> .... attach to running process + -s <size> ... max string size (default: 32) + -e <expr> ... expression for trace filtering + -o <file> ... log output into <file> + -c .......... dump syscall statitics at the end +</code></pre> +<pre><code class="language-markdown"><expr>: + trace=syscall[,syscall] .... trace only syscall listed + trace=file ................. trace all syscall that take a filename as arg + trace=process .............. trace process management related syscalls + trace=signal ............... trace signal related syscalls + signal ..................... trace signals delivered to the process +</code></pre> +<h1><a class="header" href="#examples" id="examples">Examples</a></h1> +<p>Trace <code>'open & socket</code> syscalls for a running process + childs.</p> +<pre><code class="language-markdown">strace -f -p <pid> -e trace=open,socket +</code></pre> +<p>Trace signals delivered to a running process.</p> +<pre><code class="language-markdown">strace -f -p <pid> -e signal +</code></pre> +<h1><a class="header" href="#lsof8" id="lsof8">lsof(8)</a></h1> +<pre><code class="language-markdown">lsof + -a ......... AND slection filters instead ORing (OR: default) + -p <pid> ... list open file descriptors for process + +fg ........ show file flags for file descripros + -n ......... don't convert network addr to hostnames + -P ......... don't convert network port to know service names + -i <@h[:p]>. show connections to h (hostname|ip addr) with optional port p +</code></pre> +<pre><code class="language-markdown">file flags: + R/W/RW ..... read/write/read-write + CR ......... create + AP ......... append + TR ......... truncate +</code></pre> +<h1><a class="header" href="#examples-1" id="examples-1">Examples</a></h1> +<p>Show open files with file flags:</p> +<pre><code class="language-markdown">lsof +fg -p <pid> +</code></pre> +<p>Show open tcp connections from user:</p> +<pre><code class="language-markdown">lsof -a -u $USER -i tcp +</code></pre> +<p>Show open connections to 'localhost' for user:</p> +<pre><code class="language-markdown">lsof -a -u $USER -i @localhost +</code></pre> +<h1><a class="header" href="#pidstat1" id="pidstat1">pidstat(1)</a></h1> +<p>Trace minor/major page faults.</p> +<pre><code class="language-markdown">pidstat -r -p <pid> [interval] + minor_pagefault: happens when the page needed is already in memory but not + allocated to the faulting process, in that case the kernel + only has to create a new page-table entry pointing to the + shared physical page + major_pagefault: happends when the page needed is NOT in memory, the kernel + has to create a new page-table entry and populate the + physical page +</code></pre> +<h1><a class="header" href="#usrbintime1" id="usrbintime1">/usr/bin/time(1)</a></h1> +<pre><code class="language-markdown"># statistics of process run +/usr/bin/time -v <cmd> +</code></pre> +<h1><a class="header" href="#pmap1" id="pmap1">pmap(1)</a></h1> +<pre><code class="language-markdown">pmap <pid> + ............. dump virtual memory map of process. + compared to /proc/<pid>/maps it shows the size of the mappings +</code></pre> +<h1><a class="header" href="#pstack1" id="pstack1">pstack(1)</a></h1> +<pre><code class="language-markdown">pstack <pid> + ............. dump current stack of process + threads +</code></pre> +<h1><a class="header" href="#perf1" id="perf1">perf(1)</a></h1> +<pre><code class="language-markdown">perf list + ......... show supported hw/sw events + +perf stat + -p <pid> .. show stats for running process + -I <ms> ... show stats periodically over interval <ms> + -e <ev> ... filter for events + +perf top + -p <pid> .. show stats for running process + -F <hz> ... sampling frequency + -K ........ hide kernel threads + +perf record + -p <pid> ............... record stats for running process + -F <hz> ................ sampling frequency + --call-graph <method> .. [fp, dwarf, lbr] method how to caputre backtrace + fp : use frame-pointer, need -fno-omit-frame-pointer + dwarf: use .cfi debug information + lbr : use hardware last branch record facility + -g ..................... short-hand for --call-graph fp + -e <ev> ................ filter for events + +perf report + -n .................... annotate symbols with nr of samples + --stdio ............... report to stdio, if not presen tui mode + -g graph,0.5,caller ... show caller based call chains with value >0.5 +</code></pre> +<h2><a class="header" href="#useful-perf-events" id="useful-perf-events">Useful <code>perf</code> events</a></h2> +<pre><code class="language-markdown">useful <ev>: + page-faults + minor-faults + major-faults + cpu-cycles` + task-clock +</code></pre> +<h2><a class="header" href="#a-hrefhttpsgithubcombrendangreggflamegraphflamegrapha" id="a-hrefhttpsgithubcombrendangreggflamegraphflamegrapha"><a href="https://github.com/brendangregg/FlameGraph"><code>Flamegraph</code></a></a></h2> +<pre><code class="language-markdown"># flamegraph for single event trace +perf record -g -p <pid> -e cpu-cycles +perf script | FlameGraph/stackcollapse-perf.pl | FlameGraph/flamegraph.pl > cycles-flamegraph.svg + +# flamegraphs for multiple events trace +perf record -g -p <pid> -e cpu-cycles,page-faults +perf script --per-event-dump +# fold & generate as above +</code></pre> +<h1><a class="header" href="#oprofile" id="oprofile">OProfile</a></h1> +<pre><code class="language-markdown">operf -g -p <pid> + -g ...... caputre call-graph information + +opreport [opt] FILE + ...... show time spent per binary image + -l ...... show time spent per symbol + -c ...... show callgraph information (see below) + -a ...... add column with time spent accumulated over child nodes + +ophelp + ...... show supported hw/sw events +</code></pre> +<h1><a class="header" href="#od1" id="od1">od(1)</a></h1> +<pre><code class="language-markdown"> od [opts] <file> + -An don't print addr info + -tx4 print hex in 4 byte chunks + -ta print as named character + -tc printable chars or backslash escape + -w4 print 4 bytes per line + -j <n> skip <n> bytes from <file> (hex if start with 0x) + -N <n> dump <n> bytes (hex of start with 0x) +</code></pre> +<h2><a class="header" href="#ascii-chars-to-hex-string" id="ascii-chars-to-hex-string">ascii chars to hex string</a></h2> +<pre><code class="language-markdown"> echo -n AAAABBBB | od -An -w4 -tx4 + >> 41414141 + >> 42424242 + + echo -n '\x7fELF\n' | od -tx1 -ta -tc + >> 0000000 7f 45 4c 46 0a # tx1 + >> del E L F nl # ta + >> 177 E L F \n # tc +</code></pre> +<h2><a class="header" href="#extract-part-of-file-eg-rodata-section-form-elf" id="extract-part-of-file-eg-rodata-section-form-elf">extract part of file (eg .rodata section form ELF)</a></h2> +<pre><code class="language-markdown"> readelf -W -S foo + >> Section Headers: + >> [Nr] Name Type Address Off Size ES Flg Lk Inf Al + >> ... + >> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16 + od -j 0x0009c0 -N 0x30 -tx4 -w4 foo + >> 0004700 00020001 + >> 0004704 00000000 + >> * + >> 0004740 00000001 + >> 0004744 00000002 + >> 0004750 00000003 + >> 0004754 00000004 +</code></pre> +<h1><a class="header" href="#xxd1" id="xxd1">xxd(1)</a></h1> +<pre><code class="language-markdown"> xxd [opts] + -p dump continuous hexdump + -r convert hexdump into binary ('revert') + -e dump as little endian mode + -i output as C array +</code></pre> +<h2><a class="header" href="#from-ascii-to-hex-stream" id="from-ascii-to-hex-stream">from ascii to hex stream</a></h2> +<pre><code class="language-markdown"> echo -n 'aabb' | xxd -p + >> 61616262 +</code></pre> +<h2><a class="header" href="#from-hex-stream-to-binary-stream" id="from-hex-stream-to-binary-stream">from hex stream to binary stream</a></h2> +<pre><code class="language-markdown"> echo -n '61616262' | xxd -p -r + >> aabb +</code></pre> +<h2><a class="header" href="#ascii-to-binary" id="ascii-to-binary">ascii to binary</a></h2> +<pre><code class="language-markdown"> echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p - + >> ELF +</code></pre> +<h2><a class="header" href="#ascii-to-c-array-hex-encoded" id="ascii-to-c-array-hex-encoded">ascii to C array (hex encoded)</a></h2> +<pre><code class="language-markdown"> xxd -i <(echo -n '\x7fELF') + >> unsigned char _proc_self_fd_11[] = { + >> 0x7f, 0x45, 0x4c, 0x46 + >> }; + >> unsigned int _proc_self_fd_11_len = 4; +</code></pre> +<h1><a class="header" href="#readelf1" id="readelf1">readelf(1)</a></h1> +<pre><code class="language-markdown"> readelf [opts] <elf> + -W|--wide wide output, dont break output at 80 chars + -h print ELF header + -S print section headers + -l print program headers + segment mapping + -d print .dynamic section (dynamic link information) + --syms print symbol tables (.symtab .dynsym) + --dyn-syms print dynamic symbol table (exported symbols for dynamic linker) + -r print relocation sections (.rel.*, .rela.*) +</code></pre> +<h1><a class="header" href="#objdump1" id="objdump1">objdump(1)</a></h1> +<pre><code class="language-markdown"> objdump [opts] <elf> + -M intel use intil syntax + -d disassemble text section + -D disassemble all sections + -S mix disassembly with source code + -C demangle + -j <section> display info for section + --[no-]show-raw-insn [dont] show object code next to disassembly +</code></pre> +<h2><a class="header" href="#disassemble-plt-section" id="disassemble-plt-section">Disassemble .plt section</a></h2> +<pre><code class="language-markdown"> objdump -j .plt -d <elf> +</code></pre> +<h1><a class="header" href="#nm1" id="nm1">nm(1)</a></h1> +<pre><code class="language-markdown"> nm [opts] <elf> + -C demangle + -u undefined only +</code></pre> +<h1><a class="header" href="#cfilt1" id="cfilt1">c++filt(1)</a></h1> +<h2><a class="header" href="#demangle-symbol" id="demangle-symbol">demangle symbol</a></h2> +<pre><code class="language-markdown"> c++-filt <symbol_str> +</code></pre> +<h2><a class="header" href="#demangle-stream-eg-dynamic-symbol-table" id="demangle-stream-eg-dynamic-symbol-table">demangle stream (eg dynamic symbol table)</a></h2> +<pre><code class="language-markdown"> readelf -W --dyn-syms <elf> | c++filt +</code></pre> </main> |