diff options
author | johannst <johannes.stoelp@gmail.com> | 2020-04-19 22:13:44 +0200 |
---|---|---|
committer | johannst <johannes.stoelp@gmail.com> | 2020-04-19 22:13:44 +0200 |
commit | fef4d6ff2ad9f48e6dccde0f061453e6a3ac624e (patch) | |
tree | c21dfcf8e7c8895a94e1c72cb9588c94794656b1 /src/binary | |
parent | 43e402ba2320ced7972d33c9442b2745afe230f6 (diff) | |
download | notes-fef4d6ff2ad9f48e6dccde0f061453e6a3ac624e.tar.gz notes-fef4d6ff2ad9f48e6dccde0f061453e6a3ac624e.zip |
added new hierarchy
Diffstat (limited to 'src/binary')
-rw-r--r-- | src/binary/README.md | 1 | ||||
-rw-r--r-- | src/binary/nm.md | 7 | ||||
-rw-r--r-- | src/binary/objdump.md | 18 | ||||
-rw-r--r-- | src/binary/od.md | 49 | ||||
-rw-r--r-- | src/binary/readelf.md | 13 | ||||
-rw-r--r-- | src/binary/xxd.md | 36 |
6 files changed, 124 insertions, 0 deletions
diff --git a/src/binary/README.md b/src/binary/README.md new file mode 100644 index 0000000..b75e0e2 --- /dev/null +++ b/src/binary/README.md @@ -0,0 +1 @@ +# Binary diff --git a/src/binary/nm.md b/src/binary/nm.md new file mode 100644 index 0000000..6e6fd1a --- /dev/null +++ b/src/binary/nm.md @@ -0,0 +1,7 @@ +# nm(1) + +```markdown + nm [opts] <elf> + -C demangle + -u undefined only +``` diff --git a/src/binary/objdump.md b/src/binary/objdump.md new file mode 100644 index 0000000..636db3f --- /dev/null +++ b/src/binary/objdump.md @@ -0,0 +1,18 @@ +# objdump(1) + +```markdown + objdump [opts] <elf> + -M intel use intil syntax + -d disassemble text section + -D disassemble all sections + -S mix disassembly with source code + -C demangle + -j <section> display info for section + --[no-]show-raw-insn [dont] show object code next to disassembly +``` + +## Disassemble section +For example `.plt` section: +```markdown + objdump -j .plt -d <elf> +``` diff --git a/src/binary/od.md b/src/binary/od.md new file mode 100644 index 0000000..47f567a --- /dev/null +++ b/src/binary/od.md @@ -0,0 +1,49 @@ +# od(1) + +```markdown + od [opts] <file> + -An don't print addr info + -tx4 print hex in 4 byte chunks + -ta print as named character + -tc printable chars or backslash escape + -w4 print 4 bytes per line + -j <n> skip <n> bytes from <file> (hex if start with 0x) + -N <n> dump <n> bytes (hex of start with 0x) +``` + +## ASCII to hex string +```markdown + echo -n AAAABBBB | od -An -w4 -tx4 + >> 41414141 + >> 42424242 + + echo -n '\x7fELF\n' | od -tx1 -ta -tc + >> 0000000 7f 45 4c 46 0a # tx1 + >> del E L F nl # ta + >> 177 E L F \n # tc +``` + +## Extract parts of file +For example `.rodata` section from an elf file. We can use `readelf` to get the +offset into the file where the `.rodata` section starts. +```markdown + readelf -W -S foo + >> Section Headers: + >> [Nr] Name Type Address Off Size ES Flg Lk Inf Al + >> ... + >> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16 +``` + +With the offset of `-j 0x0009c0` we can dump `-N 0x30` bytes from the beginning of +the `.rodata` section as follows: +```markdown + od -j 0x0009c0 -N 0x30 -tx4 -w4 foo + >> 0004700 00020001 + >> 0004704 00000000 + >> * + >> 0004740 00000001 + >> 0004744 00000002 + >> 0004750 00000003 + >> 0004754 00000004 +``` +**Note**: Numbers starting with `0x` will be interpreted as hex by `od`. diff --git a/src/binary/readelf.md b/src/binary/readelf.md new file mode 100644 index 0000000..d359a84 --- /dev/null +++ b/src/binary/readelf.md @@ -0,0 +1,13 @@ +# readelf(1) + +```markdown + readelf [opts] <elf> + -W|--wide wide output, dont break output at 80 chars + -h print ELF header + -S print section headers + -l print program headers + segment mapping + -d print .dynamic section (dynamic link information) + --syms print symbol tables (.symtab .dynsym) + --dyn-syms print dynamic symbol table (exported symbols for dynamic linker) + -r print relocation sections (.rel.*, .rela.*) +``` diff --git a/src/binary/xxd.md b/src/binary/xxd.md new file mode 100644 index 0000000..cd76f14 --- /dev/null +++ b/src/binary/xxd.md @@ -0,0 +1,36 @@ +# xxd(1) + +```markdown + xxd [opts] + -p dump continuous hexdump + -r convert hexdump into binary ('revert') + -e dump as little endian mode + -i output as C array +``` + +## ASCII to hex stream +```markdown + echo -n 'aabb' | xxd -p + >> 61616262 +``` + +## Hex to binary stream +```markdown + echo -n '61616262' | xxd -p -r + >> aabb +``` + +## ASCII to binary +```markdown + echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p - + >> ELF +``` + +## ASCII to `C` array (hex encoded) +```markdown + xxd -i <(echo -n '\x7fELF') + >> unsigned char _proc_self_fd_11[] = { + >> 0x7f, 0x45, 0x4c, 0x46 + >> }; + >> unsigned int _proc_self_fd_11_len = 4; +``` |