diff options
| -rw-r--r-- | binary.txt | 75 | ||||
| -rw-r--r-- | explore-elf.txt | 52 | ||||
| -rw-r--r-- | src/SUMMARY.md | 10 | ||||
| -rw-r--r-- | src/_ghost.md (renamed from src/debug_trace.md) | 0 | ||||
| -rw-r--r-- | src/c++filt.md | 11 | ||||
| -rw-r--r-- | src/nm.md | 7 | ||||
| -rw-r--r-- | src/objdump.md | 17 | ||||
| -rw-r--r-- | src/od.md | 41 | ||||
| -rw-r--r-- | src/readelf.md | 13 | ||||
| -rw-r--r-- | src/xxd.md | 36 |
10 files changed, 134 insertions, 128 deletions
diff --git a/binary.txt b/binary.txt deleted file mode 100644 index 37bcc06..0000000 --- a/binary.txt +++ /dev/null @@ -1,75 +0,0 @@ -# binary --------------------------------------------------------------------------------- - -# toc ------- - |od| - |xxd| - -# od(1) *od* -======== - args: - -An don't print addr info - -tx4 print hex in 4 byte chunks - -ta print as named character - -tc printable chars or backslash escape - -w4 print 4 bytes per line - -j <n> skip <n> bytes from file, (hex if start with 0x) - -N <n> dump <n> bytes (hex of start with 0x) - - ## ascii chars to hex string - echo -n AAAABBBB | od -An -w4 -tx4 - >> 41414141 - >> 42424242 - - echo -n '\x7fELF\n' | od -tx1 -ta -tc - >> 0000000 7f 45 4c 46 0a - >> del E L F nl - >> 177 E L F \n - - ## extract part of file (eg .rodata section form ELF) - readelf -W -S foo - >> Section Headers: - >> [Nr] Name Type Address Off Size ES Flg Lk Inf Al - >> ... - >> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16 - od -j 0x0009c0 -N 0x30 -tx4 -w4 foo - >> 0004700 00020001 - >> 0004704 00000000 - >> * - >> 0004740 00000001 - >> 0004744 00000002 - >> 0004750 00000003 - >> 0004754 00000004 - -# xxd(1) *xxd* -========= - args: - -p dump continuous hexdump - -r convert hexdump into binary ('revert') - -e dump as little endian mode - -i output as C array - - ## from ascii to hex stream - echo -n 'aabb' | xxd -p - >> 61616262 - - ## from hex to binary stream - echo -n '61616262' | xxd -p -r - >> aabb - - ## ascii to binary - echo -n '\x7fELF' | xxd -p | xxd -r -p | file -p - - >> ELF - - ## ascii to C array (hex encoded) - xxd -i <(echo -n '\x7fELF') - >> unsigned char _proc_self_fd_11[] = { - >> 0x7f, 0x45, 0x4c, 0x46 - >> }; - >> unsigned int _proc_self_fd_11_len = 4; - - --------------------------------------------------------------------------------- -vim:ft=help:sts=2:et:tw=80:cc=80:fo+=t - diff --git a/explore-elf.txt b/explore-elf.txt deleted file mode 100644 index 018a5cc..0000000 --- a/explore-elf.txt +++ /dev/null @@ -1,52 +0,0 @@ -# explore elf --------------------------------------------------------------------------------- - -# toc ------- - |readelf| - |objdump| - |nm| - |c++filt| - -# readelf(1) *readelf* -============= - args: - -W|--wide wide output, dont break output at 80 chars - -h print ELF header - -S print sections headers - -l print program headers + segment mapping - -d print .dynamic section (dynamic link information) - -s print symbol table(s) - -r print relocation table(s) - -# objdump(1) *objdump* -============= - args: - -M intel use intil syntax - -d disassemble text section - -D disassemble all sections - -S mix disassembly with source code - -C demangle - -j <section> display info for section - --[no-]show-raw-insn [dont] show object code next to disassembly - - ## disassemble .plt section - objdump -j .plt -d <elf_file> - -# nm(1) *nm* -======== - args: - -C demangle - -u undefined only - -# c++filt(1) *c++filt* -============= - ## demangle symbol - c++-filt <symbol_str> - - ## demangle stream - nm <elf_file> | c++filt - --------------------------------------------------------------------------------- -vim:ft=help:sts=2:et:tw=80:cc=80:fo+=t - diff --git a/src/SUMMARY.md b/src/SUMMARY.md index d0a4e62..d4ee8d9 100644 --- a/src/SUMMARY.md +++ b/src/SUMMARY.md @@ -1,7 +1,7 @@ # Summary - [gdb](./gdb.md) -- [debug & trace](./debug_trace.md) +- [debug & trace](./_ghost.md) - [strace](./strace.md) - [lsof](./lsof.md) - [pidstat](./pidstat.md) @@ -10,5 +10,13 @@ - [pstack](./pstack.md) - [perf](./perf.md) - [OProfile](./oprofile.md) +- [binary](./_ghost.md) + - [od](./od.md) + - [xxd](./xxd.md) + - [readelf](./readelf.md) + - [objdump](./objdump.md) + - [nm](./nm.md) + - [c++filt](./c++filt.md) + diff --git a/src/debug_trace.md b/src/_ghost.md index e69de29..e69de29 100644 --- a/src/debug_trace.md +++ b/src/_ghost.md diff --git a/src/c++filt.md b/src/c++filt.md new file mode 100644 index 0000000..10ccc77 --- /dev/null +++ b/src/c++filt.md @@ -0,0 +1,11 @@ +# c++filt(1) + +## demangle symbol +```markdown + c++-filt <symbol_str> +``` + +## demangle stream (eg dynamic symbol table) +```markdown + readelf -W --dyn-syms <elf> | c++filt +``` diff --git a/src/nm.md b/src/nm.md new file mode 100644 index 0000000..6e6fd1a --- /dev/null +++ b/src/nm.md @@ -0,0 +1,7 @@ +# nm(1) + +```markdown + nm [opts] <elf> + -C demangle + -u undefined only +``` diff --git a/src/objdump.md b/src/objdump.md new file mode 100644 index 0000000..2cd7c52 --- /dev/null +++ b/src/objdump.md @@ -0,0 +1,17 @@ +# objdump(1) + +```markdown + objdump [opts] <elf> + -M intel use intil syntax + -d disassemble text section + -D disassemble all sections + -S mix disassembly with source code + -C demangle + -j <section> display info for section + --[no-]show-raw-insn [dont] show object code next to disassembly +``` + +## Disassemble .plt section +```markdown + objdump -j .plt -d <elf> +``` diff --git a/src/od.md b/src/od.md new file mode 100644 index 0000000..65cc050 --- /dev/null +++ b/src/od.md @@ -0,0 +1,41 @@ +# od(1) + +```markdown + od [opts] <file> + -An don't print addr info + -tx4 print hex in 4 byte chunks + -ta print as named character + -tc printable chars or backslash escape + -w4 print 4 bytes per line + -j <n> skip <n> bytes from <file> (hex if start with 0x) + -N <n> dump <n> bytes (hex of start with 0x) +``` + +## ascii chars to hex string +```markdown + echo -n AAAABBBB | od -An -w4 -tx4 + >> 41414141 + >> 42424242 + + echo -n '\x7fELF\n' | od -tx1 -ta -tc + >> 0000000 7f 45 4c 46 0a # tx1 + >> del E L F nl # ta + >> 177 E L F \n # tc +``` + +## extract part of file (eg .rodata section form ELF) +```markdown + readelf -W -S foo + >> Section Headers: + >> [Nr] Name Type Address Off Size ES Flg Lk Inf Al + >> ... + >> [15] .rodata PROGBITS 00000000004009c0 0009c0 000030 00 A 0 0 16 + od -j 0x0009c0 -N 0x30 -tx4 -w4 foo + >> 0004700 00020001 + >> 0004704 00000000 + >> * + >> 0004740 00000001 + >> 0004744 00000002 + >> 0004750 00000003 + >> 0004754 00000004 +``` diff --git a/src/readelf.md b/src/readelf.md new file mode 100644 index 0000000..d359a84 --- /dev/null +++ b/src/readelf.md @@ -0,0 +1,13 @@ +# readelf(1) + +```markdown + readelf [opts] <elf> + -W|--wide wide output, dont break output at 80 chars + -h print ELF header + -S print section headers + -l print program headers + segment mapping + -d print .dynamic section (dynamic link information) + --syms print symbol tables (.symtab .dynsym) + --dyn-syms print dynamic symbol table (exported symbols for dynamic linker) + -r print relocation sections (.rel.*, .rela.*) +``` diff --git a/src/xxd.md b/src/xxd.md new file mode 100644 index 0000000..879a54b --- /dev/null +++ b/src/xxd.md @@ -0,0 +1,36 @@ +# xxd(1) + +```markdown + xxd [opts] + -p dump continuous hexdump + -r convert hexdump into binary ('revert') + -e dump as little endian mode + -i output as C array +``` + +## from ascii to hex stream +```markdown + echo -n 'aabb' | xxd -p + >> 61616262 +``` + +## from hex stream to binary stream +```markdown + echo -n '61616262' | xxd -p -r + >> aabb +``` + +## ascii to binary +```markdown + echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p - + >> ELF +``` + +## ascii to C array (hex encoded) +```markdown + xxd -i <(echo -n '\x7fELF') + >> unsigned char _proc_self_fd_11[] = { + >> 0x7f, 0x45, 0x4c, 0x46 + >> }; + >> unsigned int _proc_self_fd_11_len = 4; +``` |