From b590f4ed4db110bb61da35fec288a467d32c9a62 Mon Sep 17 00:00:00 2001 From: johannst Date: Sun, 5 Feb 2023 17:28:38 +0000 Subject: deploy: 728d263753b998b8944a66eec1be0e743961fa1c --- print.html | 38 +++++++++++++++++++++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) (limited to 'print.html') diff --git a/print.html b/print.html index 82fc70b..f4bc094 100644 --- a/print.html +++ b/print.html @@ -2535,6 +2535,39 @@ the .rodata section as follows:

For example .plt section:

  objdump -j .plt -d <elf>
+

Example: disassemble raw binary

+

This can be helpful for example as a cheap analysis tool when toying with JIT +generating code. We could just write thee binary code buffer to a file and +disassemble with objdump.

+

To re-create that case, we just assemble and link some ELF file and then create +a raw binary of the text section with objcopy.

+
# file: test.s
+.section .text, "ax"
+
+.global _start
+_start:
+    xor %rax, %rax
+    mov $0x8, %rax
+1:
+    cmp $0, %rax
+    je 2f
+    dec %rax
+    jmp 1b
+2:
+    # x86-64 exit(2) syscall
+    mov $0, %rdi
+    mov $60, %rax
+    syscall
+
+
# Assemble & link.
+as -o test.o test.s
+ld -o test test.o testc.o
+# ELF -> binary (only take .text section).
+objcopy -O binary --only-section .text test test-bin
+
+# Disassemble raw binary.
+objdump -D -b binary -m i386:x86-64 test-bin
+

nm(1)

  nm [opts] <elf>
     -C          demangle
@@ -3912,8 +3945,11 @@ tcp/udp/icmp            Filter for protocol.
 
Examples

 
Capture packets from remote host

 
# -k: Start capturing immediately.
-ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i -
+ssh <host> tcpdump -i any -w - | sudo wireshark -k -i -
 

+

+
The any interface is a special keyword to capture traffic on all interfaces.

+

 
firewall-cmd(1)

 
Command line interface to the firewalld(1) daemon.

 
List current status of the firewall

-- 
cgit v1.2.3