From c8e14a3d5c8ca3aea06c9035308a1475cc70aa30 Mon Sep 17 00:00:00 2001
From: johannst <johannes.stoelp@gmail.com>
Date: Sat, 14 Mar 2020 16:04:32 +0100
Subject: migrate binary.txt + explore-elf.txt

---
 src/SUMMARY.md     | 10 +++++++++-
 src/_ghost.md      |  0
 src/c++filt.md     | 11 +++++++++++
 src/debug_trace.md |  0
 src/nm.md          |  7 +++++++
 src/objdump.md     | 17 +++++++++++++++++
 src/od.md          | 41 +++++++++++++++++++++++++++++++++++++++++
 src/readelf.md     | 13 +++++++++++++
 src/xxd.md         | 36 ++++++++++++++++++++++++++++++++++++
 9 files changed, 134 insertions(+), 1 deletion(-)
 create mode 100644 src/_ghost.md
 create mode 100644 src/c++filt.md
 delete mode 100644 src/debug_trace.md
 create mode 100644 src/nm.md
 create mode 100644 src/objdump.md
 create mode 100644 src/od.md
 create mode 100644 src/readelf.md
 create mode 100644 src/xxd.md

(limited to 'src')

diff --git a/src/SUMMARY.md b/src/SUMMARY.md
index d0a4e62..d4ee8d9 100644
--- a/src/SUMMARY.md
+++ b/src/SUMMARY.md
@@ -1,7 +1,7 @@
 # Summary
 
 - [gdb](./gdb.md)
-- [debug & trace](./debug_trace.md)
+- [debug & trace](./_ghost.md)
     - [strace](./strace.md)
     - [lsof](./lsof.md)
     - [pidstat](./pidstat.md)
@@ -10,5 +10,13 @@
     - [pstack](./pstack.md)
     - [perf](./perf.md)
     - [OProfile](./oprofile.md)
+- [binary](./_ghost.md)
+    - [od](./od.md)
+    - [xxd](./xxd.md)
+    - [readelf](./readelf.md)
+    - [objdump](./objdump.md)
+    - [nm](./nm.md)
+    - [c++filt](./c++filt.md)
+
 
 
diff --git a/src/_ghost.md b/src/_ghost.md
new file mode 100644
index 0000000..e69de29
diff --git a/src/c++filt.md b/src/c++filt.md
new file mode 100644
index 0000000..10ccc77
--- /dev/null
+++ b/src/c++filt.md
@@ -0,0 +1,11 @@
+# c++filt(1)
+
+## demangle symbol
+```markdown
+  c++-filt <symbol_str>
+```
+
+## demangle stream (eg dynamic symbol table)
+```markdown
+  readelf -W --dyn-syms <elf> | c++filt
+```
diff --git a/src/debug_trace.md b/src/debug_trace.md
deleted file mode 100644
index e69de29..0000000
diff --git a/src/nm.md b/src/nm.md
new file mode 100644
index 0000000..6e6fd1a
--- /dev/null
+++ b/src/nm.md
@@ -0,0 +1,7 @@
+# nm(1)
+
+```markdown
+  nm [opts] <elf>
+    -C          demangle
+    -u          undefined only
+```
diff --git a/src/objdump.md b/src/objdump.md
new file mode 100644
index 0000000..2cd7c52
--- /dev/null
+++ b/src/objdump.md
@@ -0,0 +1,17 @@
+# objdump(1)
+
+```markdown
+  objdump [opts] <elf>
+    -M intel                use intil syntax
+    -d                      disassemble text section
+    -D                      disassemble all sections
+    -S                      mix disassembly with source code
+    -C                      demangle
+    -j <section>            display info for section
+    --[no-]show-raw-insn    [dont] show object code next to disassembly
+```
+
+## Disassemble .plt section
+```markdown
+  objdump -j .plt -d <elf>
+```
diff --git a/src/od.md b/src/od.md
new file mode 100644
index 0000000..65cc050
--- /dev/null
+++ b/src/od.md
@@ -0,0 +1,41 @@
+# od(1)
+
+```markdown
+  od [opts] <file>
+    -An         don't print addr info
+    -tx4        print hex in 4 byte chunks
+    -ta         print as named character
+    -tc         printable chars or backslash escape
+    -w4         print 4 bytes per line
+    -j <n>      skip <n> bytes from <file> (hex if start with 0x)
+    -N <n>      dump <n> bytes (hex of start with 0x)
+```
+
+## ascii chars to hex string
+```markdown
+  echo -n AAAABBBB | od -An -w4 -tx4
+    >> 41414141
+    >> 42424242
+
+  echo -n '\x7fELF\n' | od -tx1 -ta -tc
+    >> 0000000  7f  45  4c  46  0a      # tx1
+    >>         del   E   L   F  nl      # ta
+    >>         177   E   L   F  \n      # tc
+```
+
+## extract part of file (eg .rodata section form ELF)
+```markdown
+  readelf -W -S foo
+    >> Section Headers:
+    >> [Nr] Name              Type            Address          Off    Size   ES Flg Lk Inf Al
+    >> ...
+    >> [15] .rodata           PROGBITS        00000000004009c0 0009c0 000030 00   A  0   0 16
+  od -j 0x0009c0 -N 0x30 -tx4 -w4 foo
+    >> 0004700 00020001
+    >> 0004704 00000000
+    >> *
+    >> 0004740 00000001
+    >> 0004744 00000002
+    >> 0004750 00000003
+    >> 0004754 00000004
+```
diff --git a/src/readelf.md b/src/readelf.md
new file mode 100644
index 0000000..d359a84
--- /dev/null
+++ b/src/readelf.md
@@ -0,0 +1,13 @@
+# readelf(1)
+
+```markdown
+  readelf [opts] <elf>
+    -W|--wide     wide output, dont break output at 80 chars
+    -h            print ELF header
+    -S            print section headers
+    -l            print program headers + segment mapping
+    -d            print .dynamic section (dynamic link information)
+    --syms        print symbol tables (.symtab .dynsym)
+    --dyn-syms    print dynamic symbol table (exported symbols for dynamic linker)
+    -r            print relocation sections (.rel.*, .rela.*)
+```
diff --git a/src/xxd.md b/src/xxd.md
new file mode 100644
index 0000000..879a54b
--- /dev/null
+++ b/src/xxd.md
@@ -0,0 +1,36 @@
+# xxd(1)
+
+```markdown
+  xxd [opts]
+    -p          dump continuous hexdump
+    -r          convert hexdump into binary ('revert')
+    -e          dump as little endian mode
+    -i          output as C array
+```
+
+## from ascii to hex stream
+```markdown
+  echo -n 'aabb' | xxd -p
+    >> 61616262
+```
+
+## from hex stream to binary stream
+```markdown
+  echo -n '61616262' | xxd -p -r
+    >> aabb
+```
+
+## ascii to binary
+```markdown
+  echo -n '\x7fELF' | xxd -p | xxd -p -r | file -p -
+    >> ELF
+```
+
+## ascii to C array (hex encoded)
+```markdown
+  xxd -i <(echo -n '\x7fELF')
+    >> unsigned char _proc_self_fd_11[] = {
+    >>   0x7f, 0x45, 0x4c, 0x46
+    >> };
+    >> unsigned int _proc_self_fd_11_len = 4;
+```
-- 
cgit v1.2.3