让 objdump 在每个助记符上使用像 l 这样的操作数大小的后缀,即使它没有歧义?
Make objdump use an operand-size suffix like l on every mnemonic, even when it's not ambiguous?
今天在Linux中发现了使用objdump来查找At&t语法程序的反汇编代码。在使用 objdump 时,反汇编代码看起来不错,但缺少助记符后的 'l' 结尾(应该是“movl”而不是“mov”)。有什么方法可以配置 objdump 来解决这个问题吗?
当前生成的反汇编程序:
stuff: file format elf32-i386
Disassembly of section .text:
08049000 <_start>:
8049000: eb 00 jmp 8049002 <print_stuff>
08049002 <print_stuff>:
8049002: b8 04 00 00 00 mov [=10=]x4,%eax
8049007: bb 01 00 00 00 mov [=10=]x1,%ebx
804900c: b9 05 00 00 00 mov [=10=]x5,%ecx
8049011: ba 0b 00 00 00 mov [=10=]xb,%edx
8049016: cd 80 int [=10=]x80
8049018: eb 00 jmp 804901a <end_program>
0804901a <end_program>:
804901a: b8 01 00 00 00 mov [=10=]x1,%eax
804901f: bb 05 00 00 00 mov [=10=]x5,%ebx
8049024: cd 80 int [=10=]x80
我想要的样子:
stuff: file format elf32-i386
Disassembly of section .text:
08049000 <_start>:
8049000: eb 00 jmp 8049002 <print_stuff>
08049002 <print_stuff>:
8049002: b8 04 00 00 00 movl [=11=]x4,%eax
8049007: bb 01 00 00 00 movl [=11=]x1,%ebx
804900c: b9 05 00 00 00 movl [=11=]x5,%ecx
8049011: ba 0b 00 00 00 movl [=11=]xb,%edx
8049016: cd 80 int [=11=]x80
8049018: eb 00 jmp 804901a <end_program>
0804901a <end_program>:
804901a: b8 01 00 00 00 movl [=11=]x1,%eax
804901f: bb 05 00 00 00 movl [=11=]x5,%ebx
8049024: cd 80 int [=11=]x80
即使寄存器操作数暗示了冗余后缀也会使您的输出混乱,请使用
objdump -d -M suffix foo
"suffix"
When in AT&T mode and also for a limited set of instructions when in Intel mode, instructs the
disassembler to print a mnemonic suffix even when the suffix could be inferred by the operands or, for
certain instructions, the execution mode's defaults.
顺便说一句,“英特尔语法的有限子集”包括诸如相对 jmp rel32 之类的指令,例如
$ objdump -d -M intel /bin/ls
...
436e: e9 12 fe ff ff jmp 4185 <__cxa_atexit@plt+0x155>
$ objdump -d -M intel,suffix /bin/ls
...
436e: e9 12 fe ff ff jmpq 4185 <__cxa_atexit@plt+0x155>
(相关: - objdump -Mintel 打印 callq / retq 即使没有 suffix 选项。)
intel-syntax 效果不包括像 add 或 mov 甚至 movzx 这样的指令。例如,对于内存操作数,它们会明确地将大小指示为 qword ptr [rdi],并且 objdump 确实总是包含它,即使它被另一个操作数暗示。
今天在Linux中发现了使用objdump来查找At&t语法程序的反汇编代码。在使用 objdump 时,反汇编代码看起来不错,但缺少助记符后的 'l' 结尾(应该是“movl”而不是“mov”)。有什么方法可以配置 objdump 来解决这个问题吗?
当前生成的反汇编程序:
stuff: file format elf32-i386
Disassembly of section .text:
08049000 <_start>:
8049000: eb 00 jmp 8049002 <print_stuff>
08049002 <print_stuff>:
8049002: b8 04 00 00 00 mov [=10=]x4,%eax
8049007: bb 01 00 00 00 mov [=10=]x1,%ebx
804900c: b9 05 00 00 00 mov [=10=]x5,%ecx
8049011: ba 0b 00 00 00 mov [=10=]xb,%edx
8049016: cd 80 int [=10=]x80
8049018: eb 00 jmp 804901a <end_program>
0804901a <end_program>:
804901a: b8 01 00 00 00 mov [=10=]x1,%eax
804901f: bb 05 00 00 00 mov [=10=]x5,%ebx
8049024: cd 80 int [=10=]x80
我想要的样子:
stuff: file format elf32-i386
Disassembly of section .text:
08049000 <_start>:
8049000: eb 00 jmp 8049002 <print_stuff>
08049002 <print_stuff>:
8049002: b8 04 00 00 00 movl [=11=]x4,%eax
8049007: bb 01 00 00 00 movl [=11=]x1,%ebx
804900c: b9 05 00 00 00 movl [=11=]x5,%ecx
8049011: ba 0b 00 00 00 movl [=11=]xb,%edx
8049016: cd 80 int [=11=]x80
8049018: eb 00 jmp 804901a <end_program>
0804901a <end_program>:
804901a: b8 01 00 00 00 movl [=11=]x1,%eax
804901f: bb 05 00 00 00 movl [=11=]x5,%ebx
8049024: cd 80 int [=11=]x80
即使寄存器操作数暗示了冗余后缀也会使您的输出混乱,请使用
objdump -d -M suffix foo
"
suffix"
When in AT&T mode and also for a limited set of instructions when in Intel mode, instructs the disassembler to print a mnemonic suffix even when the suffix could be inferred by the operands or, for certain instructions, the execution mode's defaults.
顺便说一句,“英特尔语法的有限子集”包括诸如相对 jmp rel32 之类的指令,例如
$ objdump -d -M intel /bin/ls
...
436e: e9 12 fe ff ff jmp 4185 <__cxa_atexit@plt+0x155>
$ objdump -d -M intel,suffix /bin/ls
...
436e: e9 12 fe ff ff jmpq 4185 <__cxa_atexit@plt+0x155>
(相关:objdump -Mintel 打印 callq / retq 即使没有 suffix 选项。)
intel-syntax 效果不包括像 add 或 mov 甚至 movzx 这样的指令。例如,对于内存操作数,它们会明确地将大小指示为 qword ptr [rdi],并且 objdump 确实总是包含它,即使它被另一个操作数暗示。