I want to open an elf file in Linux kernel mode. and find whether it contains "in" and "out" instruction.
How to do that? Any idea?
Thanks.
How to do that?
objdump -d /lib/modules/`uname -r`/.../some-module.ko
Related
I am writing C and C++ code on Linux OS and I am using GCC. After finishing my code, I would like to generate an ELF file. I just can generate "a.out" file and I don't need it. How can I get ELF file ? ELF file occurs as a result of what ? or Is it possible to generate this file with this program ?
The compiler (i.e. gcc or g++) will invoke the linker (ld) which produces an ELF executable.
In practice, you will use a builder program (like make) to drive gcc commands. See this answer.
The default output file for gcc is still named a.out (for historical reasons) but is an ELF file. And you really want to ask gcc to output an executable with a more fancy name.
Simple example, you code a single-file hello-world.c program. You can compile it with e.g.
gcc -Wall -g hello-world.c -o hello-world-bin
(order of arguments to gcc matters a lot!)
and the produced hello-world-bin is an ELF executable. Check with
file hello-world-bin
then run it with
./hello-world-bin your arguments to it
Later, learn how to use the gdb debugger on it.
See also this and that answers.
is it possible? I want to use gcc like assembler and after compile it to executable on ubuntu.
I tried it:
gcc a.asm -o out.o
and from out.o file compiler it to .out executable file.
but I get the following error:
file format not recognized; treating as linker script.
I'm new on linux environment. I hope this is clean for you. Any help is very appreciadted. Thanks in advance.
Change file name a.asm to a.s and let gcc autodetect assembler (by extension).
Read the documentation for the -x option to gcc. It allows you to specify the language of the source file.
I wrote a x86 assembly program for MBR section.
I compile it as follows:
nasm hellombr.asm -f bin -o hellombr.img
Then I run it in qemu:
qemu -fda hellombr.img -boot a
The question is how can I debug my program at source level?
You should let nasm create the debugging symbols in an ELF file and then dump this to a flat binary to be used in the MBR. You can then instruct GDB to read the necessary symbols from the ELF file.
The complete procedure would then become something like this:
$ nasm hellombr.asm -f elf -g -o hellombr.elf
$ objcopy -O binary hellombr.elf hellombr.img
$ qemu -s -S -fda hellombr.img -boot a
$ gdb
(gdb) symbol-file hellombr.elf
(gdb) target remote localhost:1234
For an explanation of the flags I pass to qemu see this answer.
Instead of using qemu, use bochs. It is completely compatible, albeit slower. It is also an emulator but if you make it from sources, using these flags and build it like this:
./configure --enable-debugger --enable-disasm --disable-docbook
make
make install
you can place breakpoints in your code, step through it, view GDT, IDT and everything you needed to know.
A really good (and simple) way is to use IDA with bochs, you find an excellent blog post on it here, along with some other hints/suggestions for bootloader development.
I know of otool -tv, but I would much rather use the Intel syntax rather than AT&Ts, mainly to easily follow along in a book and not have to look over thousands of %'s and $'s.
I'd also appreciate any tips to where I might find gdb's config file.
EDIT: I forgot: I'm running a 64bit processor, but was wondering if it would be possible to also disassemble into 32 bit assembly? Not only that, but does OSX's gdb's list command work differently than the standard GNU version?
Thanks so much!
(Also, if you have any idea where I might find a little disassembler from C -> MIPS, that'd be very fun to play with. But not necessary!)
(I know this is an old question, but I want to provide an updated answer for people who come here through search engines).
On recent versions of macOS (I'm running 10.14.5), an objdump command is available, which is based on LLVM and is not the one from the GNU project. It offers a (hidden) option to disassemble using Intel syntax. For example, /bin/echo can be disassembled as follows:
objdump -disassemble -x86-asm-syntax=intel /bin/echo
To answer your second question, if the code has been compiled into a fat binary with both 64-bit and 32-bit, you can use otool -arch i386 -tv to disassemble the 32-bit slice of the binary; otool -arch x86_64 -tv will give you the 64-bit portion (on SnowLeopard, this is also the default behavior if no -arch flag is passed).
Also note that while otool doesn't support the Intel syntax, gdb (set disassembly-flavor intel) and XCode (Preferences -> Debugging -> Disassembly Style) do.
With Objdump you can disassemble with -d -M intel, and apparently -m can be used to specify the architecture.
For GDB, in your .gdbinit file, add:
set disassembly-flavor intel
then it will be the default syntax for gdb.
You can use A2I to translate from AT&T to Intel syntax: http://membres.lycos.fr/placr/a2i.html
So I wrote buggy code that occasionally crash ... and creates a stackdump file.
Using addr2line I can figure out how the program got to the crash point by decoding the addresses from the stackdump one by one. Is there an alternative tool that can ease the debug using stack dumps?
Is there a way to to load this information in Insight/Gdb?
You can instruct Cygwin to start your gdb debugger just in time when an fault occurs.
To achieve this, add error_start=action to the Cygwin environment variable:
export CYGWIN="$CYGWIN error_start=gdb -nw %1 %2"
Else you can have Cygwin generate a real core dump.
export CYGWIN="$CYGWIN error_start=dumper -d %1 %2"
Firstly, make sure you build with source debugging enabled (the using -g option):
gcc -g -o myfile myfile.c
Then Load the dump into gdb after the crash (or insight, or ddd)
gdb myfile core