分类: LINUX
2011-09-01 15:36:47
有一个arm elf文件经过objcopy -O binary 命令处理生成bin文件
进行反汇编:
指令1:
arm_v5t_le-objdump -b binary -m armv5te -D u-boot.bin|head
指令2:
arm-linux-objdump -D -b binary test.bin --architecture=arm > /tmp/raw.txt
Meanwhile I wrote a perl script, which does all the jobs. Also it lookup references and add this to the disassemble output.
[ ] Disassembling with GNU/GPL toolsThe gnu/gpl tools are not made for analysing alien binary dumps because we usually have the source code if we need to debug. This is not really an replacement for IDA but for me it's was sufficient.
Installing software is not explained in this tutorials.
Prerequisites:
In this toybox we have:
arm-elf-objcopy | arm-linux-gnu-objcopyHere we go:
strings -t x dump.bin > dump.stringsHowever, theres a problem: all files start with an offset of 0x00. Here comes my script:
strings -t x dump.bin | ./renumber.pl 0xff810000 > dump.stringsBefore we disassemble the dump, we pack it into elf format. This meat is good for feeding gdb and the IDA demo version ;)
arm-linux-gnu-objcopy --change-addresses=0xff810000 -I binary -O elf32-littlearm -B arm dump.bin dump.elfVerify the elf file:
arm-linux-gnu-objdump -x dump.elfDisassemble:
arm-linux-gnu-objdump -d dump.elf > dump.disSo finally we have 3 ascii files to stare at:
and
Meanwhile I wrote perl script, which does all the jobs. Also it lookup references and add this to the disassemble output.
disassemble.pl 0xff810000 dump.bine.g. output:
NSTUB(Capture.Create, 0xff938368):Note: The entire disassembled file is shown as instructions, including strings and numeric constants. Strings are identified where referenced, as shown above, but the corresponding address still has disassembled (nonsense) instructions. If the instructions you are looking at don't make any sense, they are probably data.
[ ] using gcc/gasAnother way to create an elf file with symbols from chdk's stub files: However, the disassemble script makes a better format but this one is very good for gdb+qemu ;)
