Menu
Can I disassemble a flat binary file using objdump?
I'm familiar with disassembling a structured binary executable such as an ELF file using:
objdump -d file.elf But if I have a flat binary file that I know is supposed to be loaded at, e.g., address 0xabcd1000, can I ask objdump to disassemble it? I tried supplying options such as '--start-address=0xabcd1000' but objdump just states that it doesn't recognize the format.
I have other ideas about how to disassemble the file but I wanted to know if objdump could provide a simple solution.
781
The objdump command is generally used to inspect the object files and binary files. It prints the different sections in object files, their virtual memory address, logical memory address, debug information, symbol table, and other pieces of information. Here we'll see how we can use this tool to disassemble the files.
Disassembling an ELF-formatted fileUse the --disassemble option to display a disassembled version of the image to stdout . If you use this option with the --output destination option, you can reassemble the output file with armasm. You can use this option to disassemble either an ELF image or an ELF object file.
I found the solution to my own question on a different forum. It looks something like this:
objdump -b binary --adjust-vma=0xabcd1000 -D file.bin I've tested this and it works.
125
starblue and hlovdal both have parts of the canonical answer. If you want to disassemble raw i8086 code, you usually want Intel syntax, not AT&T syntax, too, so use:
objdump -D -Mintel,i8086 -b binary -m i386 mbr.bin objdump -D -Mintel,i386 -b binary -m i386 foo.bin # for 32-bit code objdump -D -Mintel,x86-64 -b binary -m i386 foo.bin # for 64-bit code If your code is ELF (or a.out (or (E)COFF)), you can use the short form:
objdump -D -Mintel,i8086 a.out # disassembles the entire file objdump -d -Mintel,i8086 a.out # disassembles only code sections For 32-bit or 64-bit code, omit the ,8086; the ELF header already includes this information.
ndisasm, as suggested by jameslin, is also a good choice, but objdump usually comes with the OS and can deal with all architectures supported by GNU binutils (superset of those supported by GCC), and its output can usually be fed into GNU as (ndisasm’s can usually be fed into nasm though, of course).
Peter Cordes suggests that “Agner Fog's objconv is very nice. It puts labels on branch targets, making a lot easier to figure out what the code does. It can disassemble into NASM, YASM, MASM, or AT&T (GNU) syntax.”
Multimedia Mike already found out about --adjust-vma; the ndisasm equivalent is the -o option.
To disassemble, say, sh4 code (I used one binary from Debian to test), use this with GNU binutils (almost all other disassemblers are limited to one platform, such as x86 with ndisasm and objconv):
objdump -D -b binary -m sh -EL x The -m is the machine, and -EL means Little Endian (for sh4eb use -EB instead), which is relevant for architectures that exist in either endianness.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
