有一个arm elf文件经过objcopy -O binary 命令处理生成bin文件
进行反汇编:
指令1:
arm_v5t_le-objdump-b binary -m armv5te -Du-boot.bin|head
指令2:
arm-linux-objdump -D -b binary test.bin --architecture=arm > /tmp/raw.txt
http://linux.chinaunix.net/bbs/thread-1145255-1-1.html
http://chdk.wikia.com/wiki/GPL_Disassembling
Meanwhile I wrote a perl script, which does all the jobs. Also it
lookup references and add this to the disassemble output.
[edit
]
Disassembling with GNU/GPL tools
The gnu/gpl tools are not made for analysing alien binary dumps
because we usually have the source code if we need to debug. This is not
really an replacement for IDA but for me it's was sufficient.
Installing software is not explained in this tutorials.
Prerequisites:
- You have a raw binary firmware dump to look at. I'll use here
"dump.bin"
In this toybox we have:
arm-elf-objcopy | arm-linux-gnu-objcopy
arm-elf-objdump | arm-linux-gnu-objdump
Here we go:
strings -t x dump.bin > dump.strings
hexdump -C dump.bin > dump.hex
arm-linux-gnu-objdump -m arm -b binary -D dump.bin > dump.dis
However, theres a problem: all files start with an offset of 0x00.
Here comes my renumber.pl
script:
strings -t x dump.bin | ./renumber.pl 0xff810000 > dump.strings
hexdump -C dump.bin |./renumber.pl 0xff810000 > dump.hex
Before we disassemble the dump, we pack it into elf format. This meat
is good for feeding gdb and the IDA demo version;)
arm-linux-gnu-objcopy --change-addresses=0xff810000 -I binary -O elf32-littlearm -B arm dump.bin dump.elf
arm-linux-gnu-objcopy --set-section-flags .data=code dump.elf
Verify the elf file:
arm-linux-gnu-objdump -x dump.elf
Disassemble:
arm-linux-gnu-objdump -d dump.elf > dump.dis
So finally we have 3 ascii files to stare at:
- dump.dis
- dump.strings
- dump.hex
and
- dump.elf for gdb and qemu
[edit
]
Putting all together
Meanwhile I wrote GPL:disassemble.pl
perl script, which
does all the jobs. Also it lookup references and add this to the
disassemble output.
disassemble.pl 0xff810000 dump.bin
e.g. output:
NSTUB(Capture.Create, 0xff938368):
ff938368: e92d4010 stmdb sp!, {r4, lr}
ff93836c: e59f0020 ldr r0, [pc, #32] ; ff938394: (ffac13cc)
ff938370: ebfcc3fd bl ff86936c <_binary_dump_bin_start+0x5936c -847876>
ff938374: eb01cf03 bl ff9abf88 <_binary_dump_bin_start+0x19bf88 +474132>
ff938378: e3a00000 mov r0, #0 ; 0x0
ff93837c: e8bd8010 ldmia sp!, {r4, pc}
// this is obviously an entry point, because ^^ is a "return"
ff938380: e24f1020 sub r1, pc, #32 ; ff938368: (e92d4010)
ff938384: e28f000c add r0, pc, #12 ; ff938398: (74706143) *"Capture.Create"
ff938388: eafcc355 b ff8690e4 <_binary_dump_bin_start+0x590e4 -848548>
// another
ff93838c: e28f0004 add r0, pc, #4 ; ff938398: (74706143) *"Capture.Create"
ff938390: eafcc355 b ff8690ec <_binary_dump_bin_start+0x590ec -848548>
// this is data, referenced from 0xff93836c followed by some text
ff938394: ffac13cc undefined instruction 0xffac13cc
"Capture.Create":
ff938398: 74706143 ldrvcbt r6, [r0], #-323
ff93839c: 2e657275 mcrcs 2, 3, r7, cr5, cr5, {3}
ff9383a0: 61657243 cmnvs r5, r3, asr #4
ff9383a4: 00006574 andeq r6, r0, r4, ror r5
Note:
The entire disassembled file is shown as instructions,
including strings and numeric constants. Strings are identified where
referenced, as shown above, but the corresponding address still has
disassembled (nonsense) instructions. If the instructions you are
looking at don't make any sense, they are probably data.
[edit
]
using gcc/gas
Another way to create an elf file with symbols from chdk's stub
files:
forum
However, the disassemble script makes a better format but this one is
very good for gdb+qemu;)
分享到:
相关推荐
Learning Linux Binary Analysis-Packt Publishing
Grasp the intricacies of the ELF binary format of UNIX and Linux Design tools for reverse engineering and binary forensic analysis Insights into UNIX and Linux memory infections, ELF viruses, and ...
This document describes the structure of the Application Binary Interface (ABI) for the ARM architecture, and links to the documents that define the base standard for the ABI for the ARM Architecture...
linux根目录下文件介绍 /bin bin是binary的缩写。这个目录沿袭了UNIX系统的结构,存放着使用者最经常使用的命令。例如cp、ls、cat,等等。 /boot 这里存放的是启动Linux时使用的一些核心文件。 /dev dev是device...
jdk-8u202-linux-arm64-vfp-hflt.tar.gz适用于Linux ARM v6/v7 Soft Float ABI 64位系统,是在Binary Code License (“BCL”)许可协议下提供最后的免费商业版本,允许用在生产环境中; 对于 2019 年 4 月 16 日开始...
日文版本,Binary文件阅读查看编辑小程序程序
包含javafx的arm linux jdk . 此jdk比较难下载. 这里作为备份. Oracle官方已经声明 : jdk8u33以后的版本不再支持arm javafx.
Learning Linux Binary Analysis 英文epub 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除
jdk-8u202-linux-arm32-vfp-hflt.tar.gz适用于Linux ARM v6/v7 Soft Float ABI 32位系统,是在Binary Code License (“BCL”)许可协议下提供最后的免费商业版本,允许用在生产环境中; 对于 2019 年 4 月 16 日开始...
LEARNING_LINUX_BINARY_ANALYSIS.pdf
Learning Linux Binary Analysis 英文无水印pdf pdf所有页面使用FoxitReader和PDF-XChangeViewer测试都可以打开 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传...
在Unity中使用自定义Binary文件保存和载入游戏示例,包括Scene场景与完整测试代码
minio 的二进制 可执行文件,适用于linux系统,加权限带参数执行即可
First published: February 2016 Production reference: 1250216 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78216-710-5 www.packtpub.com
Learning Linux Binary Analysis linux 二进制分析 二进制分析
Binary Viewer二进制文件读取软件,可读取二进制的语音数据,图像数据,从而分析音频或者图像存储的二进制信息
编译出objdump二进制文件,可以直接使用,用于反汇编; 修改权限:chmod +x objdump 使用示例:objdump -d a.out(gcc编译出的可执行文件)
DESCRIPTION mdisasm is basic disassembler for Cortex M0/M3 cores, which can be found in STM32, LPC 1xxx and other ... It can quickly disassemble binary file to a readable assembly listing.
Linux下的java:cannot execute binary file: Exec format error,系统位数无误,有可能你玩儿的是树莓派。
jdk-8u152-linux-arm32-vfp-hflt.tar.gz ;包含javafx的arm linux jdk . 此jdk比较难下载....Linux下的java:cannot execute binary file: Exec format error,系统位数无误,有可能你玩儿的是树莓派。