Processing object modules with objdump

[Vortex]

objdump is a command-line program for displaying various information about object files on Unix-like operating systems. For instance, it can be used as a disassembler to view an executable in assembly form. It is part of the GNU Binutils for fine-grained control over executables and other binary data. objdump uses the BFD library to read the contents of object files. Similar utilities are Borland TDUMP, Microsoft DUMPBIN and readelf.

Note that on certain platforms (e.g. Mac OS X), the objdump binary may actually be a link to llvm's objdump, with different command-line options and behavior.

https://en.wikipedia.org/wiki/Objdump

On Windows, objdump comes with the MinGW installation.

A quick example :

Code Select Expand

; uCase based on \masm32\m32lib\szupper.asm

.386
.model flat,stdcall
option casemap :none

.code

OPTION PROLOGUE:NONE
OPTION EPILOGUE:NONE

uCase PROC USES ebx string:DWORD

    push    ebx
    mov     eax,DWORD PTR [esp+8]
    mov     ebx,1
    sub     eax,ebx
@@:
    add     eax,ebx
    cmp     BYTE PTR [eax],bh
    je      @f
   
    cmp     BYTE PTR [eax],97
    jb      @b
   
    cmp     BYTE PTR [eax],122
    ja      @b
   
    sub     BYTE PTR [eax],32
    jmp     @b
@@:
    mov     eax,DWORD PTR [esp+4]
    pop     ebx
    ret     4

uCase ENDP

OPTION PROLOGUE:PrologueDef
OPTION EPILOGUE:EpilogueDef

END

Code Select Expand

\masm32\bin\ml /c /coff uCase.asm

REM Extract the code section from the MS COFF object module :

C:\MinGW\bin\objcopy --dump-section .text=uCase.bin uCase.obj

REM Disassemble the binary file

C:\mingw\bin\objdump -D -Mintel,i386 -b binary -m i386 uCase.bin > uCase-Disasm.txt

uCase-Disasm.txt :

Code Select Expand


uCase.bin:     file format binary

Disassembly of section .data:

00000000 <.data>:
   0: 53                    push   ebx
   1: 8b 44 24 08          mov    eax,DWORD PTR [esp+0x8]
   5: bb 01 00 00 00        mov    ebx,0x1
   a: 2b c3                sub    eax,ebx
   c: 03 c3                add    eax,ebx
   e: 38 38                cmp    BYTE PTR [eax],bh
  10: 74 0f                je     0x21
  12: 80 38 61              cmp    BYTE PTR [eax],0x61
  15: 72 f5                jb     0xc
  17: 80 38 7a              cmp    BYTE PTR [eax],0x7a
  1a: 77 f0                ja     0xc
  1c: 80 28 20              sub    BYTE PTR [eax],0x20
  1f: eb eb                jmp    0xc
  21: 8b 44 24 04          mov    eax,DWORD PTR [esp+0x4]
  25: 5b                    pop    ebx
  26: c2 04 00              ret    0x4

[mineiro]

Good work.
In the binutils package there is the nm utility used to list symbols. Usually the preceding uppercase letter T says it is an internal procedure, the letter U an external function, ... . It is useful to find the names of the functions to be disassembled. Useful when we have an ambiguous variable, I mean, a global variable with the same name as a function.