如何在 Linux 上检查 ELF 文件的数据部分的内容？

小开

最佳答案

objdump -s -j .rodata exefile

gives a side-by-side hex/printable ASCII dump of the contents of the rodata section like:

Contents of section .rodata:
0000 67452301 efcdab89 67452301 efcdab89  gE#.....gE#.....
0010 64636261 68676665 64636261 68676665  dcbahgfedcbahgfe

It doesn't look like there's anything in there to control formatting, but it's a start. You could always undump the hex and feed it to od, I suppose :)

小开

readelf -x .rodata hello_world.o

gives:

Hex dump of section '.rodata':
0x00000000 48656c6c 6f20776f 726c6421 0a       Hello world!.

You should prefer readelf when possible since objdump simply does not show some sections like .symtab: Why does objdump not show .bss, .shstratab, .symtab and .strtab sections?

You can also extract the raw bytes with the techniques mentioned at: How do you extract only the contents of an ELF section and as mentioned by ysdx.

小开

You can get the RAW (not hexdump-ed) ELF section with:

# To a file:
objcopy file /dev/null --dump-section .text=text.data
# To stdout:
objcopy file /dev/null --dump-section .text=/dev/stdout | cat

Here I'm using | cat in order to force stdout to be a pipe. /dev/stdout might work unexpectedly if stdout is a file. .text=- does not send to stdout but to the - file.

However objcopy and objdump have some deficiencies (because they are based on BFD which abstracts different executable formats).

Update: I wrote a tool to do this which does not rely on BFD.