traversing an elf binary ?

Programming, for all ages and all languages.
Locked
User avatar
Sam111
Member
Member
Posts: 385
Joined: Mon Nov 03, 2008 6:06 pm

traversing an elf binary ?

Post by Sam111 »

I wrote a simple elf 32 exe wanted to know the flow of the code.

objdump -D -M intel hello //note this is dissassembling all the sections including the non-code sections

which gives this

Code: Select all

hello:     file format elf32-i386


Disassembly of section .interp:

08048134 <.interp>:
 8048134:	2f                   	das    
 8048135:	6c                   	ins    BYTE PTR es:[edi],dx
 8048136:	69 62 2f 6c 64 2d 6c 	imul   esp,DWORD PTR [edx+0x2f],0x6c2d646c
 804813d:	69 6e 75 78 2e 73 6f 	imul   ebp,DWORD PTR [esi+0x75],0x6f732e78
 8048144:	2e 32 00             	xor    al,BYTE PTR cs:[eax]

Disassembly of section .note.ABI-tag:

08048148 <.note.ABI-tag>:
 8048148:	04 00                	add    al,0x0
 804814a:	00 00                	add    BYTE PTR [eax],al
 804814c:	10 00                	adc    BYTE PTR [eax],al
 804814e:	00 00                	add    BYTE PTR [eax],al
 8048150:	01 00                	add    DWORD PTR [eax],eax
 8048152:	00 00                	add    BYTE PTR [eax],al
 8048154:	47                   	inc    edi
 8048155:	4e                   	dec    esi
 8048156:	55                   	push   ebp
 8048157:	00 00                	add    BYTE PTR [eax],al
 8048159:	00 00                	add    BYTE PTR [eax],al
 804815b:	00 02                	add    BYTE PTR [edx],al
 804815d:	00 00                	add    BYTE PTR [eax],al
 804815f:	00 06                	add    BYTE PTR [esi],al
 8048161:	00 00                	add    BYTE PTR [eax],al
 8048163:	00 0f                	add    BYTE PTR [edi],cl
 8048165:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .note.gnu.build-id:

08048168 <.note.gnu.build-id>:
 8048168:	04 00                	add    al,0x0
 804816a:	00 00                	add    BYTE PTR [eax],al
 804816c:	14 00                	adc    al,0x0
 804816e:	00 00                	add    BYTE PTR [eax],al
 8048170:	03 00                	add    eax,DWORD PTR [eax]
 8048172:	00 00                	add    BYTE PTR [eax],al
 8048174:	47                   	inc    edi
 8048175:	4e                   	dec    esi
 8048176:	55                   	push   ebp
 8048177:	00 46 c8             	add    BYTE PTR [esi-0x38],al
 804817a:	2e                   	cs
 804817b:	aa                   	stos   BYTE PTR es:[edi],al
 804817c:	e8 ad 34 b4 fa       	call   2b8b62e <len+0x2b8b622>
 8048181:	0f c6 c4 2d          	shufps xmm0,xmm4,0x2d
 8048185:	33 b9 82 55 47 ad    	xor    edi,DWORD PTR [ecx-0x52b8aa7e]
 804818b:	6d                   	ins    DWORD PTR es:[edi],dx

Disassembly of section .gnu.hash:

0804818c <.gnu.hash>:
 804818c:	02 00                	add    al,BYTE PTR [eax]
 804818e:	00 00                	add    BYTE PTR [eax],al
 8048190:	03 00                	add    eax,DWORD PTR [eax]
 8048192:	00 00                	add    BYTE PTR [eax],al
 8048194:	01 00                	add    DWORD PTR [eax],eax
 8048196:	00 00                	add    BYTE PTR [eax],al
 8048198:	05 00 00 00 00       	add    eax,0x0
 804819d:	20 00                	and    BYTE PTR [eax],al
 804819f:	20 00                	and    BYTE PTR [eax],al
 80481a1:	00 00                	add    BYTE PTR [eax],al
 80481a3:	00 03                	add    BYTE PTR [ebx],al
 80481a5:	00 00                	add    BYTE PTR [eax],al
 80481a7:	00                   	.byte 0x0
 80481a8:	ad                   	lods   eax,DWORD PTR ds:[esi]
 80481a9:	4b                   	dec    ebx
 80481aa:	e3 c0                	jecxz  804816c <len+0x8048160>

Disassembly of section .dynsym:

080481ac <.dynsym>:
	...
 80481bc:	01 00                	add    DWORD PTR [eax],eax
	...
 80481c6:	00 00                	add    BYTE PTR [eax],al
 80481c8:	20 00                	and    BYTE PTR [eax],al
 80481ca:	00 00                	add    BYTE PTR [eax],al
 80481cc:	29 00                	sub    DWORD PTR [eax],eax
	...
 80481d6:	00 00                	add    BYTE PTR [eax],al
 80481d8:	12 00                	adc    al,BYTE PTR [eax]
 80481da:	00 00                	add    BYTE PTR [eax],al
 80481dc:	1a 00                	sbb    al,BYTE PTR [eax]
 80481de:	00 00                	add    BYTE PTR [eax],al
 80481e0:	8c 84 04 08 04 00 00 	mov    WORD PTR [esp+eax*1+0x408],es
 80481e7:	00 11                	add    BYTE PTR [ecx],dl
 80481e9:	00 0f                	add    BYTE PTR [edi],cl
	...

Disassembly of section .dynstr:

080481ec <.dynstr>:
 80481ec:	00 5f 5f             	add    BYTE PTR [edi+0x5f],bl
 80481ef:	67 6d                	ins    DWORD PTR es:[di],dx
 80481f1:	6f                   	outs   dx,DWORD PTR ds:[esi]
 80481f2:	6e                   	outs   dx,BYTE PTR ds:[esi]
 80481f3:	5f                   	pop    edi
 80481f4:	73 74                	jae    804826a <len+0x804825e>
 80481f6:	61                   	popa   
 80481f7:	72 74                	jb     804826d <len+0x8048261>
 80481f9:	5f                   	pop    edi
 80481fa:	5f                   	pop    edi
 80481fb:	00 6c 69 62          	add    BYTE PTR [ecx+ebp*2+0x62],ch
 80481ff:	63 2e                	arpl   WORD PTR [esi],bp
 8048201:	73 6f                	jae    8048272 <len+0x8048266>
 8048203:	2e 36 00 5f 49       	cs add BYTE PTR cs:ss:[edi+0x49],bl
 8048208:	4f                   	dec    edi
 8048209:	5f                   	pop    edi
 804820a:	73 74                	jae    8048280 <_init+0xc>
 804820c:	64 69 6e 5f 75 73 65 	imul   ebp,DWORD PTR fs:[esi+0x5f],0x64657375
 8048213:	64 
 8048214:	00 5f 5f             	add    BYTE PTR [edi+0x5f],bl
 8048217:	6c                   	ins    BYTE PTR es:[edi],dx
 8048218:	69 62 63 5f 73 74 61 	imul   esp,DWORD PTR [edx+0x63],0x6174735f
 804821f:	72 74                	jb     8048295 <_init+0x21>
 8048221:	5f                   	pop    edi
 8048222:	6d                   	ins    DWORD PTR es:[edi],dx
 8048223:	61                   	popa   
 8048224:	69 6e 00 47 4c 49 42 	imul   ebp,DWORD PTR [esi+0x0],0x42494c47
 804822b:	43                   	inc    ebx
 804822c:	5f                   	pop    edi
 804822d:	32 2e                	xor    ch,BYTE PTR [esi]
 804822f:	30 00                	xor    BYTE PTR [eax],al

Disassembly of section .gnu.version:

08048232 <.gnu.version>:
 8048232:	00 00                	add    BYTE PTR [eax],al
 8048234:	00 00                	add    BYTE PTR [eax],al
 8048236:	02 00                	add    al,BYTE PTR [eax]
 8048238:	01 00                	add    DWORD PTR [eax],eax

Disassembly of section .gnu.version_r:

0804823c <.gnu.version_r>:
 804823c:	01 00                	add    DWORD PTR [eax],eax
 804823e:	01 00                	add    DWORD PTR [eax],eax
 8048240:	10 00                	adc    BYTE PTR [eax],al
 8048242:	00 00                	add    BYTE PTR [eax],al
 8048244:	10 00                	adc    BYTE PTR [eax],al
 8048246:	00 00                	add    BYTE PTR [eax],al
 8048248:	00 00                	add    BYTE PTR [eax],al
 804824a:	00 00                	add    BYTE PTR [eax],al
 804824c:	10 69 69             	adc    BYTE PTR [ecx+0x69],ch
 804824f:	0d 00 00 02 00       	or     eax,0x20000
 8048254:	3b 00                	cmp    eax,DWORD PTR [eax]
 8048256:	00 00                	add    BYTE PTR [eax],al
 8048258:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .rel.dyn:

0804825c <.rel.dyn>:
 804825c:	f0 9f                	lock lahf 
 804825e:	04 08                	add    al,0x8
 8048260:	06                   	push   es
 8048261:	01 00                	add    DWORD PTR [eax],eax
	...

Disassembly of section .rel.plt:

08048264 <.rel.plt>:
 8048264:	00 a0 04 08 07 01    	add    BYTE PTR [eax+0x1070804],ah
 804826a:	00 00                	add    BYTE PTR [eax],al
 804826c:	04 a0                	add    al,0xa0
 804826e:	04 08                	add    al,0x8
 8048270:	07                   	pop    es
 8048271:	02 00                	add    al,BYTE PTR [eax]
	...

Disassembly of section .init:

08048274 <_init>:
 8048274:	55                   	push   ebp
 8048275:	89 e5                	mov    ebp,esp
 8048277:	53                   	push   ebx
 8048278:	83 ec 04             	sub    esp,0x4
 804827b:	e8 00 00 00 00       	call   8048280 <_init+0xc>
 8048280:	5b                   	pop    ebx
 8048281:	81 c3 74 1d 00 00    	add    ebx,0x1d74
 8048287:	8b 93 fc ff ff ff    	mov    edx,DWORD PTR [ebx-0x4]
 804828d:	85 d2                	test   edx,edx
 804828f:	74 05                	je     8048296 <_init+0x22>
 8048291:	e8 1e 00 00 00       	call   80482b4 <__gmon_start__@plt>
 8048296:	e8 d5 00 00 00       	call   8048370 <frame_dummy>
 804829b:	e8 a0 01 00 00       	call   8048440 <__do_global_ctors_aux>
 80482a0:	58                   	pop    eax
 80482a1:	5b                   	pop    ebx
 80482a2:	c9                   	leave  
 80482a3:	c3                   	ret    

Disassembly of section .plt:

080482a4 <__gmon_start__@plt-0x10>:
 80482a4:	ff 35 f8 9f 04 08    	push   DWORD PTR ds:0x8049ff8
 80482aa:	ff 25 fc 9f 04 08    	jmp    DWORD PTR ds:0x8049ffc
 80482b0:	00 00                	add    BYTE PTR [eax],al
	...

080482b4 <__gmon_start__@plt>:
 80482b4:	ff 25 00 a0 04 08    	jmp    DWORD PTR ds:0x804a000
 80482ba:	68 00 00 00 00       	push   0x0
 80482bf:	e9 e0 ff ff ff       	jmp    80482a4 <_init+0x30>

080482c4 <__libc_start_main@plt>:
 80482c4:	ff 25 04 a0 04 08    	jmp    DWORD PTR ds:0x804a004
 80482ca:	68 08 00 00 00       	push   0x8
 80482cf:	e9 d0 ff ff ff       	jmp    80482a4 <_init+0x30>

Disassembly of section .text:

080482e0 <_start>:
 80482e0:	31 ed                	xor    ebp,ebp
 80482e2:	5e                   	pop    esi
 80482e3:	89 e1                	mov    ecx,esp
 80482e5:	83 e4 f0             	and    esp,0xfffffff0
 80482e8:	50                   	push   eax
 80482e9:	54                   	push   esp
 80482ea:	52                   	push   edx
 80482eb:	68 30 84 04 08       	push   0x8048430
 80482f0:	68 d0 83 04 08       	push   0x80483d0
 80482f5:	51                   	push   ecx
 80482f6:	56                   	push   esi
 80482f7:	68 a0 83 04 08       	push   0x80483a0
 80482fc:	e8 c3 ff ff ff       	call   80482c4 <__libc_start_main@plt>
 8048301:	f4                   	hlt    
 8048302:	90                   	nop
 8048303:	90                   	nop
 8048304:	90                   	nop
 8048305:	90                   	nop
 8048306:	90                   	nop
 8048307:	90                   	nop
 8048308:	90                   	nop
 8048309:	90                   	nop
 804830a:	90                   	nop
 804830b:	90                   	nop
 804830c:	90                   	nop
 804830d:	90                   	nop
 804830e:	90                   	nop
 804830f:	90                   	nop

08048310 <__do_global_dtors_aux>:
 8048310:	55                   	push   ebp
 8048311:	89 e5                	mov    ebp,esp
 8048313:	53                   	push   ebx
 8048314:	83 ec 04             	sub    esp,0x4
 8048317:	80 3d 1c a0 04 08 00 	cmp    BYTE PTR ds:0x804a01c,0x0
 804831e:	75 3f                	jne    804835f <__do_global_dtors_aux+0x4f>
 8048320:	a1 20 a0 04 08       	mov    eax,ds:0x804a020
 8048325:	bb 20 9f 04 08       	mov    ebx,0x8049f20
 804832a:	81 eb 1c 9f 04 08    	sub    ebx,0x8049f1c
 8048330:	c1 fb 02             	sar    ebx,0x2
 8048333:	83 eb 01             	sub    ebx,0x1
 8048336:	39 d8                	cmp    eax,ebx
 8048338:	73 1e                	jae    8048358 <__do_global_dtors_aux+0x48>
 804833a:	8d b6 00 00 00 00    	lea    esi,[esi+0x0]
 8048340:	83 c0 01             	add    eax,0x1
 8048343:	a3 20 a0 04 08       	mov    ds:0x804a020,eax
 8048348:	ff 14 85 1c 9f 04 08 	call   DWORD PTR [eax*4+0x8049f1c]
 804834f:	a1 20 a0 04 08       	mov    eax,ds:0x804a020
 8048354:	39 d8                	cmp    eax,ebx
 8048356:	72 e8                	jb     8048340 <__do_global_dtors_aux+0x30>
 8048358:	c6 05 1c a0 04 08 01 	mov    BYTE PTR ds:0x804a01c,0x1
 804835f:	83 c4 04             	add    esp,0x4
 8048362:	5b                   	pop    ebx
 8048363:	5d                   	pop    ebp
 8048364:	c3                   	ret    
 8048365:	8d 74 26 00          	lea    esi,[esi+eiz*1+0x0]
 8048369:	8d bc 27 00 00 00 00 	lea    edi,[edi+eiz*1+0x0]

08048370 <frame_dummy>:
 8048370:	55                   	push   ebp
 8048371:	89 e5                	mov    ebp,esp
 8048373:	83 ec 18             	sub    esp,0x18
 8048376:	a1 24 9f 04 08       	mov    eax,ds:0x8049f24
 804837b:	85 c0                	test   eax,eax
 804837d:	74 12                	je     8048391 <frame_dummy+0x21>
 804837f:	b8 00 00 00 00       	mov    eax,0x0
 8048384:	85 c0                	test   eax,eax
 8048386:	74 09                	je     8048391 <frame_dummy+0x21>
 8048388:	c7 04 24 24 9f 04 08 	mov    DWORD PTR [esp],0x8049f24
 804838f:	ff d0                	call   eax
 8048391:	c9                   	leave  
 8048392:	c3                   	ret    
 8048393:	90                   	nop
 8048394:	90                   	nop
 8048395:	90                   	nop
 8048396:	90                   	nop
 8048397:	90                   	nop
 8048398:	90                   	nop
 8048399:	90                   	nop
 804839a:	90                   	nop
 804839b:	90                   	nop
 804839c:	90                   	nop
 804839d:	90                   	nop
 804839e:	90                   	nop
 804839f:	90                   	nop

080483a0 <main>:
 80483a0:	ba 0c 00 00 00       	mov    edx,0xc
 80483a5:	b9 10 a0 04 08       	mov    ecx,0x804a010
 80483aa:	bb 01 00 00 00       	mov    ebx,0x1
 80483af:	b8 04 00 00 00       	mov    eax,0x4
 80483b4:	cd 80                	int    0x80
 80483b6:	bb 00 00 00 00       	mov    ebx,0x0
 80483bb:	b8 01 00 00 00       	mov    eax,0x1
 80483c0:	cd 80                	int    0x80
 80483c2:	90                   	nop
 80483c3:	90                   	nop
 80483c4:	90                   	nop
 80483c5:	90                   	nop
 80483c6:	90                   	nop
 80483c7:	90                   	nop
 80483c8:	90                   	nop
 80483c9:	90                   	nop
 80483ca:	90                   	nop
 80483cb:	90                   	nop
 80483cc:	90                   	nop
 80483cd:	90                   	nop
 80483ce:	90                   	nop
 80483cf:	90                   	nop

080483d0 <__libc_csu_init>:
 80483d0:	55                   	push   ebp
 80483d1:	89 e5                	mov    ebp,esp
 80483d3:	57                   	push   edi
 80483d4:	56                   	push   esi
 80483d5:	53                   	push   ebx
 80483d6:	e8 5a 00 00 00       	call   8048435 <__i686.get_pc_thunk.bx>
 80483db:	81 c3 19 1c 00 00    	add    ebx,0x1c19
 80483e1:	83 ec 1c             	sub    esp,0x1c
 80483e4:	e8 8b fe ff ff       	call   8048274 <_init>
 80483e9:	8d bb 20 ff ff ff    	lea    edi,[ebx-0xe0]
 80483ef:	8d 83 20 ff ff ff    	lea    eax,[ebx-0xe0]
 80483f5:	29 c7                	sub    edi,eax
 80483f7:	c1 ff 02             	sar    edi,0x2
 80483fa:	85 ff                	test   edi,edi
 80483fc:	74 24                	je     8048422 <__libc_csu_init+0x52>
 80483fe:	31 f6                	xor    esi,esi
 8048400:	8b 45 10             	mov    eax,DWORD PTR [ebp+0x10]
 8048403:	89 44 24 08          	mov    DWORD PTR [esp+0x8],eax
 8048407:	8b 45 0c             	mov    eax,DWORD PTR [ebp+0xc]
 804840a:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax
 804840e:	8b 45 08             	mov    eax,DWORD PTR [ebp+0x8]
 8048411:	89 04 24             	mov    DWORD PTR [esp],eax
 8048414:	ff 94 b3 20 ff ff ff 	call   DWORD PTR [ebx+esi*4-0xe0]
 804841b:	83 c6 01             	add    esi,0x1
 804841e:	39 fe                	cmp    esi,edi
 8048420:	72 de                	jb     8048400 <__libc_csu_init+0x30>
 8048422:	83 c4 1c             	add    esp,0x1c
 8048425:	5b                   	pop    ebx
 8048426:	5e                   	pop    esi
 8048427:	5f                   	pop    edi
 8048428:	5d                   	pop    ebp
 8048429:	c3                   	ret    
 804842a:	8d b6 00 00 00 00    	lea    esi,[esi+0x0]

08048430 <__libc_csu_fini>:
 8048430:	55                   	push   ebp
 8048431:	89 e5                	mov    ebp,esp
 8048433:	5d                   	pop    ebp
 8048434:	c3                   	ret    

08048435 <__i686.get_pc_thunk.bx>:
 8048435:	8b 1c 24             	mov    ebx,DWORD PTR [esp]
 8048438:	c3                   	ret    
 8048439:	90                   	nop
 804843a:	90                   	nop
 804843b:	90                   	nop
 804843c:	90                   	nop
 804843d:	90                   	nop
 804843e:	90                   	nop
 804843f:	90                   	nop

08048440 <__do_global_ctors_aux>:
 8048440:	55                   	push   ebp
 8048441:	89 e5                	mov    ebp,esp
 8048443:	53                   	push   ebx
 8048444:	83 ec 04             	sub    esp,0x4
 8048447:	a1 14 9f 04 08       	mov    eax,ds:0x8049f14
 804844c:	83 f8 ff             	cmp    eax,0xffffffff
 804844f:	74 13                	je     8048464 <__do_global_ctors_aux+0x24>
 8048451:	bb 14 9f 04 08       	mov    ebx,0x8049f14
 8048456:	66 90                	xchg   ax,ax
 8048458:	83 eb 04             	sub    ebx,0x4
 804845b:	ff d0                	call   eax
 804845d:	8b 03                	mov    eax,DWORD PTR [ebx]
 804845f:	83 f8 ff             	cmp    eax,0xffffffff
 8048462:	75 f4                	jne    8048458 <__do_global_ctors_aux+0x18>
 8048464:	83 c4 04             	add    esp,0x4
 8048467:	5b                   	pop    ebx
 8048468:	5d                   	pop    ebp
 8048469:	c3                   	ret    
 804846a:	90                   	nop
 804846b:	90                   	nop

Disassembly of section .fini:

0804846c <_fini>:
 804846c:	55                   	push   ebp
 804846d:	89 e5                	mov    ebp,esp
 804846f:	53                   	push   ebx
 8048470:	83 ec 04             	sub    esp,0x4
 8048473:	e8 00 00 00 00       	call   8048478 <_fini+0xc>
 8048478:	5b                   	pop    ebx
 8048479:	81 c3 7c 1b 00 00    	add    ebx,0x1b7c
 804847f:	e8 8c fe ff ff       	call   8048310 <__do_global_dtors_aux>
 8048484:	59                   	pop    ecx
 8048485:	5b                   	pop    ebx
 8048486:	c9                   	leave  
 8048487:	c3                   	ret    

Disassembly of section .rodata:

08048488 <_fp_hw>:
 8048488:	03 00                	add    eax,DWORD PTR [eax]
	...

0804848c <_IO_stdin_used>:
 804848c:	01 00                	add    DWORD PTR [eax],eax
 804848e:	02 00                	add    al,BYTE PTR [eax]

Disassembly of section .eh_frame:

08048490 <__FRAME_END__>:
 8048490:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .ctors:

08049f14 <__CTOR_LIST__>:
 8049f14:	ff                   	(bad)  
 8049f15:	ff                   	(bad)  
 8049f16:	ff                   	(bad)  
 8049f17:	ff 00                	inc    DWORD PTR [eax]

08049f18 <__CTOR_END__>:
 8049f18:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .dtors:

08049f1c <__DTOR_LIST__>:
 8049f1c:	ff                   	(bad)  
 8049f1d:	ff                   	(bad)  
 8049f1e:	ff                   	(bad)  
 8049f1f:	ff 00                	inc    DWORD PTR [eax]

08049f20 <__DTOR_END__>:
 8049f20:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .jcr:

08049f24 <__JCR_END__>:
 8049f24:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .dynamic:

08049f28 <_DYNAMIC>:
 8049f28:	01 00                	add    DWORD PTR [eax],eax
 8049f2a:	00 00                	add    BYTE PTR [eax],al
 8049f2c:	10 00                	adc    BYTE PTR [eax],al
 8049f2e:	00 00                	add    BYTE PTR [eax],al
 8049f30:	0c 00                	or     al,0x0
 8049f32:	00 00                	add    BYTE PTR [eax],al
 8049f34:	74 82                	je     8049eb8 <__FRAME_END__+0x1a28>
 8049f36:	04 08                	add    al,0x8
 8049f38:	0d 00 00 00 6c       	or     eax,0x6c000000
 8049f3d:	84 04 08             	test   BYTE PTR [eax+ecx*1],al
 8049f40:	f5                   	cmc    
 8049f41:	fe                   	(bad)  
 8049f42:	ff 6f 8c             	jmp    FWORD PTR [edi-0x74]
 8049f45:	81 04 08 05 00 00 00 	add    DWORD PTR [eax+ecx*1],0x5
 8049f4c:	ec                   	in     al,dx
 8049f4d:	81 04 08 06 00 00 00 	add    DWORD PTR [eax+ecx*1],0x6
 8049f54:	ac                   	lods   al,BYTE PTR ds:[esi]
 8049f55:	81 04 08 0a 00 00 00 	add    DWORD PTR [eax+ecx*1],0xa
 8049f5c:	45                   	inc    ebp
 8049f5d:	00 00                	add    BYTE PTR [eax],al
 8049f5f:	00 0b                	add    BYTE PTR [ebx],cl
 8049f61:	00 00                	add    BYTE PTR [eax],al
 8049f63:	00 10                	add    BYTE PTR [eax],dl
 8049f65:	00 00                	add    BYTE PTR [eax],al
 8049f67:	00 15 00 00 00 00    	add    BYTE PTR ds:0x0,dl
 8049f6d:	00 00                	add    BYTE PTR [eax],al
 8049f6f:	00 03                	add    BYTE PTR [ebx],al
 8049f71:	00 00                	add    BYTE PTR [eax],al
 8049f73:	00 f4                	add    ah,dh
 8049f75:	9f                   	lahf   
 8049f76:	04 08                	add    al,0x8
 8049f78:	02 00                	add    al,BYTE PTR [eax]
 8049f7a:	00 00                	add    BYTE PTR [eax],al
 8049f7c:	10 00                	adc    BYTE PTR [eax],al
 8049f7e:	00 00                	add    BYTE PTR [eax],al
 8049f80:	14 00                	adc    al,0x0
 8049f82:	00 00                	add    BYTE PTR [eax],al
 8049f84:	11 00                	adc    DWORD PTR [eax],eax
 8049f86:	00 00                	add    BYTE PTR [eax],al
 8049f88:	17                   	pop    ss
 8049f89:	00 00                	add    BYTE PTR [eax],al
 8049f8b:	00 64 82 04          	add    BYTE PTR [edx+eax*4+0x4],ah
 8049f8f:	08 11                	or     BYTE PTR [ecx],dl
 8049f91:	00 00                	add    BYTE PTR [eax],al
 8049f93:	00 5c 82 04          	add    BYTE PTR [edx+eax*4+0x4],bl
 8049f97:	08 12                	or     BYTE PTR [edx],dl
 8049f99:	00 00                	add    BYTE PTR [eax],al
 8049f9b:	00 08                	add    BYTE PTR [eax],cl
 8049f9d:	00 00                	add    BYTE PTR [eax],al
 8049f9f:	00 13                	add    BYTE PTR [ebx],dl
 8049fa1:	00 00                	add    BYTE PTR [eax],al
 8049fa3:	00 08                	add    BYTE PTR [eax],cl
 8049fa5:	00 00                	add    BYTE PTR [eax],al
 8049fa7:	00 fe                	add    dh,bh
 8049fa9:	ff                   	(bad)  
 8049faa:	ff 6f 3c             	jmp    FWORD PTR [edi+0x3c]
 8049fad:	82                   	(bad)  
 8049fae:	04 08                	add    al,0x8
 8049fb0:	ff                   	(bad)  
 8049fb1:	ff                   	(bad)  
 8049fb2:	ff 6f 01             	jmp    FWORD PTR [edi+0x1]
 8049fb5:	00 00                	add    BYTE PTR [eax],al
 8049fb7:	00 f0                	add    al,dh
 8049fb9:	ff                   	(bad)  
 8049fba:	ff 6f 32             	jmp    FWORD PTR [edi+0x32]
 8049fbd:	82                   	(bad)  
 8049fbe:	04 08                	add    al,0x8
	...

Disassembly of section .got:

08049ff0 <.got>:
 8049ff0:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .got.plt:

08049ff4 <_GLOBAL_OFFSET_TABLE_>:
 8049ff4:	28 9f 04 08 00 00    	sub    BYTE PTR [edi+0x804],bl
 8049ffa:	00 00                	add    BYTE PTR [eax],al
 8049ffc:	00 00                	add    BYTE PTR [eax],al
 8049ffe:	00 00                	add    BYTE PTR [eax],al
 804a000:	ba 82 04 08 ca       	mov    edx,0xca080482
 804a005:	82                   	(bad)  
 804a006:	04 08                	add    al,0x8

Disassembly of section .data:

0804a008 <__data_start>:
 804a008:	00 00                	add    BYTE PTR [eax],al
	...

0804a00c <__dso_handle>:
 804a00c:	00 00                	add    BYTE PTR [eax],al
	...

0804a010 <msg>:
 804a010:	48                   	dec    eax
 804a011:	65                   	gs
 804a012:	6c                   	ins    BYTE PTR es:[edi],dx
 804a013:	6c                   	ins    BYTE PTR es:[edi],dx
 804a014:	6f                   	outs   dx,DWORD PTR ds:[esi]
 804a015:	20 57 6f             	and    BYTE PTR [edi+0x6f],dl
 804a018:	72 6c                	jb     804a086 <_end+0x62>
 804a01a:	64                   	fs
 804a01b:	0a                   	.byte 0xa

Disassembly of section .bss:

0804a01c <completed.6155>:
 804a01c:	00 00                	add    BYTE PTR [eax],al
	...

0804a020 <dtor_idx.6157>:
 804a020:	00 00                	add    BYTE PTR [eax],al
	...

Disassembly of section .comment:

00000000 <.comment>:
   0:	47                   	inc    edi
   1:	43                   	inc    ebx
   2:	43                   	inc    ebx
   3:	3a 20                	cmp    ah,BYTE PTR [eax]
   5:	28 55 62             	sub    BYTE PTR [ebp+0x62],dl
   8:	75 6e                	jne    78 <len+0x6c>
   a:	74 75                	je     81 <len+0x75>
   c:	2f                   	das    
   d:	4c                   	dec    esp
   e:	69 6e 61 72 6f 20 34 	imul   ebp,DWORD PTR [esi+0x61],0x34206f72
  15:	2e                   	cs
  16:	35 2e 32 2d 38       	xor    eax,0x382d322e
  1b:	75 62                	jne    7f <len+0x73>
  1d:	75 6e                	jne    8d <len+0x81>
  1f:	74 75                	je     96 <len+0x8a>
  21:	34 29                	xor    al,0x29
  23:	20 34 2e             	and    BYTE PTR [esi+ebp*1],dh
  26:	35 2e 32 00 47       	xor    eax,0x4700322e
  2b:	43                   	inc    ebx
  2c:	43                   	inc    ebx
  2d:	3a 20                	cmp    ah,BYTE PTR [eax]
  2f:	28 55 62             	sub    BYTE PTR [ebp+0x62],dl
  32:	75 6e                	jne    a2 <len+0x96>
  34:	74 75                	je     ab <len+0x9f>
  36:	2f                   	das    
  37:	4c                   	dec    esp
  38:	69 6e 61 72 6f 20 34 	imul   ebp,DWORD PTR [esi+0x61],0x34206f72
  3f:	2e                   	cs
  40:	35 2e 32 2d 38       	xor    eax,0x382d322e
  45:	75 62                	jne    a9 <len+0x9d>
  47:	75 6e                	jne    b7 <len+0xab>
  49:	74 75                	je     c0 <len+0xb4>
  4b:	33 29                	xor    ebp,DWORD PTR [ecx]
  4d:	20 34 2e             	and    BYTE PTR [esi+ebp*1],dh
  50:	35                   	.byte 0x35
  51:	2e 32 00             	xor    al,BYTE PTR cs:[eax]
Doing objdump -s ...etc I found that the starting address is at low and behold the <_start>
function in the .text section

To make things alittle bit more read able I will disassembly just the code sections
using objdump -d -M intel hello

gives a subset of the above

Code: Select all

hello:     file format elf32-i386


Disassembly of section .init:

08048274 <_init>:
 8048274:	55                   	push   ebp
 8048275:	89 e5                	mov    ebp,esp
 8048277:	53                   	push   ebx
 8048278:	83 ec 04             	sub    esp,0x4
 804827b:	e8 00 00 00 00       	call   8048280 <_init+0xc>
 8048280:	5b                   	pop    ebx
 8048281:	81 c3 74 1d 00 00    	add    ebx,0x1d74
 8048287:	8b 93 fc ff ff ff    	mov    edx,DWORD PTR [ebx-0x4]
 804828d:	85 d2                	test   edx,edx
 804828f:	74 05                	je     8048296 <_init+0x22>
 8048291:	e8 1e 00 00 00       	call   80482b4 <__gmon_start__@plt>
 8048296:	e8 d5 00 00 00       	call   8048370 <frame_dummy>
 804829b:	e8 a0 01 00 00       	call   8048440 <__do_global_ctors_aux>
 80482a0:	58                   	pop    eax
 80482a1:	5b                   	pop    ebx
 80482a2:	c9                   	leave  
 80482a3:	c3                   	ret    

Disassembly of section .plt:

080482a4 <__gmon_start__@plt-0x10>:
 80482a4:	ff 35 f8 9f 04 08    	push   DWORD PTR ds:0x8049ff8
 80482aa:	ff 25 fc 9f 04 08    	jmp    DWORD PTR ds:0x8049ffc
 80482b0:	00 00                	add    BYTE PTR [eax],al
	...

080482b4 <__gmon_start__@plt>:
 80482b4:	ff 25 00 a0 04 08    	jmp    DWORD PTR ds:0x804a000
 80482ba:	68 00 00 00 00       	push   0x0
 80482bf:	e9 e0 ff ff ff       	jmp    80482a4 <_init+0x30>

080482c4 <__libc_start_main@plt>:
 80482c4:	ff 25 04 a0 04 08    	jmp    DWORD PTR ds:0x804a004
 80482ca:	68 08 00 00 00       	push   0x8
 80482cf:	e9 d0 ff ff ff       	jmp    80482a4 <_init+0x30>

Disassembly of section .text:

080482e0 <_start>:
 80482e0:	31 ed                	xor    ebp,ebp
 80482e2:	5e                   	pop    esi
 80482e3:	89 e1                	mov    ecx,esp
 80482e5:	83 e4 f0             	and    esp,0xfffffff0
 80482e8:	50                   	push   eax
 80482e9:	54                   	push   esp
 80482ea:	52                   	push   edx
 80482eb:	68 30 84 04 08       	push   0x8048430
 80482f0:	68 d0 83 04 08       	push   0x80483d0
 80482f5:	51                   	push   ecx
 80482f6:	56                   	push   esi
 80482f7:	68 a0 83 04 08       	push   0x80483a0
 80482fc:	e8 c3 ff ff ff       	call   80482c4 <__libc_start_main@plt>
 8048301:	f4                   	hlt    
 8048302:	90                   	nop
 8048303:	90                   	nop
 8048304:	90                   	nop
 8048305:	90                   	nop
 8048306:	90                   	nop
 8048307:	90                   	nop
 8048308:	90                   	nop
 8048309:	90                   	nop
 804830a:	90                   	nop
 804830b:	90                   	nop
 804830c:	90                   	nop
 804830d:	90                   	nop
 804830e:	90                   	nop
 804830f:	90                   	nop

08048310 <__do_global_dtors_aux>:
 8048310:	55                   	push   ebp
 8048311:	89 e5                	mov    ebp,esp
 8048313:	53                   	push   ebx
 8048314:	83 ec 04             	sub    esp,0x4
 8048317:	80 3d 1c a0 04 08 00 	cmp    BYTE PTR ds:0x804a01c,0x0
 804831e:	75 3f                	jne    804835f <__do_global_dtors_aux+0x4f>
 8048320:	a1 20 a0 04 08       	mov    eax,ds:0x804a020
 8048325:	bb 20 9f 04 08       	mov    ebx,0x8049f20
 804832a:	81 eb 1c 9f 04 08    	sub    ebx,0x8049f1c
 8048330:	c1 fb 02             	sar    ebx,0x2
 8048333:	83 eb 01             	sub    ebx,0x1
 8048336:	39 d8                	cmp    eax,ebx
 8048338:	73 1e                	jae    8048358 <__do_global_dtors_aux+0x48>
 804833a:	8d b6 00 00 00 00    	lea    esi,[esi+0x0]
 8048340:	83 c0 01             	add    eax,0x1
 8048343:	a3 20 a0 04 08       	mov    ds:0x804a020,eax
 8048348:	ff 14 85 1c 9f 04 08 	call   DWORD PTR [eax*4+0x8049f1c]
 804834f:	a1 20 a0 04 08       	mov    eax,ds:0x804a020
 8048354:	39 d8                	cmp    eax,ebx
 8048356:	72 e8                	jb     8048340 <__do_global_dtors_aux+0x30>
 8048358:	c6 05 1c a0 04 08 01 	mov    BYTE PTR ds:0x804a01c,0x1
 804835f:	83 c4 04             	add    esp,0x4
 8048362:	5b                   	pop    ebx
 8048363:	5d                   	pop    ebp
 8048364:	c3                   	ret    
 8048365:	8d 74 26 00          	lea    esi,[esi+eiz*1+0x0]
 8048369:	8d bc 27 00 00 00 00 	lea    edi,[edi+eiz*1+0x0]

08048370 <frame_dummy>:
 8048370:	55                   	push   ebp
 8048371:	89 e5                	mov    ebp,esp
 8048373:	83 ec 18             	sub    esp,0x18
 8048376:	a1 24 9f 04 08       	mov    eax,ds:0x8049f24
 804837b:	85 c0                	test   eax,eax
 804837d:	74 12                	je     8048391 <frame_dummy+0x21>
 804837f:	b8 00 00 00 00       	mov    eax,0x0
 8048384:	85 c0                	test   eax,eax
 8048386:	74 09                	je     8048391 <frame_dummy+0x21>
 8048388:	c7 04 24 24 9f 04 08 	mov    DWORD PTR [esp],0x8049f24
 804838f:	ff d0                	call   eax
 8048391:	c9                   	leave  
 8048392:	c3                   	ret    
 8048393:	90                   	nop
 8048394:	90                   	nop
 8048395:	90                   	nop
 8048396:	90                   	nop
 8048397:	90                   	nop
 8048398:	90                   	nop
 8048399:	90                   	nop
 804839a:	90                   	nop
 804839b:	90                   	nop
 804839c:	90                   	nop
 804839d:	90                   	nop
 804839e:	90                   	nop
 804839f:	90                   	nop

080483a0 <main>:
 80483a0:	ba 0c 00 00 00       	mov    edx,0xc
 80483a5:	b9 10 a0 04 08       	mov    ecx,0x804a010
 80483aa:	bb 01 00 00 00       	mov    ebx,0x1
 80483af:	b8 04 00 00 00       	mov    eax,0x4
 80483b4:	cd 80                	int    0x80
 80483b6:	bb 00 00 00 00       	mov    ebx,0x0
 80483bb:	b8 01 00 00 00       	mov    eax,0x1
 80483c0:	cd 80                	int    0x80
 80483c2:	90                   	nop
 80483c3:	90                   	nop
 80483c4:	90                   	nop
 80483c5:	90                   	nop
 80483c6:	90                   	nop
 80483c7:	90                   	nop
 80483c8:	90                   	nop
 80483c9:	90                   	nop
 80483ca:	90                   	nop
 80483cb:	90                   	nop
 80483cc:	90                   	nop
 80483cd:	90                   	nop
 80483ce:	90                   	nop
 80483cf:	90                   	nop

080483d0 <__libc_csu_init>:
 80483d0:	55                   	push   ebp
 80483d1:	89 e5                	mov    ebp,esp
 80483d3:	57                   	push   edi
 80483d4:	56                   	push   esi
 80483d5:	53                   	push   ebx
 80483d6:	e8 5a 00 00 00       	call   8048435 <__i686.get_pc_thunk.bx>
 80483db:	81 c3 19 1c 00 00    	add    ebx,0x1c19
 80483e1:	83 ec 1c             	sub    esp,0x1c
 80483e4:	e8 8b fe ff ff       	call   8048274 <_init>
 80483e9:	8d bb 20 ff ff ff    	lea    edi,[ebx-0xe0]
 80483ef:	8d 83 20 ff ff ff    	lea    eax,[ebx-0xe0]
 80483f5:	29 c7                	sub    edi,eax
 80483f7:	c1 ff 02             	sar    edi,0x2
 80483fa:	85 ff                	test   edi,edi
 80483fc:	74 24                	je     8048422 <__libc_csu_init+0x52>
 80483fe:	31 f6                	xor    esi,esi
 8048400:	8b 45 10             	mov    eax,DWORD PTR [ebp+0x10]
 8048403:	89 44 24 08          	mov    DWORD PTR [esp+0x8],eax
 8048407:	8b 45 0c             	mov    eax,DWORD PTR [ebp+0xc]
 804840a:	89 44 24 04          	mov    DWORD PTR [esp+0x4],eax
 804840e:	8b 45 08             	mov    eax,DWORD PTR [ebp+0x8]
 8048411:	89 04 24             	mov    DWORD PTR [esp],eax
 8048414:	ff 94 b3 20 ff ff ff 	call   DWORD PTR [ebx+esi*4-0xe0]
 804841b:	83 c6 01             	add    esi,0x1
 804841e:	39 fe                	cmp    esi,edi
 8048420:	72 de                	jb     8048400 <__libc_csu_init+0x30>
 8048422:	83 c4 1c             	add    esp,0x1c
 8048425:	5b                   	pop    ebx
 8048426:	5e                   	pop    esi
 8048427:	5f                   	pop    edi
 8048428:	5d                   	pop    ebp
 8048429:	c3                   	ret    
 804842a:	8d b6 00 00 00 00    	lea    esi,[esi+0x0]

08048430 <__libc_csu_fini>:
 8048430:	55                   	push   ebp
 8048431:	89 e5                	mov    ebp,esp
 8048433:	5d                   	pop    ebp
 8048434:	c3                   	ret    

08048435 <__i686.get_pc_thunk.bx>:
 8048435:	8b 1c 24             	mov    ebx,DWORD PTR [esp]
 8048438:	c3                   	ret    
 8048439:	90                   	nop
 804843a:	90                   	nop
 804843b:	90                   	nop
 804843c:	90                   	nop
 804843d:	90                   	nop
 804843e:	90                   	nop
 804843f:	90                   	nop

08048440 <__do_global_ctors_aux>:
 8048440:	55                   	push   ebp
 8048441:	89 e5                	mov    ebp,esp
 8048443:	53                   	push   ebx
 8048444:	83 ec 04             	sub    esp,0x4
 8048447:	a1 14 9f 04 08       	mov    eax,ds:0x8049f14
 804844c:	83 f8 ff             	cmp    eax,0xffffffff
 804844f:	74 13                	je     8048464 <__do_global_ctors_aux+0x24>
 8048451:	bb 14 9f 04 08       	mov    ebx,0x8049f14
 8048456:	66 90                	xchg   ax,ax
 8048458:	83 eb 04             	sub    ebx,0x4
 804845b:	ff d0                	call   eax
 804845d:	8b 03                	mov    eax,DWORD PTR [ebx]
 804845f:	83 f8 ff             	cmp    eax,0xffffffff
 8048462:	75 f4                	jne    8048458 <__do_global_ctors_aux+0x18>
 8048464:	83 c4 04             	add    esp,0x4
 8048467:	5b                   	pop    ebx
 8048468:	5d                   	pop    ebp
 8048469:	c3                   	ret    
 804846a:	90                   	nop
 804846b:	90                   	nop

Disassembly of section .fini:

0804846c <_fini>:
 804846c:	55                   	push   ebp
 804846d:	89 e5                	mov    ebp,esp
 804846f:	53                   	push   ebx
 8048470:	83 ec 04             	sub    esp,0x4
 8048473:	e8 00 00 00 00       	call   8048478 <_fini+0xc>
 8048478:	5b                   	pop    ebx
 8048479:	81 c3 7c 1b 00 00    	add    ebx,0x1b7c
 804847f:	e8 8c fe ff ff       	call   8048310 <__do_global_dtors_aux>
 8048484:	59                   	pop    ecx
 8048485:	5b                   	pop    ebx
 8048486:	c9                   	leave  
 8048487:	c3                   	ret    


My problem is this go thru the code
start does stuff pushs 3 important address on the stack

Code: Select all

	push   0x8048430
    	push   0x80483d0
       	push   0x80483a0
one being your main address and then calls

Code: Select all

call   80482c4 <__libc_start_main@plt>
which
goes to here

Code: Select all

080482c4 <__libc_start_main@plt>:
 80482c4:	ff 25 04 a0 04 08    	jmp    DWORD PTR ds:0x804a004
 80482ca:	68 08 00 00 00       	push   0x8
 80482cf:	e9 d0 ff ff ff       	jmp    80482a4 <_init+0x30>
my problem is it does a jmp DWORD PTR ds:0x804a004 where is this going ? Since I cann't few what is in ds:0x804a004 when I do a full objdump -D ?

So more generally my trouble is understanding the Disassemblied functions of the .plt: section those 3 jmp parts or 3 functions just lose it when it comes to the flow

Code: Select all

080482a4 <__gmon_start__@plt-0x10>:
080482b4 <__gmon_start__@plt>:
080482c4 <__libc_start_main@plt>:
I am assuming the ds:0x804a004 ptrs ,...etc point to a external library but don't know where these libraries return you to in your code when they are finished?
Last edited by Sam111 on Mon Apr 02, 2012 1:10 pm, edited 2 times in total.
User avatar
Combuster
Member
Member
Posts: 9301
Joined: Wed Oct 18, 2006 3:45 am
Libera.chat IRC: [com]buster
Location: On the balcony, where I can actually keep 1½m distance
Contact:

Re: traversing an elf binary ?

Post by Combuster »

This is not even part of a section
I just found your missing eyeballs.
"Certainly avoid yourself. He is a newbie and might not realize it. You'll hate his code deeply a few years down the road." - Sortie
[ My OS ] [ VDisk/SFS ]
User avatar
Sam111
Member
Member
Posts: 385
Joined: Mon Nov 03, 2008 6:06 pm

Re: traversing an elf binary ?

Post by Sam111 »

Corrected my miss wordings.
If I cann't figure out where they go or read into them further .... then I just really want to know where they return to in the elf code. ( think they are jmps into the GOT since 804a000 is in 08049ff4 <_GLOBAL_OFFSET_TABLE_>: )

Question 2

Code: Select all

080482a4 <__gmon_start__@plt-0x10>:
 80482a4:	ff 35 f8 9f 04 08    	push   DWORD PTR ds:0x8049ff8
 80482aa:	ff 25 fc 9f 04 08    	jmp    DWORD PTR ds:0x8049ffc
 80482b0:	00 00                	add    BYTE PTR [eax],al
	...
why the ... is that mean objdump is not showing me all the code for __gmon_start__@plt-0x10 function this seems to be the only text/code function that has this property ?

But then I have 080482b4 <__gmon_start__@plt>: so there cann't be to much between there ? SO why the ...

It stands out like a sore thumb and is bothering me

I am assuming though the jmps in .plt section returns me back to the .plt function which then calls into .init function which then calls

Code: Select all

 8048291:	e8 1e 00 00 00       	call   80482b4 <__gmon_start__@plt>
 8048296:	e8 d5 00 00 00       	call   8048370 <frame_dummy>
 804829b:	e8 a0 01 00 00       	call   8048440 <__do_global_ctors_aux>
But of course this is a guess
Since I am still unsure about jmp ptrs in the .plt section where they return back to in the elf code I am thinking the next instruction in the .plt section i.e

Code: Select all

80482ba:	68 00 00 00 00       	push   0x0
 80482bf:	e9 e0 ff ff ff       	jmp    80482a4 <_init+0x30>
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: traversing an elf binary ?

Post by Solar »

Sam111 wrote:objdump -D -M intel hello //note this is dissassembling all the sections including the non-code sections

[...16 screens full of disassembly...]

To make things alittle bit more read able I will disassembly just the code sections
using objdump -d -M intel hello

gives a subset of the above

[...7 screens full of disassembly, being a subset of the previous as the poster himself noted.]

[Asking a question that fits a single screen, for which the above dumps are unnecessary.]
You, sir, should be forbidden the use of an internet connection.
Every good solution is obvious once you've found it.
Locked