Strip labels but not function calls from binary

Question

So recently I've been writing programs with NASM assembly, and whenever I would add a label for some jump/loop, I noticed that objdump and gdb would treat it as a separate section, like so:

hello.o:     file format elf64-x86-64


Disassembly of section .text:

0000000000000000 <_start>:
   0:   48 31 c0                xor    rax,rax

0000000000000003 <_start_loop>:
   3:   50                      push   rax
   4:   48 83 e0 01             and    rax,0x1
   8:   75 0c                   jne    16 <_start_nope>
   a:   68 00 00 00 00          push   0x0
   f:   e8 22 00 00 00          call   36 <print>
  14:   eb 0a                   jmp    20 <_start_check>

0000000000000016 <_start_nope>:
  16:   68 00 00 00 00          push   0x0
  1b:   e8 16 00 00 00          call   36 <print>

0000000000000020 <_start_check>:
  20:   58                      pop    rax
  21:   48 ff c0                inc    rax
  24:   48 83 f8 0a             cmp    rax,0xa
  28:   75 d9                   jne    3 <_start_loop>
  2a:   b8 3c 00 00 00          mov    eax,0x3c
  2f:   bf 00 00 00 00          mov    edi,0x0
  34:   0f 05                   syscall 

0000000000000036 <print>:
  36:   48 8b 74 24 08          mov    rsi,QWORD PTR [rsp+0x8]
  3b:   56                      push   rsi
  3c:   e8 12 00 00 00          call   53 <strlen>
  41:   48 89 c2                mov    rdx,rax
  44:   bf 01 00 00 00          mov    edi,0x1
  49:   b8 01 00 00 00          mov    eax,0x1
  4e:   0f 05                   syscall 
  50:   c2 08 00                ret    0x8

0000000000000053 <strlen>:
  53:   48 8b 5c 24 08          mov    rbx,QWORD PTR [rsp+0x8]
  58:   48 31 c0                xor    rax,rax

000000000000005b <strlen_begin>:
  5b:   8a 0c 03                mov    cl,BYTE PTR [rbx+rax*1]
  5e:   84 c9                   test   cl,cl
  60:   74 05                   je     67 <strlen_done>
  62:   48 ff c0                inc    rax
  65:   eb f4                   jmp    5b <strlen_begin>

0000000000000067 <strlen_done>:
  67:   c2 08 00                ret    0x8

I want to be able to effectively strip out labels such as _start_nope but keep the labels of functions, such as _start, print, and strlen. Is there any way I can do this?

So basically in the end I want hello.o to look like

hello.o:     file format elf64-x86-64


Disassembly of section .text:

0000000000000000 <_start>:
   0:   48 31 c0                xor    rax,rax
   3:   50                      push   rax
   4:   48 83 e0 01             and    rax,0x1
   8:   75 0c                   jne    0x16
   a:   68 00 00 00 00          push   0x0
   f:   e8 22 00 00 00          call   0x36 <print>
  14:   eb 0a                   jmp    0x20
  16:   68 00 00 00 00          push   0x0
  1b:   e8 16 00 00 00          call   0x36 <print>
  20:   58                      pop    rax
  21:   48 ff c0                inc    rax
  24:   48 83 f8 0a             cmp    rax,0xa
  28:   75 d9                   jne    0x3
  2a:   b8 3c 00 00 00          mov    eax,0x3c
  2f:   bf 00 00 00 00          mov    edi,0x0
  34:   0f 05                   syscall 

0000000000000036 <print>:
  36:   48 8b 74 24 08          mov    rsi,QWORD PTR [rsp+0x8]
  3b:   56                      push   rsi
  3c:   e8 12 00 00 00          call   0x53 <strlen>
  41:   48 89 c2                mov    rdx,rax
  44:   bf 01 00 00 00          mov    edi,0x1
  49:   b8 01 00 00 00          mov    eax,0x1
  4e:   0f 05                   syscall 
  50:   c2 08 00                ret    0x8

0000000000000053 <strlen>:
  53:   48 8b 5c 24 08          mov    rbx,QWORD PTR [rsp+0x8]
  58:   48 31 c0                xor    rax,rax
  5b:   8a 0c 03                mov    cl,BYTE PTR [rbx+rax*1]
  5e:   84 c9                   test   cl,cl
  60:   74 05                   je     0x67
  62:   48 ff c0                inc    rax
  65:   eb f4                   jmp    0x5b
  67:   c2 08 00                ret    0x8

That basically just generates sections that look like `_start._start_nope` — incertia, Dec 15 '13 at 20:55
"I want to be able to effectively strip out labels such as `_start_nope` but keep the labels of functions..." Please define **a function in disassembly terms**. A function is a higher-level programming language construct. In assembly you have only jumps (`jmp` and conditions jumps), `call`'s and `ret`'s. One way to define a function in disassembly terms is **from a label that is `call`'ed to the first `ret`**. Other way is **from a label that is `call`'ed to the next label that is `call`'ed**. What you ask can be done, but please clarify the problem. Which definition of a function you mean? — nrz, Dec 15 '13 at 21:54
Possibly related: http://stackoverflow.com/questions/20506524/can-i-combine-all-the-sections-objdump-s-d-elf-file-generate-into-a-re-assem/20510168 (if converting the `objdump` disassembly into an assembly source and then reassembling and relinking is a valid approach). — nrz, Dec 15 '13 at 22:08
It would be a label that is `call`ed until it hits a `ret` (and guaranteed to hit a `ret`) — incertia, Dec 16 '13 at 02:33
I am also able to manually do the stripping by keeping whatever I want with `strip -K strlen -K _start -K print -K fail -K ohai hello.o`, but this gets very tedious after a while. Is there a way of automating this? — incertia, Dec 16 '13 at 05:10
If you're using Linux, you can write eg. a `bash` script that executes `strip` with the parameters you need. — nrz, Dec 16 '13 at 19:14

score 0 · Answer 1 · answered Dec 15 '13 at 22:19

0

NAMS also supports "special local labels" starting with ..@ for example

..@lbl:  nop
         jmp ..@lbl

See here. Unfortunately, I couldn't find anything regarding anonymous symbols which I think is what you're asking for.

answered Dec 15 '13 at 22:19

Jens

8,423
9
58
78

Strip labels but not function calls from binary

1 Answers1