-2

I have an elf file of a very big code base (kernel). I want to convert it to assembly code. I have base address of a function and offset of the instruction. Using this information, I want to get the specific instruction. I have used "objdump -b binary -m i386 -D file.elf" to get assembly code from elf file, but it is generating 4GB of data. I have also referred to this Can I give objdump an address and have it disassemble the containing function? but it is also not working for me.

sbolel
  • 3,486
  • 28
  • 45
Aparna Kumari
  • 69
  • 7
  • Why is this tagged linux-kernel? If what you are attempting to look at is a binary kernel you should say so, and be specific about which format (as it is usually mostly compressed and therefore unintelligible by objdump). If not, please remove the inapplicable tag. – Chris Stratton Jan 20 '18 at 23:49

2 Answers2

2

You can limit objdump output with --start-address and --stop-address options.

For process code only for the single function, values for these options can be taken from readelf -s output, which contains start address of the function in the section and the function's size, and from readelf -S output, which contains address of the section with the function:

--start-address=<section_start + function_start>
--stop-address=<section_start + function_start + function_size>
Tsyvarev
  • 60,011
  • 17
  • 110
  • 153
  • I tried but I am getting this error : objdump: --start-address: bad number: ffff000008081891 – Aparna Kumari Jan 20 '18 at 09:16
  • Didn't you forget to add `0x` before hexadecimal value? – Tsyvarev Jan 20 '18 at 09:31
  • yes... after adding 0x it is not giving bad number error... thank you... but now.. I am still not getting output ... this is the command :- objdump -b binary -m i386 --start-address=0xffff000008081890 --stop-address=0xffff000008081bf4 elf_file and output is elf_file: file format binary – Aparna Kumari Jan 20 '18 at 09:41
  • Make sure that you pass proper *--start-address*. Note, that it should be sum of section's start address (functions are usually contains in `.text` section) and offset of the function within that section (this is what `readelf - s` shows). – Tsyvarev Jan 20 '18 at 09:47
0

I want to convert it to assembly code.

gdb -q ./elf_file
(gdb) set height 0    # prevent pagination
(gdb) set logging on  # output will be mirrored in gdb.txt
(gdb) disassemble 0xffff000008081890 0xffff000008081bf5
(gdb) quit

Enjoy!

Employed Russian
  • 199,314
  • 34
  • 295
  • 362