0

I am working on disassembling PE files to assembly using Objdump. Using this command:

objdump -M intel -d File.exe

The Output is:

00401000 <___mingw_CRTStartup>:
401000:       53                      push   ebx
401001:       83 ec 38                sub    esp,0x38
401004:       a1 98 30 40 00          mov    eax,ds:0x403098
401009:       85 c0                   test   eax,eax
40100b:       74 1c                   je     401029   
<___mingw_CRTStartup+0x29>
40100d:       c7 44 24 08 00 00 00    mov    DWORD PTR [esp+0x8],0x0
401014:       00
401015:       c7 44 24 04 02 00 00    mov    DWORD PTR [esp+0x4],0x2
40101c:       00
40101d:       c7 04 24 00 00 00 00    mov    DWORD PTR [esp],0x0
401024:       ff d0                   call   eax
401026:       83 ec 0c                sub    esp,0xc
401029:       c7 04 24 10 11 40 00    mov    DWORD PTR [esp],0x401110
401030:       e8 bb 0c 00 00          call   401cf0   
<_SetUnhandledExceptionFilter@4>

This command prints all the sections in a file. Is there any way to specify the section name to print only those sections?

Like i just want <.text> section, so Command should print the assembly coding of only ".text" section.

Thanks

M Haris Khan
  • 55
  • 9

1 Answers1

2
objdump -M intel -j .text -d File.exe

Accomplish what you want. From the man of objdump : 

-j name
--section=name
  Display information only for section name.
cydef
  • 417
  • 3
  • 10
  • Thanks alot! i was very confused using it. Does Objdump allows us to write the generated data to a text file? if yes, then how it can be done – M Haris Khan Feb 28 '18 at 12:48
  • I think when you have a separated question you should create a separate thread. But since it's a really basic linux concept, here is how to : objdump -M intel -j .text -d File.exe > some/text/file. it's called a redirection, look for it it's pretty useful. – cydef Feb 28 '18 at 12:50