使用objdump反汇编Linux内核
[英]disassembly Linux kernel using objdump
问题描述
If I try to disassem Linux kernel, it takes quite long time due to the big size of Linux elf-binary. 
如果我尝试取消Linux内核的安装,由于Linux elf-binary的大小很大,因此需要花费很长时间。
Is there a way to only disassem a function or a symbol, for instance start_kernel function? 有没有办法仅取消对函数或符号的取消赋值,例如start_kernel函数?
What I don't want is to use grep, since it anyway takes very long time. 我不想要使用grep,因为无论如何它都需要很长时间。
2 个解决方案
解决方案1
1 2014-03-21 07:36:07
Unless you have compiled kernel with debugging symbols included, there are no symbols for objdump to use. 除非您已编译包含调试符号的内核,否则objdump不会使用任何符号。 It is highly unlikely the kernel binary has debugging symbols included, unless you've specifically compiled it with such options. 除非您已使用此类选项专门编译了内核二进制文件,否则极不可能包含调试符号。
In case your kernel binary does have debugging symbols, they can be found using nm -g and then further used with objdump -j <symbol> . 如果您的内核二进制文件确实具有调试符号,则可以使用nm -g找到它们,然后再与objdump -j <symbol> 。
解决方案2
0 2015-10-08 05:32:55
You can not disassemble particular function or symbol alone but instead of full kernel image, you can disassemble specific object file. 您不能单独反汇编特定的函数或符号,而是可以反汇编特定的目标文件,而不是完整的内核映像。
ex. 恩。
objdump -DS XYZ.o > XYZ.S
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.