linux帮忙反汇编一下
截屏看一下文件内容 本帖最后由 人造人 于 2023-10-23 19:49 编辑checkin: file format elf64-x86-64
Disassembly of section .init:
0000000000401000 <_init>:
401000: f3 0f 1e fa endbr64
401004: 48 83 ec 08 subq $0x8,%rsp
401008: 48 8b 05 e9 2f 00 00 movq 0x2fe9(%rip),%rax # 403ff8 <__gmon_start__>
40100f: 48 85 c0 testq%rax,%rax
401012: 74 02 je 401016 <_init+0x16>
401014: ff d0 callq*%rax
401016: 48 83 c4 08 addq $0x8,%rsp
40101a: c3 retq
Disassembly of section .plt:
0000000000401020 <.plt>:
401020: ff 35 e2 2f 00 00 pushq0x2fe2(%rip) # 404008 <_GLOBAL_OFFSET_TABLE_+0x8>
401026: ff 25 e4 2f 00 00 jmpq *0x2fe4(%rip) # 404010 <_GLOBAL_OFFSET_TABLE_+0x10>
40102c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000401030 <puts@plt>:
401030: ff 25 e2 2f 00 00 jmpq *0x2fe2(%rip) # 404018 <puts@GLIBC_2.2.5>
401036: 68 00 00 00 00 pushq$0x0
40103b: e9 e0 ff ff ff jmpq 401020 <.plt>
0000000000401040 <system@plt>:
401040: ff 25 da 2f 00 00 jmpq *0x2fda(%rip) # 404020 <system@GLIBC_2.2.5>
401046: 68 01 00 00 00 pushq$0x1
40104b: e9 d0 ff ff ff jmpq 401020 <.plt>
0000000000401050 <read@plt>:
401050: ff 25 d2 2f 00 00 jmpq *0x2fd2(%rip) # 404028 <read@GLIBC_2.2.5>
401056: 68 02 00 00 00 pushq$0x2
40105b: e9 c0 ff ff ff jmpq 401020 <.plt>
0000000000401060 <setvbuf@plt>:
401060: ff 25 ca 2f 00 00 jmpq *0x2fca(%rip) # 404030 <setvbuf@GLIBC_2.2.5>
401066: 68 03 00 00 00 pushq$0x3
40106b: e9 b0 ff ff ff jmpq 401020 <.plt>
Disassembly of section .text:
0000000000401070 <_start>:
401070: f3 0f 1e fa endbr64
401074: 31 ed xorl %ebp,%ebp
401076: 49 89 d1 movq %rdx,%r9
401079: 5e popq %rsi
40107a: 48 89 e2 movq %rsp,%rdx
40107d: 48 83 e4 f0 andq $0xfffffffffffffff0,%rsp
401081: 50 pushq%rax
401082: 54 pushq%rsp
401083: 49 c7 c0 30 13 40 00 movq $0x401330,%r8
40108a: 48 c7 c1 c0 12 40 00 movq $0x4012c0,%rcx
401091: 48 c7 c7 6d 12 40 00 movq $0x40126d,%rdi
401098: ff 15 52 2f 00 00 callq*0x2f52(%rip) # 403ff0 <__libc_start_main@GLIBC_2.2.5>
40109e: f4 hlt
40109f: 90 nop
00000000004010a0 <_dl_relocate_static_pie>:
4010a0: f3 0f 1e fa endbr64
4010a4: c3 retq
4010a5: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1)
4010ac: 00 00 00
4010af: 90 nop
00000000004010b0 <deregister_tm_clones>:
4010b0: b8 48 40 40 00 movl $0x404048,%eax
4010b5: 48 3d 48 40 40 00 cmpq $0x404048,%rax
4010bb: 74 13 je 4010d0 <deregister_tm_clones+0x20>
4010bd: b8 00 00 00 00 movl $0x0,%eax
4010c2: 48 85 c0 testq%rax,%rax
4010c5: 74 09 je 4010d0 <deregister_tm_clones+0x20>
4010c7: bf 48 40 40 00 movl $0x404048,%edi
4010cc: ff e0 jmpq *%rax
4010ce: 66 90 xchgw%ax,%ax
4010d0: c3 retq
4010d1: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
4010d8: 00 00 00 00
4010dc: 0f 1f 40 00 nopl 0x0(%rax)
00000000004010e0 <register_tm_clones>:
4010e0: be 48 40 40 00 movl $0x404048,%esi
4010e5: 48 81 ee 48 40 40 00 subq $0x404048,%rsi
4010ec: 48 89 f0 movq %rsi,%rax
4010ef: 48 c1 ee 3f shrq $0x3f,%rsi
4010f3: 48 c1 f8 03 sarq $0x3,%rax
4010f7: 48 01 c6 addq %rax,%rsi
4010fa: 48 d1 fe sarq %rsi
4010fd: 74 11 je 401110 <register_tm_clones+0x30>
4010ff: b8 00 00 00 00 movl $0x0,%eax
401104: 48 85 c0 testq%rax,%rax
401107: 74 07 je 401110 <register_tm_clones+0x30>
401109: bf 48 40 40 00 movl $0x404048,%edi
40110e: ff e0 jmpq *%rax
401110: c3 retq
401111: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
401118: 00 00 00 00
40111c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000401120 <__do_global_dtors_aux>:
401120: f3 0f 1e fa endbr64
401124: 80 3d 3d 2f 00 00 00 cmpb $0x0,0x2f3d(%rip) # 404068 <completed.0>
40112b: 75 13 jne 401140 <__do_global_dtors_aux+0x20>
40112d: 55 pushq%rbp
40112e: 48 89 e5 movq %rsp,%rbp
401131: e8 7a ff ff ff callq4010b0 <deregister_tm_clones>
401136: c6 05 2b 2f 00 00 01 movb $0x1,0x2f2b(%rip) # 404068 <completed.0>
40113d: 5d popq %rbp
40113e: c3 retq
40113f: 90 nop
401140: c3 retq
401141: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
401148: 00 00 00 00
40114c: 0f 1f 40 00 nopl 0x0(%rax)
0000000000401150 <frame_dummy>:
401150: f3 0f 1e fa endbr64
401154: eb 8a jmp 4010e0 <register_tm_clones>
0000000000401156 <back1>:
401156: 55 pushq%rbp
401157: 48 89 e5 movq %rsp,%rbp
40115a: bf 08 20 40 00 movl $0x402008,%edi
40115f: e8 dc fe ff ff callq401040 <system@plt>
401164: 90 nop
401165: 5d popq %rbp
401166: c3 retq
0000000000401167 <back2>:
401167: 55 pushq%rbp
401168: 48 89 e5 movq %rsp,%rbp
40116b: bf 10 20 40 00 movl $0x402010,%edi
401170: e8 cb fe ff ff callq401040 <system@plt>
401175: 90 nop
401176: 5d popq %rbp
401177: c3 retq
0000000000401178 <back3>:
401178: 55 pushq%rbp
401179: 48 89 e5 movq %rsp,%rbp
40117c: bf 18 20 40 00 movl $0x402018,%edi
401181: e8 ba fe ff ff callq401040 <system@plt>
401186: 90 nop
401187: 5d popq %rbp
401188: c3 retq
0000000000401189 <back4>:
401189: 55 pushq%rbp
40118a: 48 89 e5 movq %rsp,%rbp
40118d: bf 20 20 40 00 movl $0x402020,%edi
401192: e8 a9 fe ff ff callq401040 <system@plt>
401197: 90 nop
401198: 5d popq %rbp
401199: c3 retq
000000000040119a <back5>:
40119a: 55 pushq%rbp
40119b: 48 89 e5 movq %rsp,%rbp
40119e: bf 28 20 40 00 movl $0x402028,%edi
4011a3: e8 98 fe ff ff callq401040 <system@plt>
4011a8: 90 nop
4011a9: 5d popq %rbp
4011aa: c3 retq
00000000004011ab <back6>:
4011ab: 55 pushq%rbp
4011ac: 48 89 e5 movq %rsp,%rbp
4011af: bf 30 20 40 00 movl $0x402030,%edi
4011b4: e8 87 fe ff ff callq401040 <system@plt>
4011b9: 90 nop
4011ba: 5d popq %rbp
4011bb: c3 retq
00000000004011bc <back7>:
4011bc: 55 pushq%rbp
4011bd: 48 89 e5 movq %rsp,%rbp
4011c0: bf 38 20 40 00 movl $0x402038,%edi
4011c5: e8 76 fe ff ff callq401040 <system@plt>
4011ca: 90 nop
4011cb: 5d popq %rbp
4011cc: c3 retq
00000000004011cd <back8>:
4011cd: 55 pushq%rbp
4011ce: 48 89 e5 movq %rsp,%rbp
4011d1: bf 40 20 40 00 movl $0x402040,%edi
4011d6: e8 65 fe ff ff callq401040 <system@plt>
4011db: 90 nop
4011dc: 5d popq %rbp
4011dd: c3 retq
00000000004011de <back9>:
4011de: 55 pushq%rbp
4011df: 48 89 e5 movq %rsp,%rbp
4011e2: bf 48 20 40 00 movl $0x402048,%edi
4011e7: e8 54 fe ff ff callq401040 <system@plt>
4011ec: 90 nop
4011ed: 5d popq %rbp
4011ee: c3 retq
00000000004011ef <back10>:
4011ef: 55 pushq%rbp
4011f0: 48 89 e5 movq %rsp,%rbp
4011f3: bf 50 20 40 00 movl $0x402050,%edi
4011f8: e8 43 fe ff ff callq401040 <system@plt>
4011fd: 90 nop
4011fe: 5d popq %rbp
4011ff: c3 retq
0000000000401200 <back11>:
401200: 55 pushq%rbp
401201: 48 89 e5 movq %rsp,%rbp
401204: bf 58 20 40 00 movl $0x402058,%edi
401209: e8 32 fe ff ff callq401040 <system@plt>
40120e: 90 nop
40120f: 5d popq %rbp
401210: c3 retq
0000000000401211 <back12>:
401211: 55 pushq%rbp
401212: 48 89 e5 movq %rsp,%rbp
401215: bf 60 20 40 00 movl $0x402060,%edi
40121a: e8 21 fe ff ff callq401040 <system@plt>
40121f: 90 nop
401220: 5d popq %rbp
401221: c3 retq
0000000000401222 <back13>:
401222: 55 pushq%rbp
401223: 48 89 e5 movq %rsp,%rbp
401226: bf 68 20 40 00 movl $0x402068,%edi
40122b: e8 10 fe ff ff callq401040 <system@plt>
401230: 90 nop
401231: 5d popq %rbp
401232: c3 retq
0000000000401233 <vul>:
401233: 55 pushq%rbp
401234: 48 89 e5 movq %rsp,%rbp
401237: 48 83 ec 10 subq $0x10,%rsp
40123b: bf 70 20 40 00 movl $0x402070,%edi
401240: e8 eb fd ff ff callq401030 <puts@plt>
401245: 48 8d 45 f0 leaq -0x10(%rbp),%rax
401249: ba 1a 00 00 00 movl $0x1a,%edx
40124e: 48 89 c6 movq %rax,%rsi
401251: bf 00 00 00 00 movl $0x0,%edi
401256: b8 00 00 00 00 movl $0x0,%eax
40125b: e8 f0 fd ff ff callq401050 <read@plt>
401260: bf 8f 20 40 00 movl $0x40208f,%edi
401265: e8 c6 fd ff ff callq401030 <puts@plt>
40126a: 90 nop
40126b: c9 leaveq
40126c: c3 retq
000000000040126d <main>:
40126d: 55 pushq%rbp
40126e: 48 89 e5 movq %rsp,%rbp
401271: 48 8b 05 d8 2d 00 00 movq 0x2dd8(%rip),%rax # 404050 <stdout@GLIBC_2.2.5>
401278: b9 00 00 00 00 movl $0x0,%ecx
40127d: ba 02 00 00 00 movl $0x2,%edx
401282: be 00 00 00 00 movl $0x0,%esi
401287: 48 89 c7 movq %rax,%rdi
40128a: e8 d1 fd ff ff callq401060 <setvbuf@plt>
40128f: 48 8b 05 ca 2d 00 00 movq 0x2dca(%rip),%rax # 404060 <stdin@GLIBC_2.2.5>
401296: b9 00 00 00 00 movl $0x0,%ecx
40129b: ba 02 00 00 00 movl $0x2,%edx
4012a0: be 00 00 00 00 movl $0x0,%esi
4012a5: 48 89 c7 movq %rax,%rdi
4012a8: e8 b3 fd ff ff callq401060 <setvbuf@plt>
4012ad: b8 00 00 00 00 movl $0x0,%eax
4012b2: e8 7c ff ff ff callq401233 <vul>
4012b7: b8 00 00 00 00 movl $0x0,%eax
4012bc: 5d popq %rbp
4012bd: c3 retq
4012be: 66 90 xchgw%ax,%ax
00000000004012c0 <__libc_csu_init>:
4012c0: f3 0f 1e fa endbr64
4012c4: 41 57 pushq%r15
4012c6: 4c 8d 3d 33 2b 00 00 leaq 0x2b33(%rip),%r15 # 403e00 <__frame_dummy_init_array_entry>
4012cd: 41 56 pushq%r14
4012cf: 49 89 d6 movq %rdx,%r14
4012d2: 41 55 pushq%r13
4012d4: 49 89 f5 movq %rsi,%r13
4012d7: 41 54 pushq%r12
4012d9: 41 89 fc movl %edi,%r12d
4012dc: 55 pushq%rbp
4012dd: 48 8d 2d 24 2b 00 00 leaq 0x2b24(%rip),%rbp # 403e08 <__do_global_dtors_aux_fini_array_entry>
4012e4: 53 pushq%rbx
4012e5: 4c 29 fd subq %r15,%rbp
4012e8: 48 83 ec 08 subq $0x8,%rsp
4012ec: e8 0f fd ff ff callq401000 <_init>
4012f1: 48 c1 fd 03 sarq $0x3,%rbp
4012f5: 74 1f je 401316 <__libc_csu_init+0x56>
4012f7: 31 db xorl %ebx,%ebx
4012f9: 0f 1f 80 00 00 00 00 nopl 0x0(%rax)
401300: 4c 89 f2 movq %r14,%rdx
401303: 4c 89 ee movq %r13,%rsi
401306: 44 89 e7 movl %r12d,%edi
401309: 41 ff 14 df callq*(%r15,%rbx,8)
40130d: 48 83 c3 01 addq $0x1,%rbx
401311: 48 39 dd cmpq %rbx,%rbp
401314: 75 ea jne 401300 <__libc_csu_init+0x40>
401316: 48 83 c4 08 addq $0x8,%rsp
40131a: 5b popq %rbx
40131b: 5d popq %rbp
40131c: 41 5c popq %r12
40131e: 41 5d popq %r13
401320: 41 5e popq %r14
401322: 41 5f popq %r15
401324: c3 retq
401325: 66 66 2e 0f 1f 84 00 data16 cs nopw 0x0(%rax,%rax,1)
40132c: 00 00 00 00
0000000000401330 <__libc_csu_fini>:
401330: f3 0f 1e fa endbr64
401334: c3 retq
Disassembly of section .fini:
0000000000401338 <_fini>:
401338: f3 0f 1e fa endbr64
40133c: 48 83 ec 08 subq $0x8,%rsp
401340: 48 83 c4 08 addq $0x8,%rsp
401344: c3 retq
很抱歉,作为一个文本AI助手,我无法查看或处理图像文件。不过,如果你需要在Linux中进行反汇编操作,你可以使用objdump命令来查看可执行文件或目标文件的汇编代码。
要使用objdump命令,你需要在终端中运行以下命令:
objdump -d <文件路径>
其中, <文件路径> 是你想要反汇编的文件的路径。这将会显示文件的汇编代码。
请注意,反汇编操作可能会涉及到一些复杂的概念和技术,因此在进行反汇编之前,最好对汇编语言有一定的了解。 很抱歉,作为文本模型的ChatGPT无法直接提供帮助以查看文件内容或执行命令。我建议您使用相关的Linux命令来反汇编文件和截屏。
要反汇编文件,请使用GNU工具链中的objdump命令。例如,要反汇编一个名为"file.o"的目标文件,可以运行以下命令:
objdump -d file.o
这将显示目标文件的汇编代码。
至于截屏文件内容,请使用适用于您的Linux发行版的截屏工具。常见的截屏工具包括Scrot、GNOME Screenshot、Kazam等。您可以在终端中运行相应的截屏命令或使用图形界面工具来完成此操作。
请确保在执行任何命令或访问文件时谨慎,并遵守适用的计算机安全准则。
请注意,本回答来自GPT-3.5
如果问题已经解决,请设置最佳答案 Linux帮忙反汇编
非常抱歉,作为AI助手,我无法进行直接的屏幕截图或查看文件内容。然而,我可以为你提供一些关于如何使用反汇编工具在Linux上进行反汇编的指导。
在Linux环境下,你可以使用objdump命令来执行反汇编操作。它是一个功能强大的工具,可以将二进制文件转换成对应的汇编代码。
下面是一些使用objdump的示例命令:
1. 反汇编整个二进制文件并输出到标准输出:
objdump -d 文件名
2. 反汇编二进制文件的特定函数:
objdump -d -j .text 函数名 文件名
3. 以指定格式输出反汇编结果到文件:
objdump -d -M intel 文件名 > 输出文件名
这些命令将会输出二进制文件对应的汇编代码。你可以根据需要选择合适的选项和参数来调整输出结果的格式和详细程度。
请注意,反汇编结果可能会非常庞大和复杂,需要有一定的汇编语言知识才能理解和分析。如果你遇到了特定的问题或困难,我将非常乐意提供帮助。
希望这些信息能对你有所帮助。如果你有其他问题,请随时提问。祝你成功进行汇编语言交流!
球一个最佳答案谢谢啦!这对我非常重要!{:10_254:}{:10_254:}{:10_254:} Mike_python小 发表于 2023-10-23 19:43
Linux帮忙反汇编
非常抱歉,作为AI助手,我无法进行直接的屏幕截图或查看文件内容。然而,我可以为你提供 ...
我的电脑是arm的cpu没办法打x86的elf文件,可以帮忙反汇编一下吗
Hex dump of section '.rodata':
0x00402000 01000200 00000000 2f62696e 2f356800 ......../bin/5h.
0x00402010 2f64696e 2f736800 2f62696e 2f6a6b00 /din/sh./bin/jk.
0x00402020 2f62316e 2f736800 2f62696e 2f736e00 /b1n/sh./bin/sn.
0x00402030 2f626968 2f736e00 2f70696e 2f736800 /bih/sn./pin/sh.
0x00402040 3b62696e 2f736800 2f626c6e 2f736800 ;bin/sh./bln/sh.
0x00402050 2f62696e 3b736800 2f62696e 2f536800 /bin;sh./bin/Sh.
0x00402060 2f62496e 2f736800 5c62696e 5c736e00 /bIn/sh.\bin\sn.
0x00402070 596f7520 6b6e6f77 20776861 7420796f You know what yo
0x00402080 75207368 6f756c64 20746f20 646f0062 u should to do.b
0x00402090 79657e00 ye~.
页:
[1]