objdump

Display the file header information

$ objdump [[-f|--file-headers]] [path/to/binary]

$ objdump [[-x|--all-headers]] [path/to/binary]

$ objdump [[-d|--disassemble]] [path/to/binary]

$ objdump [[-M|--disassembler-options]] intel [[-d|--disassemble]] [path/to/binary]

$ objdump [[-t|--syms]] [path/to/binary]

$ objdump [[-s|--full-contents]] [path/to/binary]

objdump [option(s)] <file(s)>

-a, --archive-header
    Display the archive header information for archive members. Only meaningful when given an archive file (e.g., a .a file).

-b BFDNAME, --target=BFDNAME
    Specify the target object code format. objdump can usually figure this out automatically, but this option allows overriding it (e.g., --target=i386-linux).

-C, --demangle
    Demangle low-level symbol names into user-level names. This is especially useful for C++ programs to display readable function names (e.g., _ZSt8make_pairISt4pairIiiESt10unique_ptrIiSt14default_deleteIiEE becomes std::make_pair, std::unique_ptr>>).

-d, --disassemble
    Disassemble the executable sections (usually .text) of the object file. This is one of the most common uses, showing the assembly instructions.

-D, --disassemble-all
    Disassemble all sections that are likely to contain code. This includes sections that are not normally executable, providing a more comprehensive view.

-e, --debugging-lines
    Display debug line number information alongside disassembly. Requires debugging information to be present in the binary.

-f, --file-headers
    Display the contents of the overall file header, including the architecture and object file format.

-g, --debugging
    Display debugging information. The exact output depends on the debugging format (e.g., DWARF, STABS).

-h, --section-headers, --headers
    Display the contents of the section headers, which describe the different segments (e.g., .text, .data, .bss) within the object file.

-i, --info
    Display information about the supported architectures and object file formats by the BFD library.

-j NAME, --section=NAME
    Display information only for the specified section NAME. Can be used with other options like -s or -d to focus on a particular section.

-l, --line-numbers
    Display source code line numbers with disassembly or symbol tables. Requires debugging information.

-L, --start-address=ADDR
    Start disassembly (or other operations) at the specified address ADDR.

-M OPTION, --disassembler-options=OPTION
    Pass specific options to the disassembler, such as controlling the output format (e.g., intel for Intel syntax, att for AT&T syntax, reg-names-std, no-aliases).

-N SYMBOL, --symbol=SYMBOL
    Display information only for the specified symbol. Useful when disassembling a specific function or viewing a specific data symbol.

-p, --private-headers
    Display information specific to the object file format (e.g., ELF program headers, COFF optional header). Equivalent to readelf -l for ELF files.

-r, --reloc
    Display the relocation entries of the file. These entries indicate where the linker needs to patch addresses after loading the program.

-R, --dynamic-reloc
    Display the dynamic relocation entries of the file. These are used by the dynamic linker/loader at runtime.

-s, --full-contents
    Display the full contents of any sections requested. If no sections are specified with -j, it will show the contents of all non-empty sections.

-S, --source
    Intermix source code with disassembly. Requires debugging information and source files to be accessible in the original build path.

-t, --syms
    Display the symbol table entries of the file. This includes all global and local symbols defined or referenced.

-T, --dynamic-syms
    Display the dynamic symbol table entries. These are symbols needed for dynamic linking (e.g., functions imported from shared libraries).

-u, --unwind-info
    Display unwind info, if present. This information is used for exception handling and stack unwinding during debugging.

-V, --version
    Display the version number of objdump.

-w, --wide
    Format output for lines wider than 80 columns, preventing truncation and improving readability for disassembly.

-x, --all-headers
    Display all header information available (equivalent to combining -a -f -h -p -r -R -t -T for common cases).

--adjust-vma=OFFSET
    Add OFFSET to all displayed addresses. Useful for analyzing position-independent code loaded at a specific base address.

--disable-sections, --enable-sections
    Controls whether section names are displayed in output (useful for very long section names).

--no-leading-addr
    Do not print the address at the beginning of a line of disassembly. Useful for comparing disassembly from different tools.

--no-show-raw-insn
    When disassembling, do not print the raw bytes of the instruction, only the assembly mnemonic.

--prefix-addresses
    Print the complete address on each line of disassembly, not just relative offsets.

--start-address=ADDR
    Start disassembling at the specified address ADDR.

--stop-address=ADDR
    Stop disassembling at the specified address ADDR.

objdump is a command-line utility from the GNU Binutils package used to display various information about object files, including executables, shared libraries, and regular object files. It acts as a wrapper around the BFD (Binary File Descriptor) library, which allows it to understand different object file formats (like ELF, COFF, PE, etc.) and architectures.

Its primary uses include disassembling machine code into human-readable assembly, viewing symbol tables, examining section headers, inspecting relocation entries, and displaying the raw contents of sections. This makes it an invaluable tool for reverse engineering, debugging binaries, analyzing compiler output, and understanding the low-level structure of programs without needing a full debugger.

objdump's output can be verbose and requires a good understanding of assembly language, object file formats (like ELF), and system architecture. While powerful for static analysis, it lacks the interactive debugging capabilities of a debugger like gdb. It cannot reliably disassemble highly optimized or obfuscated code, and its source intermixing (-S) relies on correct debugging information and accessible source paths from the build environment.

• Code Disassembly: Use -d or -D to see the assembly code of an executable or library, often combined with -M intel for Intel syntax.
• Symbol Inspection: Use -t to list all symbols (functions, variables) and -T for dynamically linked symbols. -C helps to demangle C++ names.
• Section Analysis: Use -h to view section headers (size, address, flags) and -s to dump raw section contents. -j <section_name> can narrow down the focus.
• Debugging Information: Options like -g, -l, and -S allow inspecting debugging data and intermixing source code with disassembly, provided the binary was compiled with debug symbols (e.g., gcc -g).

When disassembling, objdump typically shows the virtual address, raw instruction bytes (hexadecimal), and the decoded assembly instruction. Symbols are often shown as offsets from their base address or as absolute addresses. Understanding the specific assembly dialect (AT&T vs. Intel) and the calling conventions of the architecture is crucial for interpreting the output effectively.

objdump is a core component of the GNU Binutils project, a collection of programming tools for creating and managing binary programs. Its development dates back to the early days of the GNU Project, aiming to provide free and open-source alternatives to proprietary Unix tools. It has continuously evolved to support new architectures and object file formats, becoming an indispensable tool for developers, reverse engineers, and security researchers on Linux and other Unix-like systems.

readelf(1), nm(1), size(1), strings(1), gdb(1), as(1), ld(1)