objdump_using
"/home/yossef/notes/personal/hacking/objdump_using.md"
path: personal/hacking/objdump_using.md
- **fileName**: objdump_using
- **Created on**: 2026-02-09 17:53:33
objdump: tool using in reverse engineering so to disassemble the binary file
main options to use
| Option | Example usage | Purpose | Common use cases |
|---|---|---|---|
| -d | objdump -d binary | Disassemble executable sections | Read assembly Debug compiler output Reverse engineering |
| -D | objdump -D binary | Disassemble all sections | Packed binaries Firmware analysis Obfuscated code |
| -t | objdump -t binary | Show symbol table | Map symbols Locate functions Binary structure |
| -h | objdump -h binary | Show section headers | Memory layout Section sizes Binary overview |
| -f | objdump -f binary | Show file header info | Detect arch Entry point Binary format |
| -s | objdump -s binary | Dump raw section data | Extract strings View constants Hex analysis |
| -r | objdump -r binary | Show relocation entries | Dynamic linking PIC analysis Shared libs |
| -C | objdump -C binary | Demangle C++ symbols | Readable symbols C++ analysis |
| -Mintel | objdump -d -Mintel binary | Use Intel syntax | Easier reading x86 analysis |
| --start-address | objdump -d --start-address=ADDR | Start disassembly at addr | Focus on function Reduce noise |
| --stop-address | objdump -d --stop-address=ADDR | Stop disassembly at addr | Limit output Target analysis |
explaining the example command
objdump -d -Mintel zig-out/bin/zig
-d
Disassembles executable sections of the binary and prints
assembly instructions instead of raw machine code.
-Mintel
Selects Intel assembly syntax instead of the default AT&T
syntax. Intel syntax is often easier to read for beginners.
zig-out/bin/zig
Path to the compiled Zig binary being analyzed.
output of -d disassembly
The output shows:
- Function addresses
- Instruction opcodes
- Assembly mnemonics
- Control flow like jumps and calls
This is useful for understanding how the compiler translated
source code into machine instructions.
-t option (symbol table)
The -t option displays the symbol table stored in the binary.
Example:
objdump -t zig-out/bin/zig
This shows:
- Function names
- Global variables
- Symbol addresses
- Symbol scope and type
why -t is important
-t helps map assembly code back to meaningful names.
It is essential when:
- Debugging without source code
- Understanding program structure
- Locating functions in disassembly
- Analyzing stripped vs non stripped binaries
most important objdump options
-d
Disassemble executable sections.
-D
Disassemble all sections, even non executable ones.
-t
Display the symbol table.
-h
Show section headers with sizes and memory addresses.
-f
Display file header information like architecture and
entry point.
-s
Dump full contents of sections in hexadecimal format.
-r
Show relocation entries used by the linker.
recommend commends to use
| Goal | Command |
|---|---|
| Quick overview | objdump -f -h binary |
| Symbol analysis | objdump -t -C binary |
| Full disassembly | objdump -D -Mintel binary |
| Focused function | objdump -d -Mintel --start-address=ADDR --stop-address=ADDR binary |
| Reverse engineering | objdump -d -t -C -Mintel binary |
continue:[[]]
before:./strings_h.md