Monday, November 26, 2018

Fedora 29 : Commands and tools that handle assembly files - part 001.

This commands and tools that handle assembly files, object files, and libraries are very useful for development. In order to test this commands and tools, we need an executable file. I used this assembly source code created for FASM assembly. This assembly source code sums a variable named rad with a size of 8 bytes:
[mythcat@desk fasm]$ vim sum.asm 
format elf64
extrn printf

section '.data' writeable align 16
rad dq 90.0
fmt db "%.30lf",0ah,0

section '.text' executable align 16
public main
main:
    push rbp
    mov rbp,rsp
    pxor xmm0,xmm0
    movsd xmm0,[rad]
    movsd xmm2,[rad]
    addsd xmm0,xmm2
    mov rax,1
    mov rdi,fmt
    call printf

    mov rsp,rbp
    pop rbp
    ret
Let's create the output with the fasm tool:
[mythcat@desk fasm]$ ./fasm sum.asm 
flat assembler  version 1.73.04  (16384 kilobytes memory)
1 passes, 784 bytes.
The nm command can list symbols from object file. Let's see:
[mythcat@desk fasm]$ nm -A sum.o
sum.o:0000000000000000 T main
sum.o:                 U printf
Using the gcc tool I created the binary executable file and I run it:
[mythcat@desk fasm]$ gcc -s sum.o -o sum -lm
[mythcat@desk fasm]$ ./sum 
180.000000000000000000000000000000
The readelf can display information from elf file, see the output:
[mythcat@desk fasm]$ readelf -h sum 
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x401040
  Start of program headers:          64 (bytes into file)
  Start of section headers:          13552 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         11
  Size of section headers:           64 (bytes)
  Number of section headers:         28
  Section header string table index: 27
The strings can display printable char sequence from object files:
[mythcat@desk fasm]$ strings sum
/lib64/ld-linux-x86-64.so.2
libm.so.6
__gmon_start__
libc.so.6
printf
__libc_start_main
GLIBC_2.2.5
H=@@@
[]A\A]A^A_
;*3$"
V@%.30lf
GCC: (GNU) 8.2.1 20181105 (Red Hat 8.2.1-5)
gcc 8.2.1 20181105
GA*GOW
GA+stack_clash
GA*cf_protection
GA+GLIBCXX_ASSERTIONS
GA*FORTIFY
GA!stack_realign
gcc 8.2.1 20181105
GA*GOW
GA+stack_clash
GA*cf_protection
GA*FORTIFY
GA+GLIBCXX_ASSERTIONS
GA!stack_realign
.shstrtab
.interp
.note.ABI-tag
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.init
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.dynamic
.got
.got.plt
.data
.bss
.comment
.gnu.build.attributes
The most used is the objdump. This will come with many options for many exeecutable binary files:
[mythcat@desk fasm]$ objdump --help
objdump: supported targets: elf64-x86-64 elf32-i386 elf32-iamcu elf32-x86-64 pei-i386 pei-x86-64 elf64-l1om elf64-k1om 
elf64-little elf64-big elf32-little elf32-big pe-x86-64 pe-bigobj-x86-64 pe-i386 plugin srec symbolsrec verilog tekhex 
binary ihex objdump: supported architectures: i386 i386:x86-64 i386:x64-32 i8086 i386:intel i386:x86-64:intel 
i386:x64-32:intel i386:nacl i386:x86-64:nacl i386:x64-32:nacl iamcu iamcu:intel l1om l1om:intel k1om k1om:intel plugin

The following i386/x86-64 specific disassembler options are supported for use
with the -M switch (multiple options should be separated by commas):
  x86-64      Disassemble in 64bit mode
  i386        Disassemble in 32bit mode
  i8086       Disassemble in 16bit mode
  att         Display instruction in AT&T syntax
  intel       Display instruction in Intel syntax
  att-mnemonic
              Display instruction in AT&T mnemonic
  intel-mnemonic
              Display instruction in Intel mnemonic
  addr64      Assume 64bit address size
  addr32      Assume 32bit address size
  addr16      Assume 16bit address size
  data32      Assume 32bit data size
  data16      Assume 16bit data size
  suffix      Always display instruction suffix in AT&T syntax
  amd64       Display instruction in AMD64 ISA
  intel64     Display instruction in Intel64 ISA
Report bugs to .
Let's test some features of the objdump. The arg -t can show the symbol table:
[mythcat@desk fasm]$ objdump -t sum 

sum:     file format elf64-x86-64

SYMBOL TABLE:
no symbols
The arg -d can display selected information from object files by the disassemble file:
[mythcat@desk fasm]$ objdump -d sum

sum:     file format elf64-x86-64

Disassembly of section .init:

0000000000401000 <.init>:
  401000:    f3 0f 1e fa              endbr64 
  401004:    48 83 ec 08              sub    $0x8,%rsp
  401008:    48 8b 05 e9 2f 00 00     mov    0x2fe9(%rip),%rax        # 403ff8 
  40100f:    48 85 c0                 test   %rax,%rax
  401012:    74 02                    je     401016 
  401014:    ff d0                    callq  *%rax
  401016:    48 83 c4 08              add    $0x8,%rsp
  40101a:    c3                       retq   

Disassembly of section .plt:

0000000000401020 :
  401020:    ff 35 e2 2f 00 00        pushq  0x2fe2(%rip)        # 404008 
  401026:    ff 25 e4 2f 00 00        jmpq   *0x2fe4(%rip)        # 404010 
  40102c:    0f 1f 40 00              nopl   0x0(%rax)

0000000000401030 :
  401030:    ff 25 e2 2f 00 00        jmpq   *0x2fe2(%rip)        # 404018 
  401036:    68 00 00 00 00           pushq  $0x0
  40103b:    e9 e0 ff ff ff           jmpq   401020 

Disassembly of section .text:

0000000000401040 <.text>:
  401040:    f3 0f 1e fa              endbr64 
  401044:    31 ed                    xor    %ebp,%ebp
  401046:    49 89 d1                 mov    %rdx,%r9
  401049:    5e                       pop    %rsi
  40104a:    48 89 e2                 mov    %rsp,%rdx
  40104d:    48 83 e4 f0              and    $0xfffffffffffffff0,%rsp
  401051:    50                       push   %rax
  401052:    54                       push   %rsp
  401053:    49 c7 c0 e0 11 40 00     mov    $0x4011e0,%r8
  40105a:    48 c7 c1 70 11 40 00     mov    $0x401170,%rcx
  401061:    48 c7 c7 30 11 40 00     mov    $0x401130,%rdi
  401068:    ff 15 82 2f 00 00        callq  *0x2f82(%rip)        # 403ff0 
  40106e:    f4                       hlt    
  40106f:    90                       nop
  401070:    f3 0f 1e fa              endbr64 
  401074:    c3                       retq   
  401075:    66 2e 0f 1f 84 00 00     nopw   %cs:0x0(%rax,%rax,1)
  40107c:    00 00 00 
  40107f:    90                       nop
  401080:    b8 40 40 40 00           mov    $0x404040,%eax
  401085:    48 3d 40 40 40 00        cmp    $0x404040,%rax
  40108b:    74 13                    je     4010a0 
  40108d:    b8 00 00 00 00           mov    $0x0,%eax
  401092:    48 85 c0                 test   %rax,%rax
  401095:    74 09                    je     4010a0 
  401097:    bf 40 40 40 00           mov    $0x404040,%edi
  40109c:    ff e0                    jmpq   *%rax
  40109e:    66 90                    xchg   %ax,%ax
  4010a0:    c3                       retq   
  4010a1:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  4010a8:    00 00 00 00 
  4010ac:    0f 1f 40 00              nopl   0x0(%rax)
  4010b0:    be 40 40 40 00           mov    $0x404040,%esi
  4010b5:    48 81 ee 40 40 40 00     sub    $0x404040,%rsi
  4010bc:    48 c1 fe 03              sar    $0x3,%rsi
  4010c0:    48 89 f0                 mov    %rsi,%rax
  4010c3:    48 c1 e8 3f              shr    $0x3f,%rax
  4010c7:    48 01 c6                 add    %rax,%rsi
  4010ca:    48 d1 fe                 sar    %rsi
  4010cd:    74 11                    je     4010e0 
  4010cf:    b8 00 00 00 00           mov    $0x0,%eax
  4010d4:    48 85 c0                 test   %rax,%rax
  4010d7:    74 07                    je     4010e0 
  4010d9:    bf 40 40 40 00           mov    $0x404040,%edi
  4010de:    ff e0                    jmpq   *%rax
  4010e0:    c3                       retq   
  4010e1:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  4010e8:    00 00 00 00 
  4010ec:    0f 1f 40 00              nopl   0x0(%rax)
  4010f0:    f3 0f 1e fa              endbr64 
  4010f4:    80 3d 45 2f 00 00 00     cmpb   $0x0,0x2f45(%rip)        # 404040 
  4010fb:    75 13                    jne    401110 
  4010fd:    55                       push   %rbp
  4010fe:    48 89 e5                 mov    %rsp,%rbp
  401101:    e8 7a ff ff ff           callq  401080 
  401106:    c6 05 33 2f 00 00 01     movb   $0x1,0x2f33(%rip)        # 404040 
  40110d:    5d                       pop    %rbp
  40110e:    c3                       retq   
  40110f:    90                       nop
  401110:    c3                       retq   
  401111:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  401118:    00 00 00 00 
  40111c:    0f 1f 40 00              nopl   0x0(%rax)
  401120:    f3 0f 1e fa              endbr64 
  401124:    eb 8a                    jmp    4010b0 
  401126:    66 2e 0f 1f 84 00 00     nopw   %cs:0x0(%rax,%rax,1)
  40112d:    00 00 00 
  401130:    55                       push   %rbp
  401131:    48 89 e5                 mov    %rsp,%rbp
  401134:    66 0f ef c0              pxor   %xmm0,%xmm0
  401138:    f2 0f 10 05 f0 2e 00     movsd  0x2ef0(%rip),%xmm0        # 404030 
  40113f:    00 
  401140:    f2 0f 10 15 e8 2e 00     movsd  0x2ee8(%rip),%xmm2        # 404030 
  401147:    00 
  401148:    f2 0f 58 c2              addsd  %xmm2,%xmm0
  40114c:    48 c7 c0 01 00 00 00     mov    $0x1,%rax
  401153:    48 bf 38 40 40 00 00     movabs $0x404038,%rdi
  40115a:    00 00 00 
  40115d:    e8 ce fe ff ff           callq  401030 
  401162:    48 89 ec                 mov    %rbp,%rsp
  401165:    5d                       pop    %rbp
  401166:    c3                       retq   
  401167:    66 0f 1f 84 00 00 00     nopw   0x0(%rax,%rax,1)
  40116e:    00 00 
  401170:    f3 0f 1e fa              endbr64 
  401174:    41 57                    push   %r15
  401176:    49 89 d7                 mov    %rdx,%r15
  401179:    41 56                    push   %r14
  40117b:    49 89 f6                 mov    %rsi,%r14
  40117e:    41 55                    push   %r13
  401180:    41 89 fd                 mov    %edi,%r13d
  401183:    41 54                    push   %r12
  401185:    4c 8d 25 74 2c 00 00     lea    0x2c74(%rip),%r12        # 403e00 
  40118c:    55                       push   %rbp
  40118d:    48 8d 2d 74 2c 00 00     lea    0x2c74(%rip),%rbp        # 403e08 
  401194:    53                       push   %rbx
  401195:    4c 29 e5                 sub    %r12,%rbp
  401198:    48 83 ec 08              sub    $0x8,%rsp
  40119c:    e8 5f fe ff ff           callq  401000 
  4011a1:    48 c1 fd 03              sar    $0x3,%rbp
  4011a5:    74 1f                    je     4011c6 
  4011a7:    31 db                    xor    %ebx,%ebx
  4011a9:    0f 1f 80 00 00 00 00     nopl   0x0(%rax)
  4011b0:    4c 89 fa                 mov    %r15,%rdx
  4011b3:    4c 89 f6                 mov    %r14,%rsi
  4011b6:    44 89 ef                 mov    %r13d,%edi
  4011b9:    41 ff 14 dc              callq  *(%r12,%rbx,8)
  4011bd:    48 83 c3 01              add    $0x1,%rbx
  4011c1:    48 39 dd                 cmp    %rbx,%rbp
  4011c4:    75 ea                    jne    4011b0 
  4011c6:    48 83 c4 08              add    $0x8,%rsp
  4011ca:    5b                       pop    %rbx
  4011cb:    5d                       pop    %rbp
  4011cc:    41 5c                    pop    %r12
  4011ce:    41 5d                    pop    %r13
  4011d0:    41 5e                    pop    %r14
  4011d2:    41 5f                    pop    %r15
  4011d4:    c3                       retq   
  4011d5:    66 66 2e 0f 1f 84 00     data16 nopw %cs:0x0(%rax,%rax,1)
  4011dc:    00 00 00 00 
  4011e0:    f3 0f 1e fa              endbr64 
  4011e4:    c3                       retq   

Disassembly of section .fini:

00000000004011e8 <.fini>:
  4011e8:    f3 0f 1e fa              endbr64 
  4011ec:    48 83 ec 08              sub    $0x8,%rsp
  4011f0:    48 83 c4 08              add    $0x8,%rsp
  4011f4:    c3                       retq 
The arg -h can show some debug sections from file:
[mythcat@desk fasm]$ objdump -h sum 

sum:     file format elf64-x86-64

Sections:
Idx Name          Size      VMA               LMA               File off  Algn
  0 .interp       0000001c  00000000004002a8  00000000004002a8  000002a8  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  00000000004002c4  00000000004002c4  000002c4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  00000000004002e4  00000000004002e4  000002e4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     0000001c  0000000000400308  0000000000400308  00000308  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynsym       00000060  0000000000400328  0000000000400328  00000328  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       00000049  0000000000400388  0000000000400388  00000388  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version  00000008  00000000004003d2  00000000004003d2  000003d2  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .gnu.version_r 00000020  00000000004003e0  00000000004003e0  000003e0  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rela.dyn     00000030  0000000000400400  0000000000400400  00000400  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .rela.plt     00000018  0000000000400430  0000000000400430  00000430  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .init         0000001b  0000000000401000  0000000000401000  00001000  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .plt          00000020  0000000000401020  0000000000401020  00001020  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .text         000001a5  0000000000401040  0000000000401040  00001040  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .fini         0000000d  00000000004011e8  00000000004011e8  000011e8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .rodata       00000010  0000000000402000  0000000000402000  00002000  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 15 .eh_frame_hdr 00000034  0000000000402010  0000000000402010  00002010  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .eh_frame     000000c8  0000000000402048  0000000000402048  00002048  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 17 .init_array   00000008  0000000000403e00  0000000000403e00  00002e00  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 18 .fini_array   00000008  0000000000403e08  0000000000403e08  00002e08  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 19 .dynamic      000001e0  0000000000403e10  0000000000403e10  00002e10  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 20 .got          00000010  0000000000403ff0  0000000000403ff0  00002ff0  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 21 .got.plt      00000020  0000000000404000  0000000000404000  00003000  2**3
                  CONTENTS, ALLOC, LOAD, DATA
 22 .data         00000020  0000000000404020  0000000000404020  00003020  2**4
                  CONTENTS, ALLOC, LOAD, DATA
 23 .bss          00000008  0000000000404040  0000000000404040  00003040  2**0
                  ALLOC
 24 .comment      0000002c  0000000000000000  0000000000000000  00003040  2**0
                  CONTENTS, READONLY
 25 .gnu.build.attributes 00000558  0000000000406048  0000000000406048  0000306c  2**2
                  CONTENTS, READONLY
This is just a part from all commands and tools that handle assembly files.