可执行文件-内容探索

在linux下,用readelf来看ELF头部或者其它各section的内容,用objdump来对指定的内容(.text, .data等)进行反汇编。

但是mac os X下没有这两个命令,可以用brew来安装,brew update && brew install binutils,然后用greadelf和gobjdump。
但是笔者查询了下mac上直接运行,安装不上去,有些权限的问题。有寻找了其他安装办法。

mac 下安装方式:
http://macappstore.org/binutils/

Install binutils on Mac OSX

About the App

Install the App

  1. Press Command+Space and type Terminal and press enter/return key.
  2. Run in Terminal app:
    ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" < /dev/null 2> /dev/null
    and press enter/return key.
    If the screen prompts you to enter a password, please enter your Mac’s user password to continue. When you type the password, it won’t be displayed on screen, but the system would accept it. So just type your password and press ENTER/RETURN key. Then wait for the command to finish.
  3. Run:
    brew install binutils

Done! You can now use binutils.

ELF文件-探索 - 图1

  1. ==> Downloading https://homebrew.bintray.com/bottles/binutils-2.31.1_2.high_sierra.bottle.tar.gz
  2. ######################################################################## 100.0%
  3. ==> Pouring binutils-2.31.1_2.high_sierra.bottle.tar.gz
  4. ==> Caveats
  5. binutils is keg-only, which means it was not symlinked into /usr/local,
  6. because because Apple provides the same tools and binutils is poorly supported on macOS.
  8. If you need to have binutils first in your PATH run:
  9.   echo 'export PATH="/usr/local/opt/binutils/bin:$PATH"' >> ~/.bash_profile
  11. For compilers to find binutils you may need to set:
  12.   export LDFLAGS="-L/usr/local/opt/binutils/lib"
  13.   export CPPFLAGS="-I/usr/local/opt/binutils/include"

安装好之后的可使用工具
ELF文件-探索 - 图2

其他重要工具

IDA
ELF文件-探索 - 图3

目标文件分析

ELF文件-探索 - 图4

  1. Greats-MacBook-Pro:~ John$ nm --help
  2. OVERVIEW: llvm symbol table dumper
  4. Greats-MacBook-Pro:~ John$ objdump --help
  5. OVERVIEW: llvm object file dumper