Linux disassembler
Given the list of functions and their address in the binary, you can simply run objdump for each function like this: objdump -d /usr/lib/libao.so.4.0.0 -start-address=0x3730 It is time now to use objdump (or a more advanced disassembler if you can get one). Note that you can also get this information by using objdump like this: #> objdump -T /usr/lib/libao.so.4.0.0 | grep LIBAO4_1.1.0 | grep DFĠ0000000000038e0 g DF.
#LINUX DISASSEMBLER CODE#
so plus the address of their code in the memory (first column). Looking at the rest of the output of readelf -a, the dynamic symbol table (. In fact, it does correspond to the procedure in charge of initializing the memory to get the library properly loaded. You may notice that readelf detected an entrypoint. Start of section headers: 35392 (bytes into file) Start of program headers: 64 (bytes into file) I will use /usr/lib/libao.so.4.0.0 (a random library I took on my system which is small enough to be taken as an example).įirst, run readelf on it to see a bit what you are on: #> readelf -a /usr/lib/libao.so.4.0.0 Extract the functions from the libraryĪ first step will be to extract the name of all the functions that are present in this library to know what it is looking like.
#LINUX DISASSEMBLER HOW TO#
I will try to explain how to do it with UNIX tools.
I know that you asked specifically about MS-Windows tools, but I will ignore this as 0xea already replied about that. so file are just regular executable files but packed in a dynamic library style.