mk-project code investigating, debugging and disassembling

Introduction

You want to investigate in deep your binary cause of it bugs or simply per curiosity.

mk-project provide a lot of targets which will make your investigation easier.

The make info target

The make info target display simple informations about your program.

Using the file, size, ls -s -h utilities.

The file utility

The file utility print out the details about any filetype.

So if an executable file is given, the file utility will display informations about it.

The size utility

The size utility print out the byte length of the main binary sections:

.text, .data and .bss.

The make gdb target

At first you can use the famous GNU/Debugger gdb for investigating your program,

by simply launching the target make gdb.

This will launch gdb in the ./bin folder where your binary is located

with your program as argument.

Note

Given options to gdb:

For given supplementary options to gdb, which will be passed to gdb at every target call, edit the GDB_OPTS variable.

Else if you want to change the options for a unique call of gdb, by using the target.

Simply set the wanted options into the GDB_OPTS variable on the command line:

$ make gdb GDB_OPTS="--option value"

The make ldd target

The ldd utility show the complete list of dynamic librairies which your program will try to load (i.e. The load time dependencies).

Note

Given options to ldd:

For given supplementary options to ldd, which will be passed to ldd at every target call, edit the LDD_OPTS variable.

Else if you want to change the options for a unique call of ldd, by using the target.

Simply set the wanted options into the LDD_OPTS variable on the command line:

$ make ldd LDD_OPTS="--option value"

Warning

Limitations of ldd:

  • ldd cannot identify the libraries dynamically loaded at runtime using dlopen().
Be aware, however, that in some circumstances, some veriosn of ldd may attempt to obtain the dependencies informations
by directly executing the program. Thus, you should never employ ldd on untrusted executables,
since this may result in the execution of arbitrary code.

A safer alternative when dealing with untrusted executables is following:

$ objdump -p /path/to/binary | grep NEEDED

# The same result result can be achieve using the readelf utility.

$ readelf -d /path/to/binary | grep NEEDED

The make nm target

The nm utility is used to list the symbols of a binary or object file(s).

It can laso find the indicated symbol type.

Note

Given options to nm:

For given supplementary options to nm, which will be passed to nm at every target call, edit the NM_OPTS variable.

Else if you want to change the options for a unique call of nm, by using the target.

Simply set the wanted options into the NM_OPTS variable on the command line:

$ make nm NM_OPTS="--option value"
note:You can give the $(OBJECT) make variable as argument to nm instead of the binary.

Note

If the binary contains some C++ code, the symbols are printed by default in mangled form.

Usage examples:

$ nm /path/to/prg

# List all symbols of prg (a binary or object file(s)).

$ nm -D /path/to/prg

# List only the symbols contains into the dynamic section(s) (exported or visible).

$ nm -C /path/to/prg

# List symbols in demangled form.

$ nm -D --no-demangle /path/to/prg

# List symbols in not demangled form.

$ nm -u /path/to/prg

# List undefined symbols.

Look at The 20 best nm commands

The make objdump target

objdump is one of the most versatile utility program, so it can support about 50 others binary formats other than the ELF format.

Note

Given options to objdump:

For given supplementary options to objdump, which will be passed to objdump at every target call, edit the OBJDUMP_OPTS variable.

Else if you want to change the options for a unique call of objdump, by using the target.

Simply set the wanted options into the OBJDUMP_OPTS variable on the command line:

$ make objdump OBJDUMP_OPTS="--option value"
note:You can give the $(OBJECT) make variable as argument to objdump instead of the binary.

Usage examples:

$ objdump -f /path/to/prg

# Is used to obtain an insight into the object file(s) header.
# The header provide plenty of informations like
#
# * binary type
# * entry point (The start of the .text section)
# * etc..

$ objdump -h /path/to/prg

# Is used to list the avialable sections from the prg.

$ objdump -T /path/to/prg

# List dynamic symbols only.

# Is equivalent to running: $ nm -D /path/to/prg

$ objdump -t /path/to/prg

# Examines the dynamic section(s).

$ objdump -R /path/to/prg

# Examines the relocation section(s).

$ objdump -S -j <section name> /path/to/prg

# Provide the hexdump of the values carried by the given section.

$ objdump -p /path/to/prg

# Display informations about the ELF binary segments.

Usage example for code disasssembling using objdump:

$ objdump -d -M intel /path/to/prg

# Used to disassemble a binary using the Intel syntax.

$ objdump -d -S -M intel /path/to/prg

# Like above but interspercing the original source code.

$ objdump -d -M intel -j <section name> /path/to/prg

# This only works if the binary is compiled with the -g (debugging) option.

The make readelf target

The readelf utility provides almost completely duplicate functionnality found in the objdump tool.

Note

Given options to readelf:

For given supplementary options to readelf, which will be passed to readelf at every target call, edit the READELF_OPTS variable.

Else if you want to change the options for a unique call of readelf, by using the target.

Simply set the wanted options into the READELF_OPTS variable on the command line:

$ make readelf READELF_OPTS="--option value"

Usage examples:

$ readelf -h /path/to/prg

# Used to obtain an insight into the object file(s) header.

$ readelf -s /path/to/prg

# List the available sections.

$ readelf --symbols /path/to/prg

# List all symbols (Equal to running $ nm /path/to/prg).

$ readelf --dyn-syms /path/to/prg

# List dynamic symbols only (Equal to nm -D /path/to/prg).

$ readelf -r /path/to/prg

# Examines the relocation sections.

$ readelf -x <section name> /path/to/prg

# Provide a hexdump of the values carried by the given section.

$ readelf --segments /path/to/prg

# Display ELF segments informations.

$ readelf --debug-dump=<line>

The make strace target

The strace utility tracks down the system calls made by the process as well as the signals received by the process.

Note

Given options to strace:

For given supplementary options to strace, which will be passed to strace at every target call, edit the STRACE_OPTS variable.

Else if you want to change the options for a unique call of strace, by using the target.

Simply set the wanted options into the STRACE_OPTS variable on the command line:

$ make strace STRACE_OPTS="--option value"

The make ltrace target

The ltrace utility tracks down the libraries calls made by the process.

Note

Given options to ltrace:

For given supplementary options to ltrace, which will be passed to ltrace at every target call, edit the LTRACE_OPTS variable.

Else if you want to change the options for a unique call of ltrace, by using the target.

Simply set the wanted options into the LTRACE_OPTS variable on the command line:

$ make ltrace LTRACE_OPTS="--option value"

The make strip target

The strip utility can be used to eliminated all the symbols not needed in the process.

Note

Given options to strip:

For given supplementary options to strip, which will be passed to strip at every target call, edit the STRIP_OPTS variable.

Else if you want to change the options for a unique call of strip, by using the target.

Simply set the wanted options into the STRIP_OPTS variable on the command line:

$ make strip STRIP_OPTS="--option value"

Documentation Source

  • GNU Make manual (A very good manual from the GNU manuals serie).
authors:Stallman, McGrath, Smith.
  • C/C++ Compiling (A very good book about libraries and machine code investigation).
author:Milan Stevanovic.