0

Seeing results of objdump -D /bin/bash I found something weird.
dynamically linked function name does not appered!

Below is part of <.text> section.
See 672c : call 26e0. 

...
672c:   e8 af bf ff ff          call   26e0 <main@@Base-0xcdc0>  # <--- Here
6731:   83 c4 10                add    $0x10,%esp
...



I was curious about the called address, 26e0
And found that it points to the <.plt.got> section. See below. 

000026e0 <.plt.got>:
26e0:   ff a3 0c 00 00 00       jmp    *0xc(%ebx)
26e6:   66 90                   xchg   %ax,%ax
26e8:   ff a3 10 00 00 00       jmp    *0x10(%ebx)
...



So 672c in <.text> section calls plt section.
But, generally, objdump should show the plt call as a format of <***@plt>

For example, 

// gcc -o sample sample.c -fpic -pie
#include <stdio.h>

void main(){
        printf("go");
}

See Below, address 615

000005f0 <main>:
...
613:   89 c3                   mov    %eax,%ebx
615:   e8 36 fe ff ff          call   450 <printf@plt>   # <--- here
...

My question is :
Why "dynamically linked function name" isn't shown in certain binaries such as /bin/dash?

Jiwon
  • 1,074
  • 1
  • 11
  • 27
  • 2
    did you try disassembling with `objdump -r -d`, to show relocations as a comment? I usually use `alias disas='objdump -drwC -Mintel'`. But in this case it looks like you have a stripped binary without symbols for every PLT entry. – Peter Cordes Jul 17 '18 at 00:59
  • I think for PIE you will need capital `-R`. – Jester Jul 17 '18 at 01:06

0 Answers0