I can disassemble raw binary file using the following command:
> aarch64-linux-gnu-objdump -m aarch64 -b binary -D file.bin
Can I achieve the same effect with llvm-objdump and how? Maybe any other tool from LLVM toolchain?
Asked
Active
Viewed 2,457 times
3
Alexander Zhak
- 9,140
- 4
- 46
- 72
1 Answers
3
The easiest way I've found to do this using only LLVM tools is to first objcopy the binary into an ELF and then objdump the ELF.
Convert the file
llvm-objcopy -I binary -O elf64-littleaarch64 --rename-section=.data=.text,code file.bin file.elf
Let's go through this option-by-option:
-I binary: specifies that the input is in raw binary, rather than ELF, form.-O elf64-littleaarch64(LLVM 10+1): specifies that the binary is to be interpreted as AArch64 machine code.--rename-section=.data=.text,code: specifies that the section named.datathat automatically gets created when copying from a binary file should instead be named.textand marked as executable code. This allows disassembly with-dto work later.
Disassemble the file
llvm-objdump -d file.elf
This one's pretty self-explanatory (and the same as you'd write with GNU objdump). -d says to disassemble all code sections, and the only code section is the one that we marked using --rename-section in the previous step.
1This command is for LLVM 10 and above. LLVM 10 has removed the binary-specific -B option in favor of specifying your output target with the -O option. For LLVM 9 and below, you'd use -B aarch64.
-
1When running `llvm-objdump` you can specify the section to disassemble with `--section .data`, which means you can drop the `--rename-section=.data=.text,code`. – msbit Aug 07 '21 at 02:44
-
For those wanting to disassemble ARM thumb code, you can use something like `--triple armv7m`. – ayke Apr 21 '23 at 16:11