问题
I want to compile my C file with clang
and then decompile it with with ndisasm
(for educational purposes). However, ndisasm
says in it's manual that it only works with binary and not executable files:
ndisasm only disassembles binary files: it has
no understanding of the header information
present in object or executable files. If you
want to disassemble an object file, you should
probably be using objdump(1).
What's the difference, exactly? And what does clang
output when I run it with a simple C file, an executable or a binary?
回答1:
An object file contains machine language code, and all sorts of other information. It sounds like ndisasm
wants just the machine code, not the other stuff. So the message is telling you to use the objdump
utility to extract just the machine code segment(s) from the object file. Then you can presumably run ndisasm
on that.
回答2:
And what does clang output when I run it with a simple C file, an executable or a binary?
A C compiler is usually able to create a 'raw' binary, which is Just The Code, hold the tomato, because for some (rare!) purposes that can be useful. Think, for instance, of boot sectors (which cannot 'load' an executable the regular way because the OS to load them is not yet started) and of programmable RAM chips. An Operating system in itself usually does not like to execute 'raw binary code' - pretty much for the same reasons. An exception is MS Windows, which still can run old format .com
binaries.
By default, clang will create an executable. The intermediate files, called object files, are usually deleted after the executable is linked (glued together with library functions and an appropriate executable header). To get just a .o
object file, use the -c
switch.
Note that Object files also contain a header. After all, the linker needs to know what the file contains before it can link it to other parts.
For educational purposes, you may want to examine the object file format. Armed with that knowledge it should be possible to write a program that can tell you at what offset in the file the actual code starts. Then you can feed that information into ndisasm
.
In addition to the header, files may contain even more data after the instructions. Again, ndisasm
does not know and nor does it care. If your test program contains a string Hello world!
somewhere at the end, it will happily try to disassemble that as well. It's up to you to recognize this garbage as such, and ignore what ndisasm
does to it.
来源:https://stackoverflow.com/questions/31126109/whats-the-difference-between-binary-and-executable-files-mentioned-in-ndisasms