What's the difference between binary and executable files mentioned in ndisasm's manual?

纵然是瞬间 提交于 2021-02-10 20:01:34

问题


I want to compile my C file with clang and then decompile it with with ndisasm (for educational purposes). However, ndisasm says in it's manual that it only works with binary and not executable files:

   ndisasm only disassembles binary files: it  has
   no  understanding  of  the  header  information
   present in object or executable files.  If  you
   want  to disassemble an object file, you should
   probably be using objdump(1).

What's the difference, exactly? And what does clang output when I run it with a simple C file, an executable or a binary?


回答1:


An object file contains machine language code, and all sorts of other information. It sounds like ndisasm wants just the machine code, not the other stuff. So the message is telling you to use the objdump utility to extract just the machine code segment(s) from the object file. Then you can presumably run ndisasm on that.




回答2:


And what does clang output when I run it with a simple C file, an executable or a binary?

A C compiler is usually able to create a 'raw' binary, which is Just The Code, hold the tomato, because for some (rare!) purposes that can be useful. Think, for instance, of boot sectors (which cannot 'load' an executable the regular way because the OS to load them is not yet started) and of programmable RAM chips. An Operating system in itself usually does not like to execute 'raw binary code' - pretty much for the same reasons. An exception is MS Windows, which still can run old format .com binaries.

By default, clang will create an executable. The intermediate files, called object files, are usually deleted after the executable is linked (glued together with library functions and an appropriate executable header). To get just a .o object file, use the -c switch.

Note that Object files also contain a header. After all, the linker needs to know what the file contains before it can link it to other parts.

For educational purposes, you may want to examine the object file format. Armed with that knowledge it should be possible to write a program that can tell you at what offset in the file the actual code starts. Then you can feed that information into ndisasm.

In addition to the header, files may contain even more data after the instructions. Again, ndisasm does not know and nor does it care. If your test program contains a string Hello world! somewhere at the end, it will happily try to disassemble that as well. It's up to you to recognize this garbage as such, and ignore what ndisasm does to it.



来源:https://stackoverflow.com/questions/31126109/whats-the-difference-between-binary-and-executable-files-mentioned-in-ndisasms

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!