[L2H] Objdump Walkthrough

Objdump ကေတာ့ gdb ျပီးရင္ အသံုးဝင္တဲ့ အရာတစ္ခုျဖစ္ပါတယ္။ gdb ကေတာ့ debugger ျဖစ္ျပီးေတာ့ objdump ကေတာ့ disassembler အေနနဲ႕သံုးၾကပါတယ္။ ေအာက္မွာကေတာ့ objdump မွာပါတဲ့ options ေတြျဖစ္တယ္။

root@exploitdev:~/GDB# objdump
Usage: objdump <option(s)> <file(s)>
 Display information from object <file(s)>.
 At least one of the following switches must be given:
  -a, --archive-headers    Display archive header information
  -f, --file-headers       Display the contents of the overall file header
  -p, --private-headers    Display object format specific file header contents
  -P, --private=OPT,OPT... Display object format specific contents
  -h, --[section-]headers  Display the contents of the section headers
  -x, --all-headers        Display the contents of all headers
  -d, --disassemble        Display assembler contents of executable sections
  -D, --disassemble-all    Display assembler contents of all sections
  -S, --source             Intermix source code with disassembly
  -s, --full-contents      Display the full contents of all sections requested
  -g, --debugging          Display debug information in object file
  -e, --debugging-tags     Display debug information using ctags style
  -G, --stabs              Display (in raw form) any STABS info in the file
  -W[lLiaprmfFsoRt] or
  --dwarf[=rawline,=decodedline,=info,=abbrev,=pubnames,=aranges,=macro,=frames,
          =frames-interp,=str,=loc,=Ranges,=pubtypes,
          =gdb_index,=trace_info,=trace_abbrev,=trace_aranges,
          =addr,=cu_index]
                           Display DWARF info in the file
  -t, --syms               Display the contents of the symbol table(s)
  -T, --dynamic-syms       Display the contents of the dynamic symbol table
  -r, --reloc              Display the relocation entries in the file
  -R, --dynamic-reloc      Display the dynamic relocation entries in the file
  @<file>                  Read options from <file>
  -v, --version            Display this program's version number
  -i, --info               List object formats and architectures supported
  -H, --help               Display this information

objdump လို႕ရိုက္လိုက္ရင္ ဘယ္ option က ဘာလုပ္တယ္ဆိုတာကိုဖတ္လို႕ရပါတယ္။ ဒါေပမဲ့ က်ေနာ္တို႕အေနနဲ႕ ELF file တစ္ခုနဲ႕စမ္းၾကည့္ရင္ ပိုျပီး ျမင္ပါလိမ့္မယ္။

ELF file structure

elf101

Image Source

https://github.com/corkami/pics/tree/master/binary

file header ကိုၾကည့္မယ္။

root@exploitdev:~/GDB# objdump -f function

function:     file format elf32-i386
architecture: i386, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x08048310

File header contents ေတြကိုၾကည့္မယ္။

root@exploitdev:~/GDB# objdump -p function

function:     file format elf32-i386

Program Header:
    PHDR off    0x00000034 vaddr 0x08048034 paddr 0x08048034 align 2**2
         filesz 0x00000120 memsz 0x00000120 flags r-x
  INTERP off    0x00000154 vaddr 0x08048154 paddr 0x08048154 align 2**0
         filesz 0x00000013 memsz 0x00000013 flags r--
    LOAD off    0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
         filesz 0x00000618 memsz 0x00000618 flags r-x
    LOAD off    0x00000f08 vaddr 0x08049f08 paddr 0x08049f08 align 2**12
         filesz 0x00000114 memsz 0x00000118 flags rw-
 DYNAMIC off    0x00000f14 vaddr 0x08049f14 paddr 0x08049f14 align 2**2
         filesz 0x000000e8 memsz 0x000000e8 flags rw-
    NOTE off    0x00000168 vaddr 0x08048168 paddr 0x08048168 align 2**2
         filesz 0x00000044 memsz 0x00000044 flags r--
EH_FRAME off    0x000004f8 vaddr 0x080484f8 paddr 0x080484f8 align 2**2
         filesz 0x00000034 memsz 0x00000034 flags r--
   STACK off    0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4
         filesz 0x00000000 memsz 0x00000000 flags rw-
   RELRO off    0x00000f08 vaddr 0x08049f08 paddr 0x08049f08 align 2**0
         filesz 0x000000f8 memsz 0x000000f8 flags r--

Dynamic Section:
  NEEDED               libc.so.6
  INIT                 0x080482ac
  FINI                 0x080484c4
  INIT_ARRAY           0x08049f08
  INIT_ARRAYSZ         0x00000004
  FINI_ARRAY           0x08049f0c
  FINI_ARRAYSZ         0x00000004
  GNU_HASH             0x080481ac
  STRTAB               0x0804821c
  SYMTAB               0x080481cc
  STRSZ                0x0000004c
  SYMENT               0x00000010
  DEBUG                0x00000000
  PLTGOT               0x0804a000
  PLTRELSZ             0x00000010
  PLTREL               0x00000011
  JMPREL               0x0804829c
  REL                  0x08048294
  RELSZ                0x00000008
  RELENT               0x00000008
  VERNEED              0x08048274
  VERNEEDNUM           0x00000001
  VERSYM               0x08048268

Version References:
  required from libc.so.6:
    0x0d696910 0x00 02 GLIBC_2.0

ELF file structure ဆိုတဲ့ ပံုထဲက Header အပိုင္းကို objdump နဲ႕ၾကည့္လို႕ရတာသိသြားတာေပါ့ ။ ဒါဆို section ေတြကိုလဲၾကည့္ၾကည့္မယ္။

Sections header ေတြကိုၾကည့္မယ္။

root@exploitdev:~/GDB# objdump -h function

function:     file format elf32-i386

Sections:
Idx Name          Size      VMA       LMA       File off  Algn
  0 .interp       00000013  08048154  08048154  00000154  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  08048168  08048168  00000168  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  08048188  08048188  00000188  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     00000020  080481ac  080481ac  000001ac  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynsym       00000050  080481cc  080481cc  000001cc  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       0000004c  0804821c  0804821c  0000021c  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version  0000000a  08048268  08048268  00000268  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .gnu.version_r 00000020  08048274  08048274  00000274  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rel.dyn      00000008  08048294  08048294  00000294  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .rel.plt      00000010  0804829c  0804829c  0000029c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .init         00000023  080482ac  080482ac  000002ac  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .plt          00000030  080482d0  080482d0  000002d0  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .plt.got      00000008  08048300  08048300  00000300  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .text         000001b2  08048310  08048310  00000310  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .fini         00000014  080484c4  080484c4  000004c4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 15 .rodata       00000020  080484d8  080484d8  000004d8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .eh_frame_hdr 00000034  080484f8  080484f8  000004f8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 17 .eh_frame     000000ec  0804852c  0804852c  0000052c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 18 .init_array   00000004  08049f08  08049f08  00000f08  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 19 .fini_array   00000004  08049f0c  08049f0c  00000f0c  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 20 .jcr          00000004  08049f10  08049f10  00000f10  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 21 .dynamic      000000e8  08049f14  08049f14  00000f14  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 22 .got          00000004  08049ffc  08049ffc  00000ffc  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 23 .got.plt      00000014  0804a000  0804a000  00001000  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 24 .data         00000008  0804a014  0804a014  00001014  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 25 .bss          00000004  0804a01c  0804a01c  0000101c  2**0
                  ALLOC
 26 .comment      00000034  00000000  00000000  0000101c  2**0
                  CONTENTS, READONLY

အေပၚက header ေတြေရာ ရွိသမ်ွ header ေတြအကုန္လံုးကိုၾကည့္မယ္ဆိုရင္ေတာ့

root@exploitdev:~/GDB# objdump -x function

function:     file format elf32-i386
function
architecture: i386, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x08048310

Program Header:
    PHDR off    0x00000034 vaddr 0x08048034 paddr 0x08048034 align 2**2
         filesz 0x00000120 memsz 0x00000120 flags r-x
  INTERP off    0x00000154 vaddr 0x08048154 paddr 0x08048154 align 2**0
         filesz 0x00000013 memsz 0x00000013 flags r--
    LOAD off    0x00000000 vaddr 0x08048000 paddr 0x08048000 align 2**12
         filesz 0x00000618 memsz 0x00000618 flags r-x
    LOAD off    0x00000f08 vaddr 0x08049f08 paddr 0x08049f08 align 2**12
         filesz 0x00000114 memsz 0x00000118 flags rw-
 DYNAMIC off    0x00000f14 vaddr 0x08049f14 paddr 0x08049f14 align 2**2
         filesz 0x000000e8 memsz 0x000000e8 flags rw-
    NOTE off    0x00000168 vaddr 0x08048168 paddr 0x08048168 align 2**2
         filesz 0x00000044 memsz 0x00000044 flags r--
EH_FRAME off    0x000004f8 vaddr 0x080484f8 paddr 0x080484f8 align 2**2
         filesz 0x00000034 memsz 0x00000034 flags r--
   STACK off    0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**4
         filesz 0x00000000 memsz 0x00000000 flags rw-
   RELRO off    0x00000f08 vaddr 0x08049f08 paddr 0x08049f08 align 2**0
         filesz 0x000000f8 memsz 0x000000f8 flags r--

Dynamic Section:
  NEEDED               libc.so.6
  INIT                 0x080482ac
  FINI                 0x080484c4
  INIT_ARRAY           0x08049f08
  INIT_ARRAYSZ         0x00000004
  FINI_ARRAY           0x08049f0c
  FINI_ARRAYSZ         0x00000004
  GNU_HASH             0x080481ac
  STRTAB               0x0804821c
  SYMTAB               0x080481cc
  STRSZ                0x0000004c
  SYMENT               0x00000010
  DEBUG                0x00000000
  PLTGOT               0x0804a000
  PLTRELSZ             0x00000010
  PLTREL               0x00000011
  JMPREL               0x0804829c
  REL                  0x08048294
  RELSZ                0x00000008
  RELENT               0x00000008
  VERNEED              0x08048274
  VERNEEDNUM           0x00000001
  VERSYM               0x08048268

Version References:
  required from libc.so.6:
    0x0d696910 0x00 02 GLIBC_2.0

Sections:
Idx Name          Size      VMA       LMA       File off  Algn
  0 .interp       00000013  08048154  08048154  00000154  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  1 .note.ABI-tag 00000020  08048168  08048168  00000168  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  2 .note.gnu.build-id 00000024  08048188  08048188  00000188  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  3 .gnu.hash     00000020  080481ac  080481ac  000001ac  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  4 .dynsym       00000050  080481cc  080481cc  000001cc  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  5 .dynstr       0000004c  0804821c  0804821c  0000021c  2**0
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  6 .gnu.version  0000000a  08048268  08048268  00000268  2**1
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  7 .gnu.version_r 00000020  08048274  08048274  00000274  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  8 .rel.dyn      00000008  08048294  08048294  00000294  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
  9 .rel.plt      00000010  0804829c  0804829c  0000029c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 10 .init         00000023  080482ac  080482ac  000002ac  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 11 .plt          00000030  080482d0  080482d0  000002d0  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 12 .plt.got      00000008  08048300  08048300  00000300  2**3
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 13 .text         000001b2  08048310  08048310  00000310  2**4
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 14 .fini         00000014  080484c4  080484c4  000004c4  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, CODE
 15 .rodata       00000020  080484d8  080484d8  000004d8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 16 .eh_frame_hdr 00000034  080484f8  080484f8  000004f8  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 17 .eh_frame     000000ec  0804852c  0804852c  0000052c  2**2
                  CONTENTS, ALLOC, LOAD, READONLY, DATA
 18 .init_array   00000004  08049f08  08049f08  00000f08  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 19 .fini_array   00000004  08049f0c  08049f0c  00000f0c  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 20 .jcr          00000004  08049f10  08049f10  00000f10  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 21 .dynamic      000000e8  08049f14  08049f14  00000f14  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 22 .got          00000004  08049ffc  08049ffc  00000ffc  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 23 .got.plt      00000014  0804a000  0804a000  00001000  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 24 .data         00000008  0804a014  0804a014  00001014  2**2
                  CONTENTS, ALLOC, LOAD, DATA
 25 .bss          00000004  0804a01c  0804a01c  0000101c  2**0
                  ALLOC
 26 .comment      00000034  00000000  00000000  0000101c  2**0
                  CONTENTS, READONLY
SYMBOL TABLE:
08048154 l    d  .interp        00000000              .interp
08048168 l    d  .note.ABI-tag  00000000              .note.ABI-tag
08048188 l    d  .note.gnu.build-id     00000000              .note.gnu.build-id
080481ac l    d  .gnu.hash      00000000              .gnu.hash
080481cc l    d  .dynsym        00000000              .dynsym
0804821c l    d  .dynstr        00000000              .dynstr
08048268 l    d  .gnu.version   00000000              .gnu.version
08048274 l    d  .gnu.version_r 00000000              .gnu.version_r
08048294 l    d  .rel.dyn       00000000              .rel.dyn
0804829c l    d  .rel.plt       00000000              .rel.plt
080482ac l    d  .init  00000000              .init
080482d0 l    d  .plt   00000000              .plt
08048300 l    d  .plt.got       00000000              .plt.got
08048310 l    d  .text  00000000              .text
080484c4 l    d  .fini  00000000              .fini
080484d8 l    d  .rodata        00000000              .rodata
080484f8 l    d  .eh_frame_hdr  00000000              .eh_frame_hdr
0804852c l    d  .eh_frame      00000000              .eh_frame
08049f08 l    d  .init_array    00000000              .init_array
08049f0c l    d  .fini_array    00000000              .fini_array
08049f10 l    d  .jcr   00000000              .jcr
08049f14 l    d  .dynamic       00000000              .dynamic
08049ffc l    d  .got   00000000              .got
0804a000 l    d  .got.plt       00000000              .got.plt
0804a014 l    d  .data  00000000              .data
0804a01c l    d  .bss   00000000              .bss
00000000 l    d  .comment       00000000              .comment
00000000 l    df *ABS*  00000000              crtstuff.c
08049f10 l     O .jcr   00000000              __JCR_LIST__
08048350 l     F .text  00000000              deregister_tm_clones
08048380 l     F .text  00000000              register_tm_clones
080483c0 l     F .text  00000000              __do_global_dtors_aux
0804a01c l     O .bss   00000001              completed.7209
08049f0c l     O .fini_array    00000000              __do_global_dtors_aux_fini_array_entry
080483e0 l     F .text  00000000              frame_dummy
08049f08 l     O .init_array    00000000              __frame_dummy_init_array_entry
00000000 l    df *ABS*  00000000              function.c
00000000 l    df *ABS*  00000000              crtstuff.c
08048614 l     O .eh_frame      00000000              __FRAME_END__
08049f10 l     O .jcr   00000000              __JCR_END__
00000000 l    df *ABS*  00000000
08049f0c l       .init_array    00000000              __init_array_end
08049f14 l     O .dynamic       00000000              _DYNAMIC
08049f08 l       .init_array    00000000              __init_array_start
080484f8 l       .eh_frame_hdr  00000000              __GNU_EH_FRAME_HDR
0804a000 l     O .got.plt       00000000              _GLOBAL_OFFSET_TABLE_
080484c0 g     F .text  00000002              __libc_csu_fini
00000000  w      *UND*  00000000              _ITM_deregisterTMCloneTable
08048340 g     F .text  00000004              .hidden __x86.get_pc_thunk.bx
0804a014  w      .data  00000000              data_start
0804840b g     F .text  0000000e              add
00000000       F *UND*  00000000              printf@@GLIBC_2.0
0804a01c g       .data  00000000              _edata
080484c4 g     F .fini  00000000              _fini
0804a014 g       .data  00000000              __data_start
00000000  w      *UND*  00000000              __gmon_start__
0804a018 g     O .data  00000000              .hidden __dso_handle
080484dc g     O .rodata        00000004              _IO_stdin_used
00000000       F *UND*  00000000              __libc_start_main@@GLIBC_2.0
08048460 g     F .text  0000005d              __libc_csu_init
0804a020 g       .bss   00000000              _end
08048310 g     F .text  00000000              _start
080484d8 g     O .rodata        00000004              _fp_hw
0804a01c g       .bss   00000000              __bss_start
08048419 g     F .text  00000040              main
00000000  w      *UND*  00000000              _Jv_RegisterClasses
0804a01c g     O .data  00000000              .hidden __TMC_END__
00000000  w      *UND*  00000000              _ITM_registerTMCloneTable
080482ac g     F .init  00000000              _init

Disassemble လုပ္ၾကည့္မယ္။ sections ေတြအကုန္လံုးကိုလုပ္မွာျဖစ္တယ္။

root@exploitdev:~/GDB# objdump -d function

function:     file format elf32-i386


Disassembly of section .init:

080482ac <_init>:
 80482ac:       53                      push   %ebx
 80482ad:       83 ec 08                sub    $0x8,%esp
 80482b0:       e8 8b 00 00 00          call   8048340 <__x86.get_pc_thunk.bx>
 80482b5:       81 c3 4b 1d 00 00       add    $0x1d4b,%ebx
 80482bb:       8b 83 fc ff ff ff       mov    -0x4(%ebx),%eax
 80482c1:       85 c0                   test   %eax,%eax
 80482c3:       74 05                   je     80482ca <_init+0x1e>
 80482c5:       e8 36 00 00 00          call   8048300 <__libc_start_main@plt+0x10>
 80482ca:       83 c4 08                add    $0x8,%esp
 80482cd:       5b                      pop    %ebx
 80482ce:       c3                      ret

Disassembly of section .plt:

080482d0 <printf@plt-0x10>:
 80482d0:       ff 35 04 a0 04 08       pushl  0x804a004
 80482d6:       ff 25 08 a0 04 08       jmp    *0x804a008
 80482dc:       00 00                   add    %al,(%eax)
        ...

080482e0 <printf@plt>:
 80482e0:       ff 25 0c a0 04 08       jmp    *0x804a00c
 80482e6:       68 00 00 00 00          push   $0x0
 80482eb:       e9 e0 ff ff ff          jmp    80482d0 <_init+0x24>

080482f0 <__libc_start_main@plt>:
 80482f0:       ff 25 10 a0 04 08       jmp    *0x804a010
 80482f6:       68 08 00 00 00          push   $0x8
 80482fb:       e9 d0 ff ff ff          jmp    80482d0 <_init+0x24>

Disassembly of section .plt.got:

08048300 <.plt.got>:
 8048300:       ff 25 fc 9f 04 08       jmp    *0x8049ffc
 8048306:       66 90                   xchg   %ax,%ax

Disassembly of section .text:

08048310 <_start>:
 8048310:       31 ed                   xor    %ebp,%ebp
 8048312:       5e                      pop    %esi
 8048313:       89 e1                   mov    %esp,%ecx
 8048315:       83 e4 f0                and    $0xfffffff0,%esp
 8048318:       50                      push   %eax
 8048319:       54                      push   %esp
 804831a:       52                      push   %edx
 804831b:       68 c0 84 04 08          push   $0x80484c0
 8048320:       68 60 84 04 08          push   $0x8048460
 8048325:       51                      push   %ecx
 8048326:       56                      push   %esi
 8048327:       68 19 84 04 08          push   $0x8048419
 804832c:       e8 bf ff ff ff          call   80482f0 <__libc_start_main@plt>
 8048331:       f4                      hlt
 8048332:       66 90                   xchg   %ax,%ax
 8048334:       66 90                   xchg   %ax,%ax
 8048336:       66 90                   xchg   %ax,%ax
 8048338:       66 90                   xchg   %ax,%ax
 804833a:       66 90                   xchg   %ax,%ax
 804833c:       66 90                   xchg   %ax,%ax
 804833e:       66 90                   xchg   %ax,%ax

08048340 <__x86.get_pc_thunk.bx>:
 8048340:       8b 1c 24                mov    (%esp),%ebx
 8048343:       c3                      ret
 8048344:       66 90                   xchg   %ax,%ax
 8048346:       66 90                   xchg   %ax,%ax
 8048348:       66 90                   xchg   %ax,%ax
 804834a:       66 90                   xchg   %ax,%ax
 804834c:       66 90                   xchg   %ax,%ax
 804834e:       66 90                   xchg   %ax,%ax

08048350 <deregister_tm_clones>:
 8048350:       b8 1f a0 04 08          mov    $0x804a01f,%eax
 8048355:       2d 1c a0 04 08          sub    $0x804a01c,%eax
 804835a:       83 f8 06                cmp    $0x6,%eax
 804835d:       76 1a                   jbe    8048379 <deregister_tm_clones+0x29>
 804835f:       b8 00 00 00 00          mov    $0x0,%eax
 8048364:       85 c0                   test   %eax,%eax
 8048366:       74 11                   je     8048379 <deregister_tm_clones+0x29>
 8048368:       55                      push   %ebp
 8048369:       89 e5                   mov    %esp,%ebp
 804836b:       83 ec 14                sub    $0x14,%esp
 804836e:       68 1c a0 04 08          push   $0x804a01c
 8048373:       ff d0                   call   *%eax
 8048375:       83 c4 10                add    $0x10,%esp
 8048378:       c9                      leave
 8048379:       f3 c3                   repz ret
 804837b:       90                      nop
 804837c:       8d 74 26 00             lea    0x0(%esi,%eiz,1),%esi

08048380 <register_tm_clones>:
 8048380:       b8 1c a0 04 08          mov    $0x804a01c,%eax
 8048385:       2d 1c a0 04 08          sub    $0x804a01c,%eax
 804838a:       c1 f8 02                sar    $0x2,%eax
 804838d:       89 c2                   mov    %eax,%edx
 804838f:       c1 ea 1f                shr    $0x1f,%edx
 8048392:       01 d0                   add    %edx,%eax
 8048394:       d1 f8                   sar    %eax
 8048396:       74 1b                   je     80483b3 <register_tm_clones+0x33>
 8048398:       ba 00 00 00 00          mov    $0x0,%edx
 804839d:       85 d2                   test   %edx,%edx
 804839f:       74 12                   je     80483b3 <register_tm_clones+0x33>
 80483a1:       55                      push   %ebp
 80483a2:       89 e5                   mov    %esp,%ebp
 80483a4:       83 ec 10                sub    $0x10,%esp
 80483a7:       50                      push   %eax
 80483a8:       68 1c a0 04 08          push   $0x804a01c
 80483ad:       ff d2                   call   *%edx
 80483af:       83 c4 10                add    $0x10,%esp
 80483b2:       c9                      leave
 80483b3:       f3 c3                   repz ret
 80483b5:       8d 74 26 00             lea    0x0(%esi,%eiz,1),%esi
 80483b9:       8d bc 27 00 00 00 00    lea    0x0(%edi,%eiz,1),%edi

080483c0 <__do_global_dtors_aux>:
 80483c0:       80 3d 1c a0 04 08 00    cmpb   $0x0,0x804a01c
 80483c7:       75 13                   jne    80483dc <__do_global_dtors_aux+0x1c>
 80483c9:       55                      push   %ebp
 80483ca:       89 e5                   mov    %esp,%ebp
 80483cc:       83 ec 08                sub    $0x8,%esp
 80483cf:       e8 7c ff ff ff          call   8048350 <deregister_tm_clones>
 80483d4:       c6 05 1c a0 04 08 01    movb   $0x1,0x804a01c
 80483db:       c9                      leave
 80483dc:       f3 c3                   repz ret
 80483de:       66 90                   xchg   %ax,%ax

080483e0 <frame_dummy>:
 80483e0:       b8 10 9f 04 08          mov    $0x8049f10,%eax
 80483e5:       8b 10                   mov    (%eax),%edx
 80483e7:       85 d2                   test   %edx,%edx
 80483e9:       75 05                   jne    80483f0 <frame_dummy+0x10>
 80483eb:       eb 93                   jmp    8048380 <register_tm_clones>
 80483ed:       8d 76 00                lea    0x0(%esi),%esi
 80483f0:       ba 00 00 00 00          mov    $0x0,%edx
 80483f5:       85 d2                   test   %edx,%edx
 80483f7:       74 f2                   je     80483eb <frame_dummy+0xb>
 80483f9:       55                      push   %ebp
 80483fa:       89 e5                   mov    %esp,%ebp
 80483fc:       83 ec 14                sub    $0x14,%esp
 80483ff:       50                      push   %eax
 8048400:       ff d2                   call   *%edx
 8048402:       83 c4 10                add    $0x10,%esp
 8048405:       c9                      leave
 8048406:       e9 75 ff ff ff          jmp    8048380 <register_tm_clones>

0804840b <add>:
 804840b:       55                      push   %ebp
 804840c:       89 e5                   mov    %esp,%ebp
 804840e:       8b 45 0c                mov    0xc(%ebp),%eax
 8048411:       01 45 08                add    %eax,0x8(%ebp)
 8048414:       8b 45 08                mov    0x8(%ebp),%eax
 8048417:       5d                      pop    %ebp
 8048418:       c3                      ret

08048419 <main>:
 8048419:       8d 4c 24 04             lea    0x4(%esp),%ecx
 804841d:       83 e4 f0                and    $0xfffffff0,%esp
 8048420:       ff 71 fc                pushl  -0x4(%ecx)
 8048423:       55                      push   %ebp
 8048424:       89 e5                   mov    %esp,%ebp
 8048426:       51                      push   %ecx
 8048427:       83 ec 14                sub    $0x14,%esp
 804842a:       6a 03                   push   $0x3
 804842c:       6a 02                   push   $0x2
 804842e:       e8 d8 ff ff ff          call   804840b <add>
 8048433:       83 c4 08                add    $0x8,%esp
 8048436:       89 45 f4                mov    %eax,-0xc(%ebp)
 8048439:       83 ec 08                sub    $0x8,%esp
 804843c:       ff 75 f4                pushl  -0xc(%ebp)
 804843f:       68 e0 84 04 08          push   $0x80484e0
 8048444:       e8 97 fe ff ff          call   80482e0 <printf@plt>
 8048449:       83 c4 10                add    $0x10,%esp
 804844c:       b8 00 00 00 00          mov    $0x0,%eax
 8048451:       8b 4d fc                mov    -0x4(%ebp),%ecx
 8048454:       c9                      leave
 8048455:       8d 61 fc                lea    -0x4(%ecx),%esp
 8048458:       c3                      ret
 8048459:       66 90                   xchg   %ax,%ax
 804845b:       66 90                   xchg   %ax,%ax
 804845d:       66 90                   xchg   %ax,%ax
 804845f:       90                      nop

08048460 <__libc_csu_init>:
 8048460:       55                      push   %ebp
 8048461:       57                      push   %edi
 8048462:       56                      push   %esi
 8048463:       53                      push   %ebx
 8048464:       e8 d7 fe ff ff          call   8048340 <__x86.get_pc_thunk.bx>
 8048469:       81 c3 97 1b 00 00       add    $0x1b97,%ebx
 804846f:       83 ec 0c                sub    $0xc,%esp
 8048472:       8b 6c 24 20             mov    0x20(%esp),%ebp
 8048476:       8d b3 0c ff ff ff       lea    -0xf4(%ebx),%esi
 804847c:       e8 2b fe ff ff          call   80482ac <_init>
 8048481:       8d 83 08 ff ff ff       lea    -0xf8(%ebx),%eax
 8048487:       29 c6                   sub    %eax,%esi
 8048489:       c1 fe 02                sar    $0x2,%esi
 804848c:       85 f6                   test   %esi,%esi
 804848e:       74 25                   je     80484b5 <__libc_csu_init+0x55>
 8048490:       31 ff                   xor    %edi,%edi
 8048492:       8d b6 00 00 00 00       lea    0x0(%esi),%esi
 8048498:       83 ec 04                sub    $0x4,%esp
 804849b:       ff 74 24 2c             pushl  0x2c(%esp)
 804849f:       ff 74 24 2c             pushl  0x2c(%esp)
 80484a3:       55                      push   %ebp
 80484a4:       ff 94 bb 08 ff ff ff    call   *-0xf8(%ebx,%edi,4)
 80484ab:       83 c7 01                add    $0x1,%edi
 80484ae:       83 c4 10                add    $0x10,%esp
 80484b1:       39 f7                   cmp    %esi,%edi
 80484b3:       75 e3                   jne    8048498 <__libc_csu_init+0x38>
 80484b5:       83 c4 0c                add    $0xc,%esp
 80484b8:       5b                      pop    %ebx
 80484b9:       5e                      pop    %esi
 80484ba:       5f                      pop    %edi
 80484bb:       5d                      pop    %ebp
 80484bc:       c3                      ret
 80484bd:       8d 76 00                lea    0x0(%esi),%esi

080484c0 <__libc_csu_fini>:
 80484c0:       f3 c3                   repz ret

Disassembly of section .fini:

080484c4 <_fini>:
 80484c4:       53                      push   %ebx
 80484c5:       83 ec 08                sub    $0x8,%esp
 80484c8:       e8 73 fe ff ff          call   8048340 <__x86.get_pc_thunk.bx>
 80484cd:       81 c3 33 1b 00 00       add    $0x1b33,%ebx
 80484d3:       83 c4 08                add    $0x8,%esp
 80484d6:       5b                      pop    %ebx
 80484d7:       c3                      ret

Disassembly ရဲ႕ section ေတြကိုေတာ့သက္သက္ထပ္ေလ့လာၾကမယ္။

-D နဲ႕ disassemble all လုပ္ၾကည့္မယ္။

root@exploitdev:~/GDB# objdump -D function

function:     file format elf32-i386


Disassembly of section .interp:

08048154 <.interp>:
 8048154:       2f                      das
 8048155:       6c                      insb   (%dx),%es:(%edi)
 8048156:       69 62 2f 6c 64 2d 6c    imul   $0x6c2d646c,0x2f(%edx),%esp
 804815d:       69 6e 75 78 2e 73 6f    imul   $0x6f732e78,0x75(%esi),%ebp
 8048164:       2e 32 00                xor    %cs:(%eax),%al

Disassembly of section .note.ABI-tag:

08048168 <.note.ABI-tag>:
 8048168:       04 00                   add    $0x0,%al
 804816a:       00 00                   add    %al,(%eax)
 804816c:       10 00                   adc    %al,(%eax)
 804816e:       00 00                   add    %al,(%eax)
 8048170:       01 00                   add    %eax,(%eax)
 8048172:       00 00                   add    %al,(%eax)
 8048174:       47                      inc    %edi
 8048175:       4e                      dec    %esi
 8048176:       55                      push   %ebp
 8048177:       00 00                   add    %al,(%eax)
 8048179:       00 00                   add    %al,(%eax)
 804817b:       00 02                   add    %al,(%edx)
 804817d:       00 00                   add    %al,(%eax)
 804817f:       00 06                   add    %al,(%esi)
 8048181:       00 00                   add    %al,(%eax)
 8048183:       00 20                   add    %ah,(%eax)
 8048185:       00 00                   add    %al,(%eax)
        ...

Disassembly of section .note.gnu.build-id:

08048188 <.note.gnu.build-id>:
 8048188:       04 00                   add    $0x0,%al
 804818a:       00 00                   add    %al,(%eax)
 804818c:       14 00                   adc    $0x0,%al
 804818e:       00 00                   add    %al,(%eax)
 8048190:       03 00                   add    (%eax),%eax
 8048192:       00 00                   add    %al,(%eax)
 8048194:       47                      inc    %edi
 8048195:       4e                      dec    %esi
 8048196:       55                      push   %ebp
 8048197:       00 b6 16 36 97 a1       add    %dh,-0x5e68c9ea(%esi)
 804819d:       f0 ff 43 34             lock incl 0x34(%ebx)
 80481a1:       f8                      clc
 80481a2:       5f                      pop    %edi
 80481a3:       46                      inc    %esi
 80481a4:       21 7b 7c                and    %edi,0x7c(%ebx)
 80481a7:       11                      .byte 0x11
 80481a8:       b5 17                   mov    $0x17,%ch
 80481aa:       6b                      .byte 0x6b
 80481ab:       5a                      pop    %edx

Disassembly of section .gnu.hash:

080481ac <.gnu.hash>:
 80481ac:       02 00                   add    (%eax),%al
 80481ae:       00 00                   add    %al,(%eax)
 80481b0:       04 00                   add    $0x0,%al
 80481b2:       00 00                   add    %al,(%eax)
 80481b4:       01 00                   add    %eax,(%eax)
 80481b6:       00 00                   add    %al,(%eax)
 80481b8:       05 00 00 00 00          add    $0x0,%eax
 80481bd:       20 00                   and    %al,(%eax)
 80481bf:       20 00                   and    %al,(%eax)
 80481c1:       00 00                   add    %al,(%eax)
 80481c3:       00 04 00                add    %al,(%eax,%eax,1)
 80481c6:       00 00                   add    %al,(%eax)
 80481c8:       ad                      lods   %ds:(%esi),%eax
 80481c9:       4b                      dec    %ebx
 80481ca:       e3 c0                   jecxz  804818c <_init-0x120>

Disassembly of section .dynsym:

080481cc <.dynsym>:
        ...
 80481dc:       1a 00                   sbb    (%eax),%al
        ...
 80481e6:       00 00                   add    %al,(%eax)
 80481e8:       12 00                   adc    (%eax),%al
 80481ea:       00 00                   add    %al,(%eax)
 80481ec:       33 00                   xor    (%eax),%eax
        ...
 80481f6:       00 00                   add    %al,(%eax)
 80481f8:       20 00                   and    %al,(%eax)
 80481fa:       00 00                   add    %al,(%eax)
 80481fc:       21 00                   and    %eax,(%eax)
        ...
 8048206:       00 00                   add    %al,(%eax)
 8048208:       12 00                   adc    (%eax),%al
 804820a:       00 00                   add    %al,(%eax)
 804820c:       0b 00                   or     (%eax),%eax
 804820e:       00 00                   add    %al,(%eax)
 8048210:       dc 84 04 08 04 00 00    faddl  0x408(%esp,%eax,1)
 8048217:       00 11                   add    %dl,(%ecx)
 8048219:       00 10                   add    %dl,(%eax)
        ...

Disassembly of section .dynstr:

0804821c <.dynstr>:
 804821c:       00 6c 69 62             add    %ch,0x62(%ecx,%ebp,2)
 8048220:       63 2e                   arpl   %bp,(%esi)
 8048222:       73 6f                   jae    8048293 <_init-0x19>
 8048224:       2e 36 00 5f 49          cs add %bl,%ss:0x49(%edi)
 8048229:       4f                      dec    %edi
 804822a:       5f                      pop    %edi
 804822b:       73 74                   jae    80482a1 <_init-0xb>
 804822d:       64 69 6e 5f 75 73 65    imul   $0x64657375,%fs:0x5f(%esi),%ebp
 8048234:       64
 8048235:       00 70 72                add    %dh,0x72(%eax)
 8048238:       69 6e 74 66 00 5f 5f    imul   $0x5f5f0066,0x74(%esi),%ebp
 804823f:       6c                      insb   (%dx),%es:(%edi)
 8048240:       69 62 63 5f 73 74 61    imul   $0x6174735f,0x63(%edx),%esp
 8048247:       72 74                   jb     80482bd <_init+0x11>
 8048249:       5f                      pop    %edi
 804824a:       6d                      insl   (%dx),%es:(%edi)
 804824b:       61                      popa
 804824c:       69 6e 00 5f 5f 67 6d    imul   $0x6d675f5f,0x0(%esi),%ebp
 8048253:       6f                      outsl  %ds:(%esi),(%dx)
 8048254:       6e                      outsb  %ds:(%esi),(%dx)
 8048255:       5f                      pop    %edi
 8048256:       73 74                   jae    80482cc <_init+0x20>
 8048258:       61                      popa
 8048259:       72 74                   jb     80482cf <_init+0x23>
 804825b:       5f                      pop    %edi
 804825c:       5f                      pop    %edi
 804825d:       00 47 4c                add    %al,0x4c(%edi)
 8048260:       49                      dec    %ecx
 8048261:       42                      inc    %edx
 8048262:       43                      inc    %ebx
 8048263:       5f                      pop    %edi
 8048264:       32 2e                   xor    (%esi),%ch
 8048266:       30 00                   xor    %al,(%eax)

Disassembly of section .gnu.version:

08048268 <.gnu.version>:
 8048268:       00 00                   add    %al,(%eax)
 804826a:       02 00                   add    (%eax),%al
 804826c:       00 00                   add    %al,(%eax)
 804826e:       02 00                   add    (%eax),%al
 8048270:       01 00                   add    %eax,(%eax)

Disassembly of section .gnu.version_r:

08048274 <.gnu.version_r>:
 8048274:       01 00                   add    %eax,(%eax)
 8048276:       01 00                   add    %eax,(%eax)
 8048278:       01 00                   add    %eax,(%eax)
 804827a:       00 00                   add    %al,(%eax)
 804827c:       10 00                   adc    %al,(%eax)
 804827e:       00 00                   add    %al,(%eax)
 8048280:       00 00                   add    %al,(%eax)
 8048282:       00 00                   add    %al,(%eax)
 8048284:       10 69 69                adc    %ch,0x69(%ecx)
 8048287:       0d 00 00 02 00          or     $0x20000,%eax
 804828c:       42                      inc    %edx
 804828d:       00 00                   add    %al,(%eax)
 804828f:       00 00                   add    %al,(%eax)
 8048291:       00 00                   add    %al,(%eax)
        ...

Disassembly of section .rel.dyn:

08048294 <.rel.dyn>:
 8048294:       fc                      cld
 8048295:       9f                      lahf
 8048296:       04 08                   add    $0x8,%al
 8048298:       06                      push   %es
 8048299:       02 00                   add    (%eax),%al
        ...

Disassembly of section .rel.plt:

0804829c <.rel.plt>:
 804829c:       0c a0                   or     $0xa0,%al
 804829e:       04 08                   add    $0x8,%al
 80482a0:       07                      pop    %es
 80482a1:       01 00                   add    %eax,(%eax)
 80482a3:       00 10                   add    %dl,(%eax)
 80482a5:       a0 04 08 07 03          mov    0x3070804,%al
        ...

Disassembly of section .init:

080482ac <_init>:
 80482ac:       53                      push   %ebx
 80482ad:       83 ec 08                sub    $0x8,%esp
 80482b0:       e8 8b 00 00 00          call   8048340 <__x86.get_pc_thunk.bx>
 80482b5:       81 c3 4b 1d 00 00       add    $0x1d4b,%ebx
 80482bb:       8b 83 fc ff ff ff       mov    -0x4(%ebx),%eax
 80482c1:       85 c0                   test   %eax,%eax
 80482c3:       74 05                   je     80482ca <_init+0x1e>
 80482c5:       e8 36 00 00 00          call   8048300 <__libc_start_main@plt+0x10>
 80482ca:       83 c4 08                add    $0x8,%esp
 80482cd:       5b                      pop    %ebx
 80482ce:       c3                      ret

Disassembly of section .plt:

080482d0 <printf@plt-0x10>:
 80482d0:       ff 35 04 a0 04 08       pushl  0x804a004
 80482d6:       ff 25 08 a0 04 08       jmp    *0x804a008
 80482dc:       00 00                   add    %al,(%eax)
        ...

080482e0 <printf@plt>:
 80482e0:       ff 25 0c a0 04 08       jmp    *0x804a00c
 80482e6:       68 00 00 00 00          push   $0x0
 80482eb:       e9 e0 ff ff ff          jmp    80482d0 <_init+0x24>

080482f0 <__libc_start_main@plt>:
 80482f0:       ff 25 10 a0 04 08       jmp    *0x804a010
 80482f6:       68 08 00 00 00          push   $0x8
 80482fb:       e9 d0 ff ff ff          jmp    80482d0 <_init+0x24>

Disassembly of section .plt.got:

08048300 <.plt.got>:
 8048300:       ff 25 fc 9f 04 08       jmp    *0x8049ffc
 8048306:       66 90                   xchg   %ax,%ax

Disassembly of section .text:

08048310 <_start>:
 8048310:       31 ed                   xor    %ebp,%ebp
 8048312:       5e                      pop    %esi
 8048313:       89 e1                   mov    %esp,%ecx
 8048315:       83 e4 f0                and    $0xfffffff0,%esp
 8048318:       50                      push   %eax
 8048319:       54                      push   %esp
 804831a:       52                      push   %edx
 804831b:       68 c0 84 04 08          push   $0x80484c0
 8048320:       68 60 84 04 08          push   $0x8048460
 8048325:       51                      push   %ecx
 8048326:       56                      push   %esi
 8048327:       68 19 84 04 08          push   $0x8048419
 804832c:       e8 bf ff ff ff          call   80482f0 <__libc_start_main@plt>
 8048331:       f4                      hlt
 8048332:       66 90                   xchg   %ax,%ax
 8048334:       66 90                   xchg   %ax,%ax
 8048336:       66 90                   xchg   %ax,%ax
 8048338:       66 90                   xchg   %ax,%ax
 804833a:       66 90                   xchg   %ax,%ax
 804833c:       66 90                   xchg   %ax,%ax
 804833e:       66 90                   xchg   %ax,%ax

08048340 <__x86.get_pc_thunk.bx>:
 8048340:       8b 1c 24                mov    (%esp),%ebx
 8048343:       c3                      ret
 8048344:       66 90                   xchg   %ax,%ax
 8048346:       66 90                   xchg   %ax,%ax
 8048348:       66 90                   xchg   %ax,%ax
 804834a:       66 90                   xchg   %ax,%ax
 804834c:       66 90                   xchg   %ax,%ax
 804834e:       66 90                   xchg   %ax,%ax

08048350 <deregister_tm_clones>:
 8048350:       b8 1f a0 04 08          mov    $0x804a01f,%eax
 8048355:       2d 1c a0 04 08          sub    $0x804a01c,%eax
 804835a:       83 f8 06                cmp    $0x6,%eax
 804835d:       76 1a                   jbe    8048379 <deregister_tm_clones+0x29>
 804835f:       b8 00 00 00 00          mov    $0x0,%eax
 8048364:       85 c0                   test   %eax,%eax
 8048366:       74 11                   je     8048379 <deregister_tm_clones+0x29>
 8048368:       55                      push   %ebp
 8048369:       89 e5                   mov    %esp,%ebp
 804836b:       83 ec 14                sub    $0x14,%esp
 804836e:       68 1c a0 04 08          push   $0x804a01c
 8048373:       ff d0                   call   *%eax
 8048375:       83 c4 10                add    $0x10,%esp
 8048378:       c9                      leave
 8048379:       f3 c3                   repz ret
 804837b:       90                      nop
 804837c:       8d 74 26 00             lea    0x0(%esi,%eiz,1),%esi

08048380 <register_tm_clones>:
 8048380:       b8 1c a0 04 08          mov    $0x804a01c,%eax
 8048385:       2d 1c a0 04 08          sub    $0x804a01c,%eax
 804838a:       c1 f8 02                sar    $0x2,%eax
 804838d:       89 c2                   mov    %eax,%edx
 804838f:       c1 ea 1f                shr    $0x1f,%edx
 8048392:       01 d0                   add    %edx,%eax
 8048394:       d1 f8                   sar    %eax
 8048396:       74 1b                   je     80483b3 <register_tm_clones+0x33>
 8048398:       ba 00 00 00 00          mov    $0x0,%edx
 804839d:       85 d2                   test   %edx,%edx
 804839f:       74 12                   je     80483b3 <register_tm_clones+0x33>
 80483a1:       55                      push   %ebp
 80483a2:       89 e5                   mov    %esp,%ebp
 80483a4:       83 ec 10                sub    $0x10,%esp
 80483a7:       50                      push   %eax
 80483a8:       68 1c a0 04 08          push   $0x804a01c
 80483ad:       ff d2                   call   *%edx
 80483af:       83 c4 10                add    $0x10,%esp
 80483b2:       c9                      leave
 80483b3:       f3 c3                   repz ret
 80483b5:       8d 74 26 00             lea    0x0(%esi,%eiz,1),%esi
 80483b9:       8d bc 27 00 00 00 00    lea    0x0(%edi,%eiz,1),%edi

080483c0 <__do_global_dtors_aux>:
 80483c0:       80 3d 1c a0 04 08 00    cmpb   $0x0,0x804a01c
 80483c7:       75 13                   jne    80483dc <__do_global_dtors_aux+0x1c>
 80483c9:       55                      push   %ebp
 80483ca:       89 e5                   mov    %esp,%ebp
 80483cc:       83 ec 08                sub    $0x8,%esp
 80483cf:       e8 7c ff ff ff          call   8048350 <deregister_tm_clones>
 80483d4:       c6 05 1c a0 04 08 01    movb   $0x1,0x804a01c
 80483db:       c9                      leave
 80483dc:       f3 c3                   repz ret
 80483de:       66 90                   xchg   %ax,%ax

080483e0 <frame_dummy>:
 80483e0:       b8 10 9f 04 08          mov    $0x8049f10,%eax
 80483e5:       8b 10                   mov    (%eax),%edx
 80483e7:       85 d2                   test   %edx,%edx
 80483e9:       75 05                   jne    80483f0 <frame_dummy+0x10>
 80483eb:       eb 93                   jmp    8048380 <register_tm_clones>
 80483ed:       8d 76 00                lea    0x0(%esi),%esi
 80483f0:       ba 00 00 00 00          mov    $0x0,%edx
 80483f5:       85 d2                   test   %edx,%edx
 80483f7:       74 f2                   je     80483eb <frame_dummy+0xb>
 80483f9:       55                      push   %ebp
 80483fa:       89 e5                   mov    %esp,%ebp
 80483fc:       83 ec 14                sub    $0x14,%esp
 80483ff:       50                      push   %eax
 8048400:       ff d2                   call   *%edx
 8048402:       83 c4 10                add    $0x10,%esp
 8048405:       c9                      leave
 8048406:       e9 75 ff ff ff          jmp    8048380 <register_tm_clones>

0804840b <add>:
 804840b:       55                      push   %ebp
 804840c:       89 e5                   mov    %esp,%ebp
 804840e:       8b 45 0c                mov    0xc(%ebp),%eax
 8048411:       01 45 08                add    %eax,0x8(%ebp)
 8048414:       8b 45 08                mov    0x8(%ebp),%eax
 8048417:       5d                      pop    %ebp
 8048418:       c3                      ret

08048419 <main>:
 8048419:       8d 4c 24 04             lea    0x4(%esp),%ecx
 804841d:       83 e4 f0                and    $0xfffffff0,%esp
 8048420:       ff 71 fc                pushl  -0x4(%ecx)
 8048423:       55                      push   %ebp
 8048424:       89 e5                   mov    %esp,%ebp
 8048426:       51                      push   %ecx
 8048427:       83 ec 14                sub    $0x14,%esp
 804842a:       6a 03                   push   $0x3
 804842c:       6a 02                   push   $0x2
 804842e:       e8 d8 ff ff ff          call   804840b <add>
 8048433:       83 c4 08                add    $0x8,%esp
 8048436:       89 45 f4                mov    %eax,-0xc(%ebp)
 8048439:       83 ec 08                sub    $0x8,%esp
 804843c:       ff 75 f4                pushl  -0xc(%ebp)
 804843f:       68 e0 84 04 08          push   $0x80484e0
 8048444:       e8 97 fe ff ff          call   80482e0 <printf@plt>
 8048449:       83 c4 10                add    $0x10,%esp
 804844c:       b8 00 00 00 00          mov    $0x0,%eax
 8048451:       8b 4d fc                mov    -0x4(%ebp),%ecx
 8048454:       c9                      leave
 8048455:       8d 61 fc                lea    -0x4(%ecx),%esp
 8048458:       c3                      ret
 8048459:       66 90                   xchg   %ax,%ax
 804845b:       66 90                   xchg   %ax,%ax
 804845d:       66 90                   xchg   %ax,%ax
 804845f:       90                      nop

08048460 <__libc_csu_init>:
 8048460:       55                      push   %ebp
 8048461:       57                      push   %edi
 8048462:       56                      push   %esi
 8048463:       53                      push   %ebx
 8048464:       e8 d7 fe ff ff          call   8048340 <__x86.get_pc_thunk.bx>
 8048469:       81 c3 97 1b 00 00       add    $0x1b97,%ebx
 804846f:       83 ec 0c                sub    $0xc,%esp
 8048472:       8b 6c 24 20             mov    0x20(%esp),%ebp
 8048476:       8d b3 0c ff ff ff       lea    -0xf4(%ebx),%esi
 804847c:       e8 2b fe ff ff          call   80482ac <_init>
 8048481:       8d 83 08 ff ff ff       lea    -0xf8(%ebx),%eax
 8048487:       29 c6                   sub    %eax,%esi
 8048489:       c1 fe 02                sar    $0x2,%esi
 804848c:       85 f6                   test   %esi,%esi
 804848e:       74 25                   je     80484b5 <__libc_csu_init+0x55>
 8048490:       31 ff                   xor    %edi,%edi
 8048492:       8d b6 00 00 00 00       lea    0x0(%esi),%esi
 8048498:       83 ec 04                sub    $0x4,%esp
 804849b:       ff 74 24 2c             pushl  0x2c(%esp)
 804849f:       ff 74 24 2c             pushl  0x2c(%esp)
 80484a3:       55                      push   %ebp
 80484a4:       ff 94 bb 08 ff ff ff    call   *-0xf8(%ebx,%edi,4)
 80484ab:       83 c7 01                add    $0x1,%edi
 80484ae:       83 c4 10                add    $0x10,%esp
 80484b1:       39 f7                   cmp    %esi,%edi
 80484b3:       75 e3                   jne    8048498 <__libc_csu_init+0x38>
 80484b5:       83 c4 0c                add    $0xc,%esp
 80484b8:       5b                      pop    %ebx
 80484b9:       5e                      pop    %esi
 80484ba:       5f                      pop    %edi
 80484bb:       5d                      pop    %ebp
 80484bc:       c3                      ret
 80484bd:       8d 76 00                lea    0x0(%esi),%esi

080484c0 <__libc_csu_fini>:
 80484c0:       f3 c3                   repz ret

Disassembly of section .fini:

080484c4 <_fini>:
 80484c4:       53                      push   %ebx
 80484c5:       83 ec 08                sub    $0x8,%esp
 80484c8:       e8 73 fe ff ff          call   8048340 <__x86.get_pc_thunk.bx>
 80484cd:       81 c3 33 1b 00 00       add    $0x1b33,%ebx
 80484d3:       83 c4 08                add    $0x8,%esp
 80484d6:       5b                      pop    %ebx
 80484d7:       c3                      ret

Disassembly of section .rodata:

080484d8 <_fp_hw>:
 80484d8:       03 00                   add    (%eax),%eax
        ...

080484dc <_IO_stdin_used>:
 80484dc:       01 00                   add    %eax,(%eax)
 80484de:       02 00                   add    (%eax),%al
 80484e0:       52                      push   %edx
 80484e1:       65 74 72                gs je  8048556 <__GNU_EH_FRAME_HDR+0x5e>
 80484e4:       75 6e                   jne    8048554 <__GNU_EH_FRAME_HDR+0x5c>
 80484e6:       65 64 20 66 72          gs and %ah,%fs:0x72(%esi)
 80484eb:       6f                      outsl  %ds:(%esi),(%dx)
 80484ec:       6d                      insl   (%dx),%es:(%edi)
 80484ed:       20 61 64                and    %ah,0x64(%ecx)
 80484f0:       64 28 29                sub    %ch,%fs:(%ecx)
 80484f3:       20                      .byte 0x20
 80484f4:       3d                      .byte 0x3d
 80484f5:       25                      .byte 0x25
 80484f6:       64                      fs
        ...

Disassembly of section .eh_frame_hdr:

080484f8 <__GNU_EH_FRAME_HDR>:
 80484f8:       01 1b                   add    %ebx,(%ebx)
 80484fa:       03 3b                   add    (%ebx),%edi
 80484fc:       30 00                   xor    %al,(%eax)
 80484fe:       00 00                   add    %al,(%eax)
 8048500:       05 00 00 00 d8          add    $0xd8000000,%eax
 8048505:       fd                      std
 8048506:       ff                      (bad)
 8048507:       ff 4c 00 00             decl   0x0(%eax,%eax,1)
 804850b:       00 13                   add    %dl,(%ebx)
 804850d:       ff                      (bad)
 804850e:       ff                      (bad)
 804850f:       ff 70 00                pushl  0x0(%eax)
 8048512:       00 00                   add    %al,(%eax)
 8048514:       21 ff                   and    %edi,%edi
 8048516:       ff                      (bad)
 8048517:       ff 90 00 00 00 68       call   *0x68000000(%eax)
 804851d:       ff                      (bad)
 804851e:       ff                      (bad)
 804851f:       ff                      (bad)
 8048520:       bc 00 00 00 c8          mov    $0xc8000000,%esp
 8048525:       ff                      (bad)
 8048526:       ff                      (bad)
 8048527:       ff 08                   decl   (%eax)
 8048529:       01 00                   add    %eax,(%eax)
        ...

Disassembly of section .eh_frame:

0804852c <__FRAME_END__-0xe8>:
 804852c:       14 00                   adc    $0x0,%al
 804852e:       00 00                   add    %al,(%eax)
 8048530:       00 00                   add    %al,(%eax)
 8048532:       00 00                   add    %al,(%eax)
 8048534:       01 7a 52                add    %edi,0x52(%edx)
 8048537:       00 01                   add    %al,(%ecx)
 8048539:       7c 08                   jl     8048543 <__GNU_EH_FRAME_HDR+0x4b>
 804853b:       01 1b                   add    %ebx,(%ebx)
 804853d:       0c 04                   or     $0x4,%al
 804853f:       04 88                   add    $0x88,%al
 8048541:       01 00                   add    %eax,(%eax)
 8048543:       00 20                   add    %ah,(%eax)
 8048545:       00 00                   add    %al,(%eax)
 8048547:       00 1c 00                add    %bl,(%eax,%eax,1)
 804854a:       00 00                   add    %al,(%eax)
 804854c:       84 fd                   test   %bh,%ch
 804854e:       ff                      (bad)
 804854f:       ff 30                   pushl  (%eax)
 8048551:       00 00                   add    %al,(%eax)
 8048553:       00 00                   add    %al,(%eax)
 8048555:       0e                      push   %cs
 8048556:       08 46 0e                or     %al,0xe(%esi)
 8048559:       0c 4a                   or     $0x4a,%al
 804855b:       0f 0b                   ud2
 804855d:       74 04                   je     8048563 <__GNU_EH_FRAME_HDR+0x6b>
 804855f:       78 00                   js     8048561 <__GNU_EH_FRAME_HDR+0x69>
 8048561:       3f                      aas
 8048562:       1a 3b                   sbb    (%ebx),%bh
 8048564:       2a 32                   sub    (%edx),%dh
 8048566:       24 22                   and    $0x22,%al
 8048568:       1c 00                   sbb    $0x0,%al
 804856a:       00 00                   add    %al,(%eax)
 804856c:       40                      inc    %eax
 804856d:       00 00                   add    %al,(%eax)
 804856f:       00 9b fe ff ff 0e       add    %bl,0xefffffe(%ebx)
 8048575:       00 00                   add    %al,(%eax)
 8048577:       00 00                   add    %al,(%eax)
 8048579:       41                      inc    %ecx
 804857a:       0e                      push   %cs
 804857b:       08 85 02 42 0d 05       or     %al,0x50d4202(%ebp)
 8048581:       4a                      dec    %edx
 8048582:       c5 0c 04                lds    (%esp,%eax,1),%ecx
 8048585:       04 00                   add    $0x0,%al
 8048587:       00 28                   add    %ch,(%eax)
 8048589:       00 00                   add    %al,(%eax)
 804858b:       00 60 00                add    %ah,0x0(%eax)
 804858e:       00 00                   add    %al,(%eax)
 8048590:       89 fe                   mov    %edi,%esi
 8048592:       ff                      (bad)
 8048593:       ff 40 00                incl   0x0(%eax)
 8048596:       00 00                   add    %al,(%eax)
 8048598:       00 44 0c 01             add    %al,0x1(%esp,%ecx,1)
 804859c:       00 47 10                add    %al,0x10(%edi)
 804859f:       05 02 75 00 43          add    $0x43007502,%eax
 80485a4:       0f 03 75 7c             lsl    0x7c(%ebp),%esi
 80485a8:       06                      push   %es
 80485a9:       6d                      insl   (%dx),%es:(%edi)
 80485aa:       0c 01                   or     $0x1,%al
 80485ac:       00 41 c5                add    %al,-0x3b(%ecx)
 80485af:       43                      inc    %ebx
 80485b0:       0c 04                   or     $0x4,%al
 80485b2:       04 00                   add    $0x0,%al
 80485b4:       48                      dec    %eax
 80485b5:       00 00                   add    %al,(%eax)
 80485b7:       00 8c 00 00 00 a4 fe    add    %cl,-0x15c0000(%eax,%eax,1)
 80485be:       ff                      (bad)
 80485bf:       ff 5d 00                lcall  *0x0(%ebp)
 80485c2:       00 00                   add    %al,(%eax)
 80485c4:       00 41 0e                add    %al,0xe(%ecx)
 80485c7:       08 85 02 41 0e 0c       or     %al,0xc0e4102(%ebp)
 80485cd:       87 03                   xchg   %eax,(%ebx)
 80485cf:       41                      inc    %ecx
 80485d0:       0e                      push   %cs
 80485d1:       10 86 04 41 0e 14       adc    %al,0x140e4104(%esi)
 80485d7:       83 05 4e 0e 20 69 0e    addl   $0xe,0x69200e4e
 80485de:       24 44                   and    $0x44,%al
 80485e0:       0e                      push   %cs
 80485e1:       28 44 0e 2c             sub    %al,0x2c(%esi,%ecx,1)
 80485e5:       41                      inc    %ecx
 80485e6:       0e                      push   %cs
 80485e7:       30 4d 0e                xor    %cl,0xe(%ebp)
 80485ea:       20 47 0e                and    %al,0xe(%edi)
 80485ed:       14 41                   adc    $0x41,%al
 80485ef:       c3                      ret
 80485f0:       0e                      push   %cs
 80485f1:       10 41 c6                adc    %al,-0x3a(%ecx)
 80485f4:       0e                      push   %cs
 80485f5:       0c 41                   or     $0x41,%al
 80485f7:       c7                      (bad)
 80485f8:       0e                      push   %cs
 80485f9:       08 41 c5                or     %al,-0x3b(%ecx)
 80485fc:       0e                      push   %cs
 80485fd:       04 00                   add    $0x0,%al
 80485ff:       00 10                   add    %dl,(%eax)
 8048601:       00 00                   add    %al,(%eax)
 8048603:       00 d8                   add    %bl,%al
 8048605:       00 00                   add    %al,(%eax)
 8048607:       00 b8 fe ff ff 02       add    %bh,0x2fffffe(%eax)
 804860d:       00 00                   add    %al,(%eax)
 804860f:       00 00                   add    %al,(%eax)
 8048611:       00 00                   add    %al,(%eax)
        ...

08048614 <__FRAME_END__>:
 8048614:       00 00                   add    %al,(%eax)
        ...

Disassembly of section .init_array:

08049f08 <__frame_dummy_init_array_entry>:
 8049f08:       e0 83                   loopne 8049e8d <__FRAME_END__+0x1879>
 8049f0a:       04 08                   add    $0x8,%al

Disassembly of section .fini_array:

08049f0c <__do_global_dtors_aux_fini_array_entry>:
 8049f0c:       c0                      .byte 0xc0
 8049f0d:       83                      .byte 0x83
 8049f0e:       04 08                   add    $0x8,%al

Disassembly of section .jcr:

08049f10 <__JCR_END__>:
 8049f10:       00 00                   add    %al,(%eax)
        ...

Disassembly of section .dynamic:

08049f14 <_DYNAMIC>:
 8049f14:       01 00                   add    %eax,(%eax)
 8049f16:       00 00                   add    %al,(%eax)
 8049f18:       01 00                   add    %eax,(%eax)
 8049f1a:       00 00                   add    %al,(%eax)
 8049f1c:       0c 00                   or     $0x0,%al
 8049f1e:       00 00                   add    %al,(%eax)
 8049f20:       ac                      lods   %ds:(%esi),%al
 8049f21:       82                      (bad)
 8049f22:       04 08                   add    $0x8,%al
 8049f24:       0d 00 00 00 c4          or     $0xc4000000,%eax
 8049f29:       84 04 08                test   %al,(%eax,%ecx,1)
 8049f2c:       19 00                   sbb    %eax,(%eax)
 8049f2e:       00 00                   add    %al,(%eax)
 8049f30:       08 9f 04 08 1b 00       or     %bl,0x1b0804(%edi)
 8049f36:       00 00                   add    %al,(%eax)
 8049f38:       04 00                   add    $0x0,%al
 8049f3a:       00 00                   add    %al,(%eax)
 8049f3c:       1a 00                   sbb    (%eax),%al
 8049f3e:       00 00                   add    %al,(%eax)
 8049f40:       0c 9f                   or     $0x9f,%al
 8049f42:       04 08                   add    $0x8,%al
 8049f44:       1c 00                   sbb    $0x0,%al
 8049f46:       00 00                   add    %al,(%eax)
 8049f48:       04 00                   add    $0x0,%al
 8049f4a:       00 00                   add    %al,(%eax)
 8049f4c:       f5                      cmc
 8049f4d:       fe                      (bad)
 8049f4e:       ff 6f ac                ljmp   *-0x54(%edi)
 8049f51:       81 04 08 05 00 00 00    addl   $0x5,(%eax,%ecx,1)
 8049f58:       1c 82                   sbb    $0x82,%al
 8049f5a:       04 08                   add    $0x8,%al
 8049f5c:       06                      push   %es
 8049f5d:       00 00                   add    %al,(%eax)
 8049f5f:       00 cc                   add    %cl,%ah
 8049f61:       81 04 08 0a 00 00 00    addl   $0xa,(%eax,%ecx,1)
 8049f68:       4c                      dec    %esp
 8049f69:       00 00                   add    %al,(%eax)
 8049f6b:       00 0b                   add    %cl,(%ebx)
 8049f6d:       00 00                   add    %al,(%eax)
 8049f6f:       00 10                   add    %dl,(%eax)
 8049f71:       00 00                   add    %al,(%eax)
 8049f73:       00 15 00 00 00 00       add    %dl,0x0
 8049f79:       00 00                   add    %al,(%eax)
 8049f7b:       00 03                   add    %al,(%ebx)
 8049f7d:       00 00                   add    %al,(%eax)
 8049f7f:       00 00                   add    %al,(%eax)
 8049f81:       a0 04 08 02 00          mov    0x20804,%al
 8049f86:       00 00                   add    %al,(%eax)
 8049f88:       10 00                   adc    %al,(%eax)
 8049f8a:       00 00                   add    %al,(%eax)
 8049f8c:       14 00                   adc    $0x0,%al
 8049f8e:       00 00                   add    %al,(%eax)
 8049f90:       11 00                   adc    %eax,(%eax)
 8049f92:       00 00                   add    %al,(%eax)
 8049f94:       17                      pop    %ss
 8049f95:       00 00                   add    %al,(%eax)
 8049f97:       00 9c 82 04 08 11 00    add    %bl,0x110804(%edx,%eax,4)
 8049f9e:       00 00                   add    %al,(%eax)
 8049fa0:       94                      xchg   %eax,%esp
 8049fa1:       82                      (bad)
 8049fa2:       04 08                   add    $0x8,%al
 8049fa4:       12 00                   adc    (%eax),%al
 8049fa6:       00 00                   add    %al,(%eax)
 8049fa8:       08 00                   or     %al,(%eax)
 8049faa:       00 00                   add    %al,(%eax)
 8049fac:       13 00                   adc    (%eax),%eax
 8049fae:       00 00                   add    %al,(%eax)
 8049fb0:       08 00                   or     %al,(%eax)
 8049fb2:       00 00                   add    %al,(%eax)
 8049fb4:       fe                      (bad)
 8049fb5:       ff                      (bad)
 8049fb6:       ff 6f 74                ljmp   *0x74(%edi)
 8049fb9:       82                      (bad)
 8049fba:       04 08                   add    $0x8,%al
 8049fbc:       ff                      (bad)
 8049fbd:       ff                      (bad)
 8049fbe:       ff 6f 01                ljmp   *0x1(%edi)
 8049fc1:       00 00                   add    %al,(%eax)
 8049fc3:       00 f0                   add    %dh,%al
 8049fc5:       ff                      (bad)
 8049fc6:       ff 6f 68                ljmp   *0x68(%edi)
 8049fc9:       82                      (bad)
 8049fca:       04 08                   add    $0x8,%al
        ...

Disassembly of section .got:

08049ffc <.got>:
 8049ffc:       00 00                   add    %al,(%eax)
        ...

Disassembly of section .got.plt:

0804a000 <_GLOBAL_OFFSET_TABLE_>:
 804a000:       14 9f                   adc    $0x9f,%al
 804a002:       04 08                   add    $0x8,%al
        ...
 804a00c:       e6 82                   out    %al,$0x82
 804a00e:       04 08                   add    $0x8,%al
 804a010:       f6                      .byte 0xf6
 804a011:       82                      (bad)
 804a012:       04 08                   add    $0x8,%al

Disassembly of section .data:

0804a014 <__data_start>:
 804a014:       00 00                   add    %al,(%eax)
        ...

0804a018 <__dso_handle>:
 804a018:       00 00                   add    %al,(%eax)
        ...

Disassembly of section .bss:

0804a01c <__bss_start>:
 804a01c:       00 00                   add    %al,(%eax)
        ...

Disassembly of section .comment:

00000000 <.comment>:
   0:   47                      inc    %edi
   1:   43                      inc    %ebx
   2:   43                      inc    %ebx
   3:   3a 20                   cmp    (%eax),%ah
   5:   28 55 62                sub    %dl,0x62(%ebp)
   8:   75 6e                   jne    78 <_init-0x8048234>
   a:   74 75                   je     81 <_init-0x804822b>
   c:   20 35 2e 34 2e 30       and    %dh,0x302e342e
  12:   2d 36 75 62 75          sub    $0x75627536,%eax
  17:   6e                      outsb  %ds:(%esi),(%dx)
  18:   74 75                   je     8f <_init-0x804821d>
  1a:   31 7e 31                xor    %edi,0x31(%esi)
  1d:   36 2e 30 34 2e          ss xor %dh,%cs:(%esi,%ebp,1)
  22:   39 29                   cmp    %ebp,(%ecx)
  24:   20 35 2e 34 2e 30       and    %dh,0x302e342e
  2a:   20 32                   and    %dh,(%edx)
  2c:   30 31                   xor    %dh,(%ecx)
  2e:   36 30 36                xor    %dh,%ss:(%esi)
  31:   30 39                   xor    %bh,(%ecx)

Sections ေတြကထဲက content ကိုၾကည့္မယ္။

root@exploitdev:~/GDB# objdump -s function

function:     file format elf32-i386

Contents of section .interp:
 8048154 2f6c6962 2f6c642d 6c696e75 782e736f  /lib/ld-linux.so
 8048164 2e3200                               .2.
Contents of section .note.ABI-tag:
 8048168 04000000 10000000 01000000 474e5500  ............GNU.
 8048178 00000000 02000000 06000000 20000000  ............ ...
Contents of section .note.gnu.build-id:
 8048188 04000000 14000000 03000000 474e5500  ............GNU.
 8048198 b6163697 a1f0ff43 34f85f46 217b7c11  ..6....C4._F!{|.
 80481a8 b5176b5a                             ..kZ
Contents of section .gnu.hash:
 80481ac 02000000 04000000 01000000 05000000  ................
 80481bc 00200020 00000000 04000000 ad4be3c0  . . .........K..
Contents of section .dynsym:
 80481cc 00000000 00000000 00000000 00000000  ................
 80481dc 1a000000 00000000 00000000 12000000  ................
 80481ec 33000000 00000000 00000000 20000000  3........... ...
 80481fc 21000000 00000000 00000000 12000000  !...............
 804820c 0b000000 dc840408 04000000 11001000  ................
Contents of section .dynstr:
 804821c 006c6962 632e736f 2e36005f 494f5f73  .libc.so.6._IO_s
 804822c 7464696e 5f757365 64007072 696e7466  tdin_used.printf
 804823c 005f5f6c 6962635f 73746172 745f6d61  .__libc_start_ma
 804824c 696e005f 5f676d6f 6e5f7374 6172745f  in.__gmon_start_
 804825c 5f00474c 4942435f 322e3000           _.GLIBC_2.0.
Contents of section .gnu.version:
 8048268 00000200 00000200 0100               ..........
Contents of section .gnu.version_r:
 8048274 01000100 01000000 10000000 00000000  ................
 8048284 1069690d 00000200 42000000 00000000  .ii.....B.......
Contents of section .rel.dyn:
 8048294 fc9f0408 06020000                    ........
Contents of section .rel.plt:
 804829c 0ca00408 07010000 10a00408 07030000  ................
Contents of section .init:
 80482ac 5383ec08 e88b0000 0081c34b 1d00008b  S..........K....
 80482bc 83fcffff ff85c074 05e83600 000083c4  .......t..6.....
 80482cc 085bc3                               .[.
Contents of section .plt:
 80482d0 ff3504a0 0408ff25 08a00408 00000000  .5.....%........
 80482e0 ff250ca0 04086800 000000e9 e0ffffff  .%....h.........
 80482f0 ff2510a0 04086808 000000e9 d0ffffff  .%....h.........
Contents of section .plt.got:
 8048300 ff25fc9f 04086690                    .%....f.
Contents of section .text:
 8048310 31ed5e89 e183e4f0 50545268 c0840408  1.^.....PTRh....
 8048320 68608404 08515668 19840408 e8bfffff  h`...QVh........
 8048330 fff46690 66906690 66906690 66906690  ..f.f.f.f.f.f.f.
 8048340 8b1c24c3 66906690 66906690 66906690  ..$.f.f.f.f.f.f.
 8048350 b81fa004 082d1ca0 040883f8 06761ab8  .....-.......v..
 8048360 00000000 85c07411 5589e583 ec14681c  ......t.U.....h.
 8048370 a00408ff d083c410 c9f3c390 8d742600  .............t&.
 8048380 b81ca004 082d1ca0 0408c1f8 0289c2c1  .....-..........
 8048390 ea1f01d0 d1f8741b ba000000 0085d274  ......t........t
 80483a0 125589e5 83ec1050 681ca004 08ffd283  .U.....Ph.......
 80483b0 c410c9f3 c38d7426 008dbc27 00000000  ......t&...'....
 80483c0 803d1ca0 04080075 135589e5 83ec08e8  .=.....u.U......
 80483d0 7cffffff c6051ca0 040801c9 f3c36690  |.............f.
 80483e0 b8109f04 088b1085 d27505eb 938d7600  .........u....v.
 80483f0 ba000000 0085d274 f25589e5 83ec1450  .......t.U.....P
 8048400 ffd283c4 10c9e975 ffffff55 89e58b45  .......u...U...E
 8048410 0c014508 8b45085d c38d4c24 0483e4f0  ..E..E.]..L$....
 8048420 ff71fc55 89e55183 ec146a03 6a02e8d8  .q.U..Q...j.j...
 8048430 ffffff83 c4088945 f483ec08 ff75f468  .......E.....u.h
 8048440 e0840408 e897feff ff83c410 b8000000  ................
 8048450 008b4dfc c98d61fc c3669066 90669090  ..M...a..f.f.f..
 8048460 55575653 e8d7feff ff81c397 1b000083  UWVS............
 8048470 ec0c8b6c 24208db3 0cffffff e82bfeff  ...l$ .......+..
 8048480 ff8d8308 ffffff29 c6c1fe02 85f67425  .......)......t%
 8048490 31ff8db6 00000000 83ec04ff 74242cff  1...........t$,.
 80484a0 74242c55 ff94bb08 ffffff83 c70183c4  t$,U............
 80484b0 1039f775 e383c40c 5b5e5f5d c38d7600  .9.u....[^_]..v.
 80484c0 f3c3                                 ..
Contents of section .fini:
 80484c4 5383ec08 e873feff ff81c333 1b000083  S....s.....3....
 80484d4 c4085bc3                             ..[.
Contents of section .rodata:
 80484d8 03000000 01000200 52657472 756e6564  ........Retruned
 80484e8 2066726f 6d206164 64282920 3d256400   from add() =%d.
Contents of section .eh_frame_hdr:
 80484f8 011b033b 30000000 05000000 d8fdffff  ...;0...........
 8048508 4c000000 13ffffff 70000000 21ffffff  L.......p...!...
 8048518 90000000 68ffffff bc000000 c8ffffff  ....h...........
 8048528 08010000                             ....
Contents of section .eh_frame:
 804852c 14000000 00000000 017a5200 017c0801  .........zR..|..
 804853c 1b0c0404 88010000 20000000 1c000000  ........ .......
 804854c 84fdffff 30000000 000e0846 0e0c4a0f  ....0......F..J.
 804855c 0b740478 003f1a3b 2a322422 1c000000  .t.x.?.;*2$"....
 804856c 40000000 9bfeffff 0e000000 00410e08  @............A..
 804857c 8502420d 054ac50c 04040000 28000000  ..B..J......(...
 804858c 60000000 89feffff 40000000 00440c01  `.......@....D..
 804859c 00471005 02750043 0f03757c 066d0c01  .G...u.C..u|.m..
 80485ac 0041c543 0c040400 48000000 8c000000  .A.C....H.......
 80485bc a4feffff 5d000000 00410e08 8502410e  ....]....A....A.
 80485cc 0c870341 0e108604 410e1483 054e0e20  ...A....A....N.
 80485dc 690e2444 0e28440e 2c410e30 4d0e2047  i.$D.(D.,A.0M. G
 80485ec 0e1441c3 0e1041c6 0e0c41c7 0e0841c5  ..A...A...A...A.
 80485fc 0e040000 10000000 d8000000 b8feffff  ................
 804860c 02000000 00000000 00000000           ............
Contents of section .init_array:
 8049f08 e0830408                             ....
Contents of section .fini_array:
 8049f0c c0830408                             ....
Contents of section .jcr:
 8049f10 00000000                             ....
Contents of section .dynamic:
 8049f14 01000000 01000000 0c000000 ac820408  ................
 8049f24 0d000000 c4840408 19000000 089f0408  ................
 8049f34 1b000000 04000000 1a000000 0c9f0408  ................
 8049f44 1c000000 04000000 f5feff6f ac810408  ...........o....
 8049f54 05000000 1c820408 06000000 cc810408  ................
 8049f64 0a000000 4c000000 0b000000 10000000  ....L...........
 8049f74 15000000 00000000 03000000 00a00408  ................
 8049f84 02000000 10000000 14000000 11000000  ................
 8049f94 17000000 9c820408 11000000 94820408  ................
 8049fa4 12000000 08000000 13000000 08000000  ................
 8049fb4 feffff6f 74820408 ffffff6f 01000000  ...ot......o....
 8049fc4 f0ffff6f 68820408 00000000 00000000  ...oh...........
 8049fd4 00000000 00000000 00000000 00000000  ................
 8049fe4 00000000 00000000 00000000 00000000  ................
 8049ff4 00000000 00000000                    ........
Contents of section .got:
 8049ffc 00000000                             ....
Contents of section .got.plt:
 804a000 149f0408 00000000 00000000 e6820408  ................
 804a010 f6820408                             ....
Contents of section .data:
 804a014 00000000 00000000                    ........
Contents of section .comment:
 0000 4743433a 20285562 756e7475 20352e34  GCC: (Ubuntu 5.4
 0010 2e302d36 7562756e 7475317e 31362e30  .0-6ubuntu1~16.0
 0020 342e3929 20352e34 2e302032 30313630  4.9) 5.4.0 20160
 0030 36303900                             609.

Symbol table ကိုၾကည့္မယ္

root@exploitdev:~/GDB# objdump -t function

function:     file format elf32-i386

SYMBOL TABLE:
08048154 l    d  .interp        00000000              .interp
08048168 l    d  .note.ABI-tag  00000000              .note.ABI-tag
08048188 l    d  .note.gnu.build-id     00000000              .note.gnu.build-id
080481ac l    d  .gnu.hash      00000000              .gnu.hash
080481cc l    d  .dynsym        00000000              .dynsym
0804821c l    d  .dynstr        00000000              .dynstr
08048268 l    d  .gnu.version   00000000              .gnu.version
08048274 l    d  .gnu.version_r 00000000              .gnu.version_r
08048294 l    d  .rel.dyn       00000000              .rel.dyn
0804829c l    d  .rel.plt       00000000              .rel.plt
080482ac l    d  .init  00000000              .init
080482d0 l    d  .plt   00000000              .plt
08048300 l    d  .plt.got       00000000              .plt.got
08048310 l    d  .text  00000000              .text
080484c4 l    d  .fini  00000000              .fini
080484d8 l    d  .rodata        00000000              .rodata
080484f8 l    d  .eh_frame_hdr  00000000              .eh_frame_hdr
0804852c l    d  .eh_frame      00000000              .eh_frame
08049f08 l    d  .init_array    00000000              .init_array
08049f0c l    d  .fini_array    00000000              .fini_array
08049f10 l    d  .jcr   00000000              .jcr
08049f14 l    d  .dynamic       00000000              .dynamic
08049ffc l    d  .got   00000000              .got
0804a000 l    d  .got.plt       00000000              .got.plt
0804a014 l    d  .data  00000000              .data
0804a01c l    d  .bss   00000000              .bss
00000000 l    d  .comment       00000000              .comment
00000000 l    df *ABS*  00000000              crtstuff.c
08049f10 l     O .jcr   00000000              __JCR_LIST__
08048350 l     F .text  00000000              deregister_tm_clones
08048380 l     F .text  00000000              register_tm_clones
080483c0 l     F .text  00000000              __do_global_dtors_aux
0804a01c l     O .bss   00000001              completed.7209
08049f0c l     O .fini_array    00000000              __do_global_dtors_aux_fini_array_entry
080483e0 l     F .text  00000000              frame_dummy
08049f08 l     O .init_array    00000000              __frame_dummy_init_array_entry
00000000 l    df *ABS*  00000000              function.c
00000000 l    df *ABS*  00000000              crtstuff.c
08048614 l     O .eh_frame      00000000              __FRAME_END__
08049f10 l     O .jcr   00000000              __JCR_END__
00000000 l    df *ABS*  00000000
08049f0c l       .init_array    00000000              __init_array_end
08049f14 l     O .dynamic       00000000              _DYNAMIC
08049f08 l       .init_array    00000000              __init_array_start
080484f8 l       .eh_frame_hdr  00000000              __GNU_EH_FRAME_HDR
0804a000 l     O .got.plt       00000000              _GLOBAL_OFFSET_TABLE_
080484c0 g     F .text  00000002              __libc_csu_fini
00000000  w      *UND*  00000000              _ITM_deregisterTMCloneTable
08048340 g     F .text  00000004              .hidden __x86.get_pc_thunk.bx
0804a014  w      .data  00000000              data_start
0804840b g     F .text  0000000e              add
00000000       F *UND*  00000000              printf@@GLIBC_2.0
0804a01c g       .data  00000000              _edata
080484c4 g     F .fini  00000000              _fini
0804a014 g       .data  00000000              __data_start
00000000  w      *UND*  00000000              __gmon_start__
0804a018 g     O .data  00000000              .hidden __dso_handle
080484dc g     O .rodata        00000004              _IO_stdin_used
00000000       F *UND*  00000000              __libc_start_main@@GLIBC_2.0
08048460 g     F .text  0000005d              __libc_csu_init
0804a020 g       .bss   00000000              _end
08048310 g     F .text  00000000              _start
080484d8 g     O .rodata        00000004              _fp_hw
0804a01c g       .bss   00000000              __bss_start
08048419 g     F .text  00000040              main
00000000  w      *UND*  00000000              _Jv_RegisterClasses
0804a01c g     O .data  00000000              .hidden __TMC_END__
00000000  w      *UND*  00000000              _ITM_registerTMCloneTable
080482ac g     F .init  00000000              _init

Dynamic Symbol table ကိုၾကည့္မယ္

root@exploitdev:~/GDB# objdump -T function

function:     file format elf32-i386

DYNAMIC SYMBOL TABLE:
00000000      DF *UND*  00000000  GLIBC_2.0   printf
00000000  w   D  *UND*  00000000              __gmon_start__
00000000      DF *UND*  00000000  GLIBC_2.0   __libc_start_main
080484dc g    DO .rodata        00000004  Base        _IO_stdin_used

Dynamic Relocation table ၾကည့္မယ္

root@exploitdev:~/GDB# objdump -R function

function:     file format elf32-i386

DYNAMIC RELOCATION RECORDS
OFFSET   TYPE              VALUE
08049ffc R_386_GLOB_DAT    __gmon_start__
0804a00c R_386_JUMP_SLOT   printf@GLIBC_2.0
0804a010 R_386_JUMP_SLOT   __libc_start_main@GLIBC_2.0

ကိုယ္လိုခ်င္တဲ့ section ကိုပဲေရြးၾကည့္မယ္

root@exploitdev:~/GDB# objdump -s -j.data function

function:     file format elf32-i386

Contents of section .data:
 804a014 00000000 00000000                    ........

Option ကို file အေနနဲ႕ထားထားမယ္

root@exploitdev:~/GDB# cat options.txt
-s

ေနာက္ run တဲ့အခါ ကိုယ္လုပ္ခ်င္တာေတြၾကိဳထည့္ထားလို႕ရတာေပါ့

root@exploitdev:~/GDB# objdump @options.txt function

Thanks