几款常用的二进制文件分析及问题定位的工具
具体使用,还要仔细看其文档。
fuser
fuser displays the PIDs of processes using the specified files or file systems. In the default display mode, each file name is followed by a letter denoting the type of access:
c current directory.
e executable being run.
f open file. f is omitted in default display mode.
F open file for writing. F is omitted in default display mode.
r root directory.
m mmap'ed file or shared library.
. Placeholder, omitted in default display mode.
fuser returns a non-zero return code if none of the specified files is accessed or in case of a fatal error. If at least one access has been found, fuser returns zero.
ldd
ldd prints the shared objects (shared libraries) required by each program or shared object specified on the command line.
$ ldd /bin/ls
linux-vdso.so.1 (0x00007ffcc3563000)
libselinux.so.1 => /lib64/libselinux.so.1 (0x00007f87e5459000)
libcap.so.2 => /lib64/libcap.so.2 (0x00007f87e5254000)
libc.so.6 => /lib64/libc.so.6 (0x00007f87e4e92000)
libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f87e4c22000)
libdl.so.2 => /lib64/libdl.so.2 (0x00007f87e4a1e000)
/lib64/ld-linux-x86-64.so.2 (0x00005574bf12e000)
libattr.so.1 => /lib64/libattr.so.1 (0x00007f87e4817000)
libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f87e45fa000)
附: 设置动态链接库的搜索路径
export LD_LIBRARY_PATH=<one_more_path>:$LD_LIBRARY_PATH
nm
GNU nm lists the symbols from object files objfile… If no object files are listed as arguments, nm assumes the file a.out.
objdump
objdump displays information about one or more object files. The options control what particular information to display.
This information is mostly useful to programmers who are working on the compilation tools, as opposed to programmers who just want their program to compile and work.
objcopy
The GNU objcopy utility copies the contents of an object file to another. objcopy uses the GNU BFD Library to read and write the object files.
It can write the destination object file in a format different from that of the source object file. The exact behavior of objcopy is controlled by command-line options.
Note that objcopy should be able to copy a fully linked file between any two formats. However, copying a relocatable object file between any two formats may not work as expected.
readelf
readelf displays information about one or more ELF format object files. The options control what particular information to display.
elffile… are the object files to be examined. 32-bit and 64-bit ELF files are supported, as are archives containing ELF files.
This program performs a similar function to objdump but it goes into more detail and it exists independently of the BFD library, so if there is a bug in BFD then readelf will not be affected.
addr2line
addr2line translates addresses into file names and line numbers. Given an address in an executable or an offset in a section of a relocatable object, it uses the debugging information to figure out which file name and line number are associated with it.
The executable or relocatable object to use is specified with the -e option. The default is the file a.out. The section in the relocatable object to use is specified with the -j option.
addr2line has two modes of operation.
In the first, hexadecimal addresses are specified on the command line, and addr2line displays the file name and line number for each address.
In the second, addr2line reads hexadecimal addresses from standard input, and prints the file name and line number for each address on standard output. In this mode, addr2line may be used in a pipe to convert dynamically chosen addresses.
The format of the output is FILENAME:LINENO. By default each input address generates one line of output.
c++filt
The C++ and Java languages provide function overloading, which means that you can write many functions with the same name, providing that each function takes parameters of different types. In order to be able to distinguish these similarly named functions C++ and Java encode them into a low-level assembler name which uniquely identifies each different version. This process is known as mangling. The c++filt [1] program does the inverse mapping: it decodes (demangles) low-level names into user-level names so that they can be read.
Every alphanumeric word (consisting of letters, digits, underscores, dollars, or periods) seen in the input is a potential mangled name. If the name decodes into a C++ name, the C++ name replaces the low-level name in the output, otherwise the original word is output. In this way you can pass an entire assembler source file, containing mangled names, through c++filt and see the same source file containing demangled names.
You can also use c++filt to decipher individual symbols by passing them on the command line:
c++filt <symbol>
crash
Crash is a tool for interactively analyzing the state of the Linux system while it is running, or after a kernel crash has occurred and a core dump has been created by the netdump, diskdump, LKCD, kdump, xendump or kvmdump facilities. It is loosely based on the SVR4 UNIX crash command, but has been significantly enhanced by completely merging it with the gdb(1) debugger. The marriage of the two effectively combines the kernel-specific nature of the traditional UNIX crash utility with the source code level debugging capabilities of gdb(1).
In the dumpfile form, both a NAMELIST and a MEMORY-IMAGE argument must be entered. In the live system form, the NAMELIST argument must be entered if the kernel’s vmlinux file is not located in a known location, such as the /usr/lib/debug/lib/modules/ directory.
