< Day Day Up > |
One of the wonderful things about Unix in general and Linux in particular is that the operating system ships with a number of powerful utilities that can be used for programming or reverse engineering (of course, some commercial Unixes still try to enforce "licensing" of so-called developer tools ”an odd choice of phrase since "developers" tend to use Windows and "coders" tend to use Uni ”but packages such as the GNU development tools are available for free on virtually every Unix platform extant). A virtual cornucopia of additional tools can be found online (see Section 3.5 at the end of the chapter), many of which are under continual development. The tools presented here are restricted to the GNU packages and utilities available in most Linux distributions: nm, gdb, lsof, ltrace, objdump , od, and hexdump. Other tools that have become fairly widely used in the security and reverse engineering fields ”dasm, elfdump, hte, ald, IDA, and IDA_Pro ”xare not discussed, though the reader is encouraged to experiment with them. One tool whose omission would at first appear to be a matter of great neglect is the humble hex editor. There are many of these available for Linux/Unix. biew is the best; hexedit is supplied with just about every major Linux distribution. Of course, as all true Unixers know in their hearts, you need no hex editor when you're in bed with od and dd. 3.1.1 Overview of the TargetThe first tool that should be run on a prospective target is nm, the system utility for listing symbols in a binary. There are quite a few options to nm; the more useful are -C (demangle), -D (dynamic symbols), -g (global/external symbols), -u (only undefined symbols), --defined-only (only defined symbols), and -a (all symbols, including debugger hints). There are notions of symbol type, scope, and definition in the nm listing. Type specifies the section where the symbol is located and usually has one of the following values:
The scope of a symbol is determined by the case of the type; lowercase types are local in scope, while uppercase types are global. Thus, "t" denotes a local symbol in the code section, while "T" denotes a global symbol in the code section. Whether a symbol is defined is determined by the type, as listed above; `nm -u` is equivalent to doing an `nm grep ' \{9,\}[uUwW]'` , where the ' \{9,\} ' refers to the empty spaces printed in lieu of an address or value. Thus, in the following example: bash# nm a.out 08049fcc ? _DYNAMIC 08049f88 ? _GLOBAL_OFFSET_TABLE_ 08048ce4 R _IO_stdin_used 0804a06c A _ _bss_start 08049f60 D _ _data_start w _ _deregister_frame_info@@GLIBC_2.0 08048c90 t _ _do_global_ctors_aux w __gmon_start_ _ U _ _libc_start_main@@GLIBC_2.0 08048cbc ? _fini 08048ce0 R _fp_hw 0804848c ? _init 080485a0 T _start 08048bb4 T bind 080485c4 t call_gmon_start the symbols _start and bind are exported symbols defined in .text ; _ _do_global_ctors_aux and call_gmon_start are private symbols defined in .text , _DYNAMIC , _GLOBAL_OFFSET_TABLE_ , _fini , and _init are unknown symbols; and _ _libc_start_main is imported from libc.so . Using the proper command switches and filtering based on type, we can see at a glance the layout of the target: List labels in the code sections: nm -C --defined-only filename grep '[0-9a-f ]\{8,\} [Tt]' List data: nm -C --defined-only filename grep '[0-9a-f ]\{8,\} [RrBbDd]' List unresolved symbols [imported functions/variables]: nm -Cu The objdump utility also provides a quick summary of the target with its -f option: bash# objdump -f /bin/login /bin/login: file format elf32-i386 architecture: i386, flags 0x00000112: EXEC_P, HAS_SYMS, D_PAGED start address 0x0804a0c0 bash# This is somewhat akin to the file(1) command, which has similar output: bash# file /bin/login /bin/login: setuid ELF 32-bit LSB executable, Intel 80386, version 1, dynamically linked (uses shared libs), stripped bash# Both correctly identify the target, though the objdump version gives the BFD target type (see Section 3.4.3 later in this chapter) as well as the entry point. The final utility used in the casual assessment of a target is the venerable strings(1), without which the software security industry would apparently curl up and die. The purpose of strings is to print out all ASCII character sequences that are four characters or more long. strings(1) itself is easy to use: List all ASCII strings in the initialized and loaded sections: strings -tx List all ASCII strings in all sections: strings -atx List all ASCII strings that are at least 8 characters in length: strings -atx -8 It should be noted that the addresses in the "tx" section should be cross-referenced with the address ranges of the various program sections; it is terribly easy to give a false impression about what a program does simply by including data strings such as "setsockopt" and " execve ", which can be mistaken for shared library references. 3.1.2 DebuggingAnyone who has spent any reasonable amount of time on a Linux system will be familiar with gdb. The GNU Debugger actually consists of two core components : the console-mode gdb utility, and libgdb, a library intended for embedding gdb in a larger application (e.g., an IDE). Numerous frontends to gdb are available, including ddd, kdbg, gvd, and insight for X-Windows, and vidbg and motor for the console. As a console-mode program, gdb requires some familiarity on the part of the user ; GNU has made available a very useful quick reference card in addition to the copious "Debugging with GDB" tome (see Section 3.5 at the end of this chapter for more information). The first question with any debugger is always "How do you use this to disassemble?" The second follows closely on its heels: "How do you examine memory?" In gdb, we use the disassemble , p (print), and x (examine) commands: disassemble start end : disasm from 'start' address to 'end' p $reg : print contents of register 'reg' ['p $eax'] p address : print value of 'address' ['p _start'] p *address : print contents of 'address' ['p *0x80484a0'] x $reg : disassemble address in 'reg' ['x $eip'] x address : disassemble 'address' ['x _start'] x *address : dereference and disassemble address The argument to the p and x commands is actually an expression, which can be a symbol, a register name (with a "$" prefix), an address, a dereferenced address (with a "*" prefix), or a simple arithmetic expression, such as "$edi + $ds" or "$ebx + ($ecx * 4)". Both the p and x commands allow formatting arguments to be appended: x/i print the result as an assembly language instruction x/x print the result in hexadecimal x/d print the result in decimal x/u print the result in unsigned decimal x/t print the result in binary x/o print the result in octal x/f print the result as a float x/a print the result as an address x/c print the result as an unsigned char x/s print the result as an ASCII string However, i and s are not usable with the p command, as it does not dereference the address it is given. For examining process data other than address space, gdb provides the info command. There are over 30 info options, which are documented with the help info command; the more useful options are: all-registers Contents of all CPU registers args Arguments for current stack frame [req. syms] breakpoints Breakpoint/watch list and status frame Summary of current stack frame functions Names/addresses of all known functions locals Local vars in current stack frame [req. syms] program Execution status of the program registers Contents of standard CPU registers set Debugger settings sharedlibrary Status of loaded shared libraries signals Debugger handling of process signals stack Backtrace of the stack threads Threads IDs tracepoints Tracepoint list and status types Types recognized by gdb udot Kernel user struct for the process variables All known global and static variable names Thus, to view the registers, type info registers . Many of the info options take arguments; for example, to examine a specific register, type info registers eax , where eax is the name of the register to be examined. Note that the "$" prefix is not needed with the info register command. Now that the state of the process can be easily examined, a summary of the standard process control instructions is in order: continue Continue execution of target finish Execute through end of subroutine (current stack frame) kill Send target a SIGKILL next Step (over calls) one source line nexti Step (over calls) one machine instruction run Execute target [uses PTRACE_TRACEME] step Step one source line stepi Step one machine instruction backtrace Print backtrace of stack frames up Set scope "up" one stack frame (out of call) down Set scope "down" one stack frame (into call) Many of these commands have aliases since they are used so often: n ( next ), ni ( nexti ), s ( step ), si ( stepi ), r ( run ), c ( continue ), and bt ( backtrace ). The use of these commands should be familiar to anyone experienced with debuggers . stepi and nexti are sometimes referred to as "step into" and "step over," while finish is often called "ret" or "p ret." The backtrace command requires special attention: it shows how execution reached the current point in the program by analyzing stack frames; the up and down commands allow the current context to be moved up or down one frame (as far as gdb is concerned , that is; the running target is not affected). To illustrate : gdb> bt #0 0x804849a in main ( ) #1 0x8048405 in _start ( ) gdb> up #1 0x8048405 in _start ( ) gdb> down #0 0x804849a in main ( ) The numbers at the start of each line in the backtrace are frame numbers ; up increments the context frame number (the current frame number is always 0), and down decrements it. Details for each frame can be viewed with the info frame command: gdb> bt #0 0x804849a in main ( ) #1 0x8048405 in _start ( ) gdb> info frame 0 Stack frame at 0xbfbffa60: eip = 0x804849a in main; saved eip 0x8048405 called by frame at 0xbfbffaac Arglist at 0xbfbffa60, args: Locals at 0xbfbffa60, Previous frame's sp is 0x0 Saved registers: ebp at 0xbfbffa60, eip at 0xbfbffa64 gdb> info frame 1 Stack frame at 0xbfbffaac: eip = 0x8048405 in _start; saved eip 0x1 caller of frame at 0xbfbffa60 Arglist at 0xbfbffaac, args: Locals at 0xbfbffaac, Previous frame's sp is 0x0 Saved registers: ebx at 0xbfbffa94, ebp at 0xbfbffaac, esi at 0xbfbffa98, edi at 0xbfbffa9c, eip at 0xbfbffab0 It is important to become used to working with stack frames in gdb, as they are likely to be the only frame of reference available while debugging a stripped binary. A debugger is nothing without breakpoints. Fortunately, gdb provides a rich breakpoint subsystem with support for data and execution breakpoints, commands to execute on breakpoint hits, and breakpoint conditions. break Set an execution breakpoint hbreak Set an execution breakpoint using a debug register xbreak Set a breakpoint at the exit of a procedure clear Delete breakpoints by target address/symbol delete Delete breakpoints by ID number disable Disable breakpoints by ID number enable Enable breakpoints by ID number ignore Ignore a set number of occurrences of a breakpoint condition Apply a condition to a breakpoint commands Set commands to be executed when a breakpoint hits Each of the break commands takes as its argument a line number, a function name, or an address if prefixed with "*" (e.g., "break *0x8048494"). Conditional breakpoints are supported via the condition command of the form: condition num expression ...where num is the breakpoint ID and expression is any expression that evaluates to TRUE (nonzero) in order for the breakpoint to hit; the break command also supports an if suffix of the form: break address if expression where expression is the same as in the command. Breakpoint conditions can be any expression; however, they're devoid of meaning: break main if $eax > 0 break main if *(unsigned long *)(0x804849a +16) == 23 break main if 2 > 1 These conditions are associated with a breakpoint number and are deleted when that breakpoint is deleted; alternatively, the condition for a breakpoint can be changed with the condition command, or cleared by using the condition command with no expression specified. Breakpoint commands are another useful breakpoint extension. These are specified with commands , which has the following syntax: commands num command1 command2 ... end num is the breakpoint ID number, and all lines between commands and end are commands to be executed when the breakpoint hits. These commands can be used to perform calculations, print values, set new breakpoints, or even continue the target: commands 1 info registers end commands 2 b *(unsigned long *)$eax continue end commands 3 x/s $esi x/s $edi end commands 4 set $eax = 1 set $eflags = $eflags & ~0x20 set $eflags = $eflags 0x01 end The last example demonstrates the use of commands to set the eax register to 1, to clear the Zero flag, and to set the Carry flag. Any standard C expression can be used in gdb commands. The break , hbreak , and xbreak commands all have temporary forms that begin with "t" and cause the breakpoint to be removed after it hits. The tbreak command, for example, installs an execution breakpoint at the specified address or symbol, then removes the breakpoint after it hits the first time, so that subsequent executions of the same address will not trigger the breakpoint. This is perhaps a good point to introduce the gdb display command. This command is used with an expression (i.e., an address or register) to display a value whenever gdb stops the process, such as when a breakpoint is encountered or an instruction is traced. Unfortunately the display command does not take arbitrary gdb commands, so display info regs will not work. It is still useful to display variables or register contents at each stop; this allows "background" watchpoints (i.e., watchpoints that do not stop the process on modification, but are simply displayed) to be set up, and also allows for a runtime context to be displayed: gdb> display/i $eip gdb> display/s *$edi gdb> display/s *$esi gdb> display/t $eflags gdb> display $edx gdb> display $ecx gdb> display $ebx gdb> display $eax gdb> n 0x400c58c1 in nanosleep ( ) from /lib/libc.so.6 9: $eax = 0xfffffffc 8: $ebx = 0x4013c0b8 7: $ecx = 0xbffff948 6: $edx = 0x4013c0b8 5: /t $eflags = 1100000010 4: x/s *$esi 0x10000: <Address 0x10000 out of bounds> 3: x/s *$edi 0xbffffc6f: "/home/_m/./a.out" 2: x/i $eip 0x400c58c1 <nanosleep+33>: pop %ebx gdb> As can be seen in the above example, the display command can take the same formatting arguments as the p and x commands. A list of all display expressions in effect can be viewed with info display , and expressions can be deleted with undisplay # , where # is the number of the display as shown in the display listing. In gdb, a data breakpoint is called a watchpoint ; a watched address or variable causes execution of the program to stop when the address is read or written. There are three watch commands in gdb: awatch Set a read/write watchpoint watch Set a write watchpoint rwatch Set a read watchpoint Watchpoints appear in the breakpoint listing ( info breakpoints ) and are deleted as if they are breakpoints. One point about breakpoints and watchpoints in gdb on the x86 platform needs to be made clear: the use of x86 debug registers. By default, gdb attempts to use a hardware register for awatch and rwatch watchpoints in order to avoid slowing down execution of the program; execution breakpoints are embedded INT3 instructions by default, although the hbreak is intended to allow hardware register breakpoints on execution access. This support seems to be disabled in many versions of gdb, however; if an awatch or rwatch cannot be made because of a lack of debug register support, the error message "Expression cannot be implemented with read/access watchpoint" will appear, while if an hbreak cannot be installed, the message "No hardware breakpoint support in the target" is printed. The appearance of one of these messages means either that gdb has no hardware debug register support or that all debug registers are in use. More information on Intel debug registers can be found in Section 3.3.1 and Section 3.4.2, later in this chapter. One area of debugging with gdb that gets little attention is the support for SIGSTOP via Ctrl-z. Normally, in a terminal application, the shell catches Ctrl-z and the foreground process is sent a SIGSTOP. When gdb is running, however, Ctrl-z sends a SIGSTOP to the target, and control is returned to gdb. Needless to say, this is extremely useful in programs that enter an endless loop, and it can be used as an underpowered replacement for SoftICE's Ctrl-d when debugging an X program from an xterm . For example, use gdb to run a program with an endless loop: #include <unistd.h> int main( int argc, char **argv ) { int x = 666; while ( 1 ) { x++; sleep(1); } return(0); } bash# gdb ./a.out gdb> r (no debugging symbols found)...(no debugging symbols found)... At this point the program is locked in a loop; press Ctrl-z to stop the program. Program received signal SIGTSTP, Stopped (user). 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 Program received signal SIGTSTP, Stopped (user). 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 A simple backtrace shows the current location of the program; a judicious application of finish commands will step out of the library calls: gdb> bt #0 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 #1 0x400c5848 in sleep ( ) from /lib/libc.so.6 #2 0x8048421 in main ( ) #3 0x4003e64f in _ _libc_start_main ( ) from /lib/libc.so.6 gdb> finish Program received signal SIGTSTP, Stopped (user). 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 gdb> finish 0x400c5848 in sleep ( ) from /lib/libc.so.6 gdb> finish 0x8048421 in main ( ) gdb> dis main Dump of assembler code for function main: ... 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: addgdb> bt #0 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 #1 0x400c5848 in sleep ( ) from /lib/libc.so.6 #2 0x8048421 in main ( ) #3 0x4003e64f in _ _libc_start_main ( ) from /lib/libc.so.6 gdb> finish Program received signal SIGTSTP, Stopped (user). 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 gdb> finish 0x400c5848 in sleep ( ) from /lib/libc.so.6 gdb> finish 0x8048421 in main ( ) gdb> dis main Dump of assembler code for function main: ... 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: add $0xfffffff4,%esp 0x804841a <main+26>: push $0x1 0x804841c <main+28>: call 0x80482f0 <sleep> 0x8048421 <main+33>: add $0x10,%esp 0x8048424 <main+36>: jmp 0x8048410 <main+16> 0x8048426 <main+38>: xor %eax,%eax 0x8048428 <main+40>: jmp 0x8048430 <main+48> 0x804842a <main+42>: lea 0x0(%esi),%esi 0x8048430 <main+48>: mov %ebp,%esp 0x8048432 <main+50>: pop %ebp 0x8048433 <main+51>: ret End of assembler dump.xfffffff4,%esp 0x804841a <main+26>: pushgdb> bt #0 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 #1 0x400c5848 in sleep ( ) from /lib/libc.so.6 #2 0x8048421 in main ( ) #3 0x4003e64f in _ _libc_start_main ( ) from /lib/libc.so.6 gdb> finish Program received signal SIGTSTP, Stopped (user). 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 gdb> finish 0x400c5848 in sleep ( ) from /lib/libc.so.6 gdb> finish 0x8048421 in main ( ) gdb> dis main Dump of assembler code for function main: ... 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: add $0xfffffff4,%esp 0x804841a <main+26>: push $0x1 0x804841c <main+28>: call 0x80482f0 <sleep> 0x8048421 <main+33>: add $0x10,%esp 0x8048424 <main+36>: jmp 0x8048410 <main+16> 0x8048426 <main+38>: xor %eax,%eax 0x8048428 <main+40>: jmp 0x8048430 <main+48> 0x804842a <main+42>: lea 0x0(%esi),%esi 0x8048430 <main+48>: mov %ebp,%esp 0x8048432 <main+50>: pop %ebp 0x8048433 <main+51>: ret End of assembler dump.x1 0x804841c <main+28>: call 0x80482f0 <sleep> 0x8048421 <main+33>: addgdb> bt #0 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 #1 0x400c5848 in sleep ( ) from /lib/libc.so.6 #2 0x8048421 in main ( ) #3 0x4003e64f in _ _libc_start_main ( ) from /lib/libc.so.6 gdb> finish Program received signal SIGTSTP, Stopped (user). 0x400c58b1 in nanosleep ( ) from /lib/libc.so.6 gdb> finish 0x400c5848 in sleep ( ) from /lib/libc.so.6 gdb> finish 0x8048421 in main ( ) gdb> dis main Dump of assembler code for function main: ... 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: add $0xfffffff4,%esp 0x804841a <main+26>: push $0x1 0x804841c <main+28>: call 0x80482f0 <sleep> 0x8048421 <main+33>: add $0x10,%esp 0x8048424 <main+36>: jmp 0x8048410 <main+16> 0x8048426 <main+38>: xor %eax,%eax 0x8048428 <main+40>: jmp 0x8048430 <main+48> 0x804842a <main+42>: lea 0x0(%esi),%esi 0x8048430 <main+48>: mov %ebp,%esp 0x8048432 <main+50>: pop %ebp 0x8048433 <main+51>: ret End of assembler dump.x10,%esp 0x8048424 <main+36>: jmp 0x8048410 <main+16> 0x8048426 <main+38>: xor %eax,%eax 0x8048428 <main+40>: jmp 0x8048430 <main+48> 0x804842a <main+42>: lea 0x0(%esi),%esi 0x8048430 <main+48>: mov %ebp,%esp 0x8048432 <main+50>: pop %ebp 0x8048433 <main+51>: ret End of assembler dump. At this point the location of the counter can be seen in the inc instruction: 0xfffffffc(%ebp) or [ebp-4] in signed Intel format. A watchpoint can now be set on the counter and execution of the program can be continued with a break each time the counter is incremented: gdb> p $ebp - 4 0xbffffb08 gdb> p/d *($ebp - 4) = 668 gdb> watch 0xbffffb08 Watchpoint 2: 0xbffffb08 gdb> c Note that the address of the counter on the stack is used for the watch; while a watch could be applied to the ebp expression with watch *($ebp-4) , this would break whenever the first local variable of a function was accessed ”hardly what we want. In general, it is best to place watchpoints on actual addresses instead of variable names, address expressions, or registers. Now that gdb has been exhaustively introduced, it has no doubt caused the reader some trepidation: while it is powerful, the sheer number of commands is intimidating and makes it hard to use. To overcome this difficulty, you must edit the gdb config file: ~/. gdbinit on Unix systems. Aliases can be defined between define and end commands, and commands to be performed at startup (e.g., the display command) can be specified as well. Following a sample .gdbinit , which should make life easier when using gdb. First, aliases for the breakpoint commands are defined to make things a bit more regular: # ______________breakpoint aliases____________ _ define bpl info breakpoints end define bpc clear $arg0 end define bpe enable $arg0 end define bpd disable $arg0 end Note that the .gdbinit comment character is "#" and that mandatory arguments for a macro can be specified by the inclusion of "$arg#" variables in the macro. Next up is the elimination of the tedious info command; the following macros provide more terse aliases for runtime information: # ______________process information___________ _ define stack info stack info frame info args info locals end define reg printf " eax:%08X ebx:%08X ecx:%08X", $eax, $ebx, $ecx printf " edx:%08X\teflags:%08X\n", $edx, $eflags printf " esi:%08X edi:%08X esp:%08X", $esi, $edi, $esp printf " ebp:%08X\teip:%08X\n", $ebp, $eip printf " cs:%04X ds:%04X es:%04X", $cs, $ds, $es printf " fs:%04X gs:%04X ss:%04X\n", $fs, $gs, $ss end define func info functions end define var info variables end define lib info sharedlibrary end define sig info signals end define thread info threads end define u info udot end define dis disassemble $arg0 end # ________________hex/ascii dump an address_____________ _ define hexdump printf "%08X : ", $arg0 printf "%02X %02X %02X %02X %02X %02X %02X %02X", \ *(unsigned char*)($arg0), *(unsigned char*)($arg0 + 1), \ *(unsigned char*)($arg0 + 2), *(unsigned char*)($arg0 + 3), \ *(unsigned char*)($arg0 + 4), *(unsigned char*)($arg0 + 5), \ *(unsigned char*)($arg0 + 6), *(unsigned char*)($arg0 + 7) printf " - " printf "%02X %02X %02X %02X %02X %02X %02X %02X ", \ *(unsigned char*)($arg0 + 8), *(unsigned char*)($arg0 + 9), \ *(unsigned char*)($arg0 + 10), *(unsigned char*)($arg0 + 11), \ *(unsigned char*)($arg0 + 12), *(unsigned char*)($arg0 + 13), \ *(unsigned char*)($arg0 + 14), *(unsigned char*)($arg0 + 15) printf "%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c%c\n", \ *(unsigned char*)($arg0), *(unsigned char*)($arg0 + 1), \ *(unsigned char*)($arg0 + 2), *(unsigned char*)($arg0 + 3), \ *(unsigned char*)($arg0 + 4), *(unsigned char*)($arg0 + 5), \ *(unsigned char*)($arg0 + 6), *(unsigned char*)($arg0 + 7), \ *(unsigned char*)($arg0 + 8), *(unsigned char*)($arg0 + 9), \ *(unsigned char*)($arg0 + 10), *(unsigned char*)($arg0 + 11), \ *(unsigned char*)($arg0 + 12), *(unsigned char*)($arg0 + 13), \ *(unsigned char*)($arg0 + 14), *(unsigned char*)($arg0 + 15) end # ________________process context_____________ _ define context printf "______________________________________ _" printf "_______________________________________ _\n" reg printf "[%04X:%08X]------------------------", $ss, $esp printf "---------------------------------[stack]\n" hexdump $sp+48 hexdump $sp+32 hexdump $sp+16 hexdump $sp printf "[%04X:%08X]------------------------", $cs, $eip printf "---------------------------------[ code]\n" x /8i $pc printf "---------------------------------------" printf "---------------------------------------\n" end Of these, the context macro is the most interesting. This macro builds on the previous reg and hexdump macros, which display the x86 registers and a standard hexadecimal dump of an address, respectively. The context macro formats these and displays an eight-line disassembly of the current instruction. With the display of information taken care of, aliases can be assigned to the usual process control commands to take advantage of the display macros: # ________________process control_____________ _ define n ni context end define c continue context end define go stepi $arg0 context end define goto tbreak $arg0 continue context end define pret finish context end define start tbreak _start r context end define main tbreak main r context end The n command simply replaces the default step command with the "step one machine instruction" command and displays the context when the process stops; c performs a continue and displays the context at the next process break. The go command steps $arg0 number of instructions, while the goto command attempts to execute until address $arg0 (note that intervening break- and watchpoints will still stop the program), and the pret command returns from the current function. Both start and main are useful for starting a debugging session: they run the target and break on the first execution of _start( ) (the target entry point) and main( ) , respectively. And, finally, some useful gdb display options can be set: # __________________gdb options________________ _ set confirm 0 set verbose off set prompt gdb> set output-radix 0x10 set input-radix 0x10 For brevity, none of these macros provides help text; it can be added using the document command to associate a text explanation with a given command: document main Run program; break on main; clear breakpoint on main end The text set by the document command will appear under "help user-defined". Using this .gdbinit , gdb is finally prepared for assembly language debugging: bash# gdb a.out ... (no debugging symbols found)... gdb> main Breakpoint 1 at 0x8048406 in main( ) ___________________________________________________________________________ _ eax:00000001 ebx:4013C0B8 ecx:00000000 edx:08048400 eflags:00000282 esi:40014C34 edi:BFFFFB74 esp:BFFFFAF4 ebp:BFFFFB0C eip:08048406 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B [002B:BFFFFAF4]------------------------------------------------------[stack] BFFFFB3C : 74 FB FF BF 94 E5 03 40 - 80 9F 31 83 04 08 00 84 ............ BFFFFB26 : 00 00 48 FB FF BF 21 E6 - 03 40 00 00 10 83 04 08 ............ BFFFFB0A : FF BF 48 FB FF BF 4F E6 - 03 40 FF BF 7C FB FF BF ............ BFFFFAF4 : 84 95 04 08 18 FB FF BF - E8 0F 90 A7 00 40 28 FB ............ [0023:08048406]------------------------------------------------------[ code] 0x8048406 <main+6>: movlbash# gdb a.out ... (no debugging symbols found)... gdb> main Breakpoint 1 at 0x8048406 in main( ) ___________________________________________________________________________ _ eax:00000001 ebx:4013C0B8 ecx:00000000 edx:08048400 eflags:00000282 esi:40014C34 edi:BFFFFB74 esp:BFFFFAF4 ebp:BFFFFB0C eip:08048406 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B [002B:BFFFFAF4]------------------------------------------------------[stack] BFFFFB3C : 74 FB FF BF 94 E5 03 40 - 80 9F 31 83 04 08 00 84 ............ BFFFFB26 : 00 00 48 FB FF BF 21 E6 - 03 40 00 00 10 83 04 08 ............ BFFFFB0A : FF BF 48 FB FF BF 4F E6 - 03 40 FF BF 7C FB FF BF ............ BFFFFAF4 : 84 95 04 08 18 FB FF BF - E8 0F 90 A7 00 40 28 FB ............ [0023:08048406]------------------------------------------------------[ code] 0x8048406 <main+6>: movl $0x29a,0xfffffffc(%ebp) 0x804840d <main+13>: lea 0x0(%esi),%esi 0x8048410 <main+16>: jmp 0x8048414 <main+20> 0x8048412 <main+18>: jmp 0x8048426 <main+38> 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: add $0xfffffff4,%esp 0x804841a <main+26>: push $0x1 0x804841c <main+28>: call 0x80482f0 <sleep> ---------------------------------------------------------------------------- gdb>x29a,0xfffffffc(%ebp) 0x804840d <main+13>: lea 0x0(%esi),%esi 0x8048410 <main+16>: jmp 0x8048414 <main+20> 0x8048412 <main+18>: jmp 0x8048426 <main+38> 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: addbash# gdb a.out ... (no debugging symbols found)... gdb> main Breakpoint 1 at 0x8048406 in main( ) ___________________________________________________________________________ _ eax:00000001 ebx:4013C0B8 ecx:00000000 edx:08048400 eflags:00000282 esi:40014C34 edi:BFFFFB74 esp:BFFFFAF4 ebp:BFFFFB0C eip:08048406 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B [002B:BFFFFAF4]------------------------------------------------------[stack] BFFFFB3C : 74 FB FF BF 94 E5 03 40 - 80 9F 31 83 04 08 00 84 ............ BFFFFB26 : 00 00 48 FB FF BF 21 E6 - 03 40 00 00 10 83 04 08 ............ BFFFFB0A : FF BF 48 FB FF BF 4F E6 - 03 40 FF BF 7C FB FF BF ............ BFFFFAF4 : 84 95 04 08 18 FB FF BF - E8 0F 90 A7 00 40 28 FB ............ [0023:08048406]------------------------------------------------------[ code] 0x8048406 <main+6>: movl $0x29a,0xfffffffc(%ebp) 0x804840d <main+13>: lea 0x0(%esi),%esi 0x8048410 <main+16>: jmp 0x8048414 <main+20> 0x8048412 <main+18>: jmp 0x8048426 <main+38> 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: add $0xfffffff4,%esp 0x804841a <main+26>: push $0x1 0x804841c <main+28>: call 0x80482f0 <sleep> ---------------------------------------------------------------------------- gdb>xfffffff4,%esp 0x804841a <main+26>: pushbash# gdb a.out ... (no debugging symbols found)... gdb> main Breakpoint 1 at 0x8048406 in main( ) ___________________________________________________________________________ _ eax:00000001 ebx:4013C0B8 ecx:00000000 edx:08048400 eflags:00000282 esi:40014C34 edi:BFFFFB74 esp:BFFFFAF4 ebp:BFFFFB0C eip:08048406 cs:0023 ds:002B es:002B fs:0000 gs:0000 ss:002B [002B:BFFFFAF4]------------------------------------------------------[stack] BFFFFB3C : 74 FB FF BF 94 E5 03 40 - 80 9F 31 83 04 08 00 84 ............ BFFFFB26 : 00 00 48 FB FF BF 21 E6 - 03 40 00 00 10 83 04 08 ............ BFFFFB0A : FF BF 48 FB FF BF 4F E6 - 03 40 FF BF 7C FB FF BF ............ BFFFFAF4 : 84 95 04 08 18 FB FF BF - E8 0F 90 A7 00 40 28 FB ............ [0023:08048406]------------------------------------------------------[ code] 0x8048406 <main+6>: movl $0x29a,0xfffffffc(%ebp) 0x804840d <main+13>: lea 0x0(%esi),%esi 0x8048410 <main+16>: jmp 0x8048414 <main+20> 0x8048412 <main+18>: jmp 0x8048426 <main+38> 0x8048414 <main+20>: incl 0xfffffffc(%ebp) 0x8048417 <main+23>: add $0xfffffff4,%esp 0x804841a <main+26>: push $0x1 0x804841c <main+28>: call 0x80482f0 <sleep> ---------------------------------------------------------------------------- gdb>x1 0x804841c <main+28>: call 0x80482f0 <sleep> ---------------------------------------------------------------------------- gdb> The context screen will print in any macro that calls context and can be invoked directly if need be; as with typical binary debuggers, a snapshot of the stack is displayed as well as a disassembly of the current instruction and the CPU registers. 3.1.3 Runtime MonitoringNo discussion of reverse engineering tools would be complete without a mention of lsof and ltrace. While neither of these are standard Unix utilities that are guaranteed to ship with a system, they have become quite common and are included in every major Linux distribution as well as FreeBSD, OpenBSD, and NetBSD. The lsof utility stands for "list open files"; by default, it will display a list of all open files on the system, their type, size , owning user, and the command name and PID of the process that opened them: bash# lsof COMMAND PID USER FD TYPE SIZE NODE NAME init 1 root cwd DIR 4096 2 / init 1 root rtd DIR 4096 2 / init 1 root txt REG 27856 143002 /sbin/init init 1 root mem REG 92666 219723 /lib/ld-2.2.4.so init 1 root mem REG 1163240 224546 /lib/libc-2.2.4.so init 1 root 10u FIFO 64099 /dev/initctl keventd 2 root cwd DIR 4096 2 / keventd 2 root rtd DIR 4096 2 / keventd 2 root 10u FIFO 64099 /dev/initctl ksoftirqd 3 root cwd DIR 4096 2 / ... Remember that in Unix, everything is a file; therefore, lsof will list ttys, directories, pipes, sockets, and memory mappings as well as simple files. The FD or File Descriptor field serves as an identifier and can be used to filter results from the lsof output. FD consists of a file descriptor (a number) or a name, followed by an optional mode character and an optional lock character: 10uW cwd ^^---------^^^------------- FD or name ^-----------^------------ mode ^-----------^----------- lock where name is one of: cwd current working directory rtd root dir pd parent directory txt program [text] Lnn library reference ltx shared library code [text] mem memory-mapped file mode can be one of these: r read access w write access u read and write access space unknown [no lock character follows] - unknown [lock character follows] And lock can be one of: N Solaris NFS lock [unknown type] r read lock [part of file] R read lock [entire file] w write lock [part of file] W write lock [entire file] u read and write lock [any length] U unknown lock type x SCO OpenServer Xenix lock [part of the file] X SCO OpenServer Xenix lock [entire file] space no lock The name portion of the FD field can be used in conjunction with the -d flag to limit the reporting to specific file descriptors: lsof -d 0-3 # List STDIN, STDOUT, STDERR lsof -d 3-65536 # List all other file descriptors lsof -d cwd,pd,rtd # List all directories lsof -d mem,txt # List all binaries, libraries, memory maps Specific flags exist for limiting the output to special file types; -i shows only TCP/IP sockets, -U shows only Unix sockets, and -N shows only NFS files: bash# lsof -i COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME inetd 10281 root 4u IPv4 540746 TCP *:auth (LISTEN) xfstt 10320 root 2u IPv4 542171 TCP *:7101 (LISTEN) bash# lsof -U COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME gpm 228 root 1u Unix 0xcf62c3c0 430 /dev/gpmctl xinit 514 _m 3u Unix 0xcef05aa0 2357 socket XFree86 515 _m 1u Unix 0xcfe0f3e0 2355 /tmp/.X11-Unix/X0 To limit the results even further, lsof output can be limited by specifying a PID (process ID) with the -p flag, a username with the -u flag, or a command name with the -c flag: bash# lsof -p 11283 COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME man 11283 man cwd DIR 3,1 4096 234285 /usr/share/man man 11283 man rtd DIR 3,1 4096 2 / man 11283 man txt REG 3,1 82848 125776 /usr/lib/man-db/man ... man 11283 man 3w REG 3,1 93628 189721 /tmp/zmanoteNaJ bash# lsof -c snort COMMAND PID USER FD TYPE DEVICE NODE NAME ... snort 10506 root 0u CHR 1,3 62828 /dev/null snort 10506 root 1u CHR 1,3 62828 /dev/null snort 10506 root 2u CHR 1,3 62828 /dev/null snort 10506 root 3u sock 0,0 546789 can't identify protocol snort 10506 root 4w REG 3,1 49916 /var/log/snort/snort.log This can be used effectively with the -r command to repeat the listing every n seconds; the following example demonstrates updating the listing each second: bash# lsof -c snort -r 1 grep -v 'REG\DIR\CHR' COMMAND PID USER FD TYPE DEVICE NODE NAME snort 10506 root 3u sock 0,0 546789 can't identify protocol ======= COMMAND PID USER FD TYPE DEVICE NODE NAME snort 10506 root 3u sock 0,0 546789 can't identify protocol ======= ... Finally, passing filenames to lsof limits the results to files of that name only: bash# lsof /tmp/zmanoteNaJ COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME man 11283 man 3w REG 3,1 93628 189721 /tmp/zmanoteNaJ sh 11286 man 3w REG 3,1 93628 189721 /tmp/zmanoteNaJ gzip 11287 man 3w REG 3,1 93628 189721 /tmp/zmanoteNaJ pager 11288 man 3w REG 3,1 93628 189721 /tmp/zmanoteNaJ Combining this with -r and -o would be extremely useful for tracking reads and writes to a file ”if -o was working in lsof. The ltrace utility traces library and system calls made by a process; it is based on ptrace ( ), meaning that it can take a target as an argument or attach to a process using the -p PID flag. The flags to ltrace are simple: -p # Attach to process # and trace -i Show instruction pointer at time of call -S Show system calls -L Hide library calls -e list Include/exclude library calls in 'list' Thus, -L -S shows only the system calls made by the process. The -e parameter takes a comma-separated list of functions to list; if the list is preceded by a "!", the functions are excluded from the output. The list !printf,fprintf prints all library calls except printf( ) and fprintf( ) , while -e execl,execlp,execle,execv,execvp prints only the exec calls in the program. System calls ignore the -e lists. For a library call, ltrace prints the name of the call, the parameters passed to it, and the return value: bash# ltrace -i /bin/date [08048d01] _ _libc_start_main(0x080491ec, 1, 0xbffffb44, 0x08048a00, 0x0804bb7c <unfinished ...> [08048d89] _ _register_frame_info(0x0804ee94, 0x0804f020, 0xbffffae8, 0x40050fe8, 0x4013c0b8) = 0x4013cde0 ... [0804968e] time(0xbffffa78) = 1039068300 [08049830] localtime(0xbffffa38) = 0x401407e0 [0804bacd] realloc(NULL, 200) = 0x0804f260 [080498b8] strftime("Wed Dec 4 22:05:00 PST 2002", 200, "%a %b %e %H:%M:%S %Z %Y", 0x401407e0) = 28 [080498d2] printf("%s\n", "Wed Dec 4 22:05:00 PST 2002") = 29 System call traces have similar parameters, although the call names are preceded by "SYS_", and the syscall ordinal may be present if the name is unknown: bash# ltrace -S -L /bin/date SYS_uname(0xbffff71c) = 0 SYS_brk(NULL) = 0x0804f1cc SYS_mmap(0xbffff50c, 0x40014ea0, 0x400146d8, 4096, 640) = 0x40015000 ... SYS_time(0xbffffa78, 0x0804ca74, 0, 0, 0) = 0x3deeeba0 SYS_open("/etc/localtime", 0, 0666) = 3 SYS_197(3, 0xbffff75c, 0x4013ce00, 0x4014082c, 3) = 0 SYS_mmap(0xbffff724, 0xbffff75c, 0x4013c0b8, 0x0804f220, 4096)=0x40016000 SYS_read(3, "TZif", 4096) = 1017 SYS_close(3) = 0 SYS_munmap(0x40016000, 4096) = 0 SYS_197(1, 0xbffff2ac, 0x4013ce00, 0x4014082c, 1) = 0 SYS_ioctl(1, 21505, 0xbffff1f8, 0xbffff240, 8192) = 0 SYS_mmap(0xbffff274, 0, 0x4013c0b8, 0x401394c0, 4096) = 0x40016000 SYS_write(1, "Wed Dec 4 22:01:04 PST 2002\n", 29) = 29 ... The ltrace utility is extremely useful when attempting to understand a target; however, it must be used with caution, for it is trivial for a target to detect if it is being run under ptrace. It is advisable to always run a potentially hostile target under a debugger such as gdb before running it under an automatic trace utility such as ltrace; this way, any ptrace-based protections can be observed and countered in preparation for the ltrace. 3.1.4 DisassemblyThe disassembler is the most important tool in the reverse engineer's kit; without it, automatic analysis of the target is difficult, if not impossible . The good news is that Unix and Linux systems ship with a working disassembler; unfortunately, it is not a very good one. The objdump utility is usually described as "sufficient"; it is an adequate disassembler, with support for all of the file types and CPU architectures that the BFD library understands (see Section 3.4.3). Its analysis is a straightforward sequential disassembly; no attempt is made to reconstruct the control flow of the target. In addition, it cannot handle binaries that have missing or invalid section headers, such as those produced by sstrip (see Section 3.3.2). It should be made clear that a disassembler is a utility that converts the machine-executable binary code of a program into the human-readable assembly language for that processor. In order to make use of a disassembler, you must have some familiarity with the assembly language to which the target will be converted. Those unfamiliar with assembly language and how Linux programs written in assembly language look are directed to read the available tutorials and source code (see Section 3.5). The basic modes of objdump determine its output: objdump -f [target] Print out a summary of the target objdump -h [target] Print out the ELF section headers objdump -p [target] Print out the ELF program headers objdump -T [target] Print out the dynamic symbols [imports] objdump -t [target] Print out the local symbols objdump -d [target] Disassemble all code sections objdump -D [target] Disassemble all sections objdump -s [target] Print the full contents of all sections Details of the ELF headers are discussed further under Section 3.4.1. When in one of these modes, objdump can print out specific ELF sections with the -j argument: objdump -j [ section-name ] [ target ] Note that section-name can only refer to sections in the section headers; the segments in the program headers cannot be dumped with the -j flag. The -j flag is useful for limiting the output of objdump to only the desired sections (e.g., in order to skip the dozens of compiler version strings that GCC packs into each object file). Multiple -j flags have no effect; only the last -j flag is used. The typical view of a target is that of a file header detailing the sections in the target, followed by a disassembly of the code sections and a hex dump of the data sections. This can be done easily with multiple objdump commands: bash# (objdump -h a.out; objdump -d a.out; objdump -s i-j .data; \ objdump -s -j .rodata) > a.out.lst By default, objdump does not show hexadecimal bytes, and it skips blocks of NULL bytes when disassembling . This default behavior may be overridden with the --show-raw-insn and --disassemble-zeroes options. 3.1.5 Hex DumpsIn addition to the objdump disassembler, Unix and Linux systems ship with the octal dump program, or od. This is useful when a hex, octal, or ASCII dump of a program is needed; for example, when objdump is unable to process the file or when the user has scripts that will process binary data structures found in the data sections. The data addresses to be dumped can be obtained from objdump itself by listing the program headers and using grep to filter the listing: bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", , ) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...001bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...002bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e rbash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...364 256 004 \bbash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ printf("-j 0x%s -N 0x%s a.out\n", $6, $3) }' \ xargs -n 5 -t od -A x -t x1 -t c -w16 od -A x -t x1 -t c -w16 a.out -j 0x00001860 -N 0x00000227 001860 03 00 00 00 01 00 02 00 00 00 00 00 00 00 00 00 003 \0 \0 \0 001 \0 002 \0 \0 \0 \0 \0 \0 \0 \0 \0 001870 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001880 44 65 63 65 6d 62 65 72 00 4e 6f 76 65 6d 62 65 D e c e m b e r \0 N o v e m b e ... od -A x -t x1 -t c -w16 a.out -j 0x00001aa0 -N 0x00000444 001aa0 00 00 00 00 f4 ae 04 08 00 00 00 00 00 00 00 00 \0 \0 \0 \0 364 256 004 \b \0 \0 \0 \0 \0 \0 \0 \0 001ab0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ...001ac0 40 28 23 29 20 43 6f 70 79 72 69 67 68 74 20 28 @ ( # ) C o p y r i g h t ( ... The xargs -t option prints the full od command before displaying the output; the arguments passed to od in the above example are: -A x Use hexadecimal ['x'] for the address radix in output -t x1 Print the bytes in one-byte ['1'] hex ['x'] format -t c Print the character representation of each byte -w16 Print 16 bytes per line -j addr Start at offset 'addr' in the file -N len Print up to 'len' bytes from the start of the file The output from the above example could be cleaned up by removing the -t c argument from od and the -t argument from xargs . In some systems, od has been replaced by hexdump, which offers much more control over formatting ”at the price of being somewhat complicated. bash# objdump -h a.out grep "\.rodata\\.data" \ awk '{ off = sprintf( "0x%s", ); len = sprintf( "0x%s", ); \ printf("-s %s -n %d a.out\n", off, len) }' \ xargs -n 5 -t hexdump -e \ '"%08_ax: " 8/1 "%02x " " - " 8/1 "%02x " " "' \ -e '"%_p"' '"\n"' The hexdump arguments appear more complex than those to od due to the format string passed; however, they are very similar: -s addr Start at offset 'addr' in the file -n len Print up to 'len' bytes from the start of the file -e format The hexdump format string is fprintf( ) inspired, but it requires some maniacal quoting to make it functional. The formatting codes take the format iteration_count / byte_count " format_str ", where "iteration_count" is the number of times to repeat the effect of the format string, and "byte_count" is the number of data bytes to use as input to the format string. The format strings used in the above example are: %08_ax Print address of byte with field width of 8 %02x Print hex value of byte with field width of 2 %p Print ASCII character of next byte or '.' These are strung together with string constants such as " ", " - ", and "\n", which will be printed between the expansion of the formatting codes. The example uses three format strings to ensure that the ASCII representation does not throw off the byte count; thus, the first format string contained within protective single-quotes consists of an address, eight 1-byte %02x conversions, a space/hyphen delimiter, eight more 1-byte %02x conversions, and a space delimiter ; the second consists of an ASCII conversion on the same set of input, and the third ignores the set of input and printf a newline. All format strings are applied in order. Note that unlike od, hexdump does not take hex values as input for its len parameter; a bit of awk manipulation was performed on the input to acquire correct input values. The output from hexdump is worth the extra complexity: bash# hexdump -e '"%08_ax: " 8/1 "%02x " " - " 8/1 "%02x " " "' -e '"%_p"' \ -e '"\n"' -s 0x00001860 -n 551 a.out 00001860: 03 00 00 00 01 00 02 00 - 00 00 00 00 00 00 00 00 ................ 00001870: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00001880: 44 65 63 65 6d 62 65 72 - 00 4e 6f 76 65 6d 62 65 December.Novembe ... bash# hexdump -e '"%08_ax: " 8/1 "%02x " " - " 8/1 "%02x " " "' -e '"%_p"' \ -e '"\n"' -s 0x00001aa0 -n 1092 a.out 00001aa0: 00 00 00 00 f4 ae 04 08 - 00 00 00 00 00 00 00 00 ................ 00001ab0: 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................ 00001ac0: 40 28 23 29 20 43 6f 70 - 79 72 69 67 68 74 20 28 @(#) Copyright ( ... The output of either od or hexdump can be appended to an objdump disassembly in order to provide a more palatable data representation than objdump -s , or can be passed to other Unix utilities in order to scan for strings or patterns of bytes or to parse data structures. |
< Day Day Up > |