objdump Cheat Sheet
Disassemble ELF binaries, inspect sections, symbols, and relocations for exploit development.
Overview
objdump (GNU binutils) disassembles object files and prints headers, symbols, and dynamic relocations. Lightweight alternative to Ghidra for quick gadget and PLT/GOT inspection.
Authorized testing only. Use only on systems, networks, and accounts you own or have explicit written permission to test. Unauthorized access is illegal.
Install
sudo apt install -y binutilsobjdump -vEssential commands
Disassemble all executable sections
objdump -d -M intel ./vulnDisassemble specific function
objdump -d -M intel ./vuln | grep -A30 '<main>'ELF headers and program headers
objdump -f ./vulnreadelf -h ./vulnDynamic symbols / relocations
objdump -T ./vuln # dynamic symsobjdump -R ./vuln # relocations (GOT)Common workflows
Find dangerous functions —
objdump -d ./vuln | grep -E 'gets|strcpy|system|printf'nm -D ./vuln | grep -E 'system|exec'PLT entries for ret2plt —
objdump -d -M intel ./vuln | grep -A1 '@plt>'objdump -s -j .plt ./vulnLocate main and vulnerable path —
objdump -d -M intel ./vuln > dis.txtCompare stripped vs unstripped —
file ./vulnnm ./vuln 2>/dev/null || echo "stripped"objdump -t ./vuln | grep -i mainFull section dump (shellcode in .data) —
objdump -s -j .data ./vulnobjdump -s -j .rodata ./vuln | grep -i '/bin/'Flags reference
-d | Disassemble executable sections |
|---|---|
-D | Disassemble all sections |
-M intel | Intel syntax (x86) |
-M att | AT&T syntax (default) |
-t | Symbol table |
-T | Dynamic symbols |
-R | Dynamic relocations |
-h | Section headers |
-s | Full hex dump of sections |
--start-address=0x401000 --stop-address=0x401200 | Range |
Tips
- Pair with readelf -S and readelf -l for segment permissions (NX).
- For PIE, add runtime base from leak to static offsets from objdump.
- objdump -d on shared libs: objdump -d libc.so.6 | grep '<system@@' for offsets.
- Prefer radare2 / Ghidra for large binaries; objdump excels at quick greps.