Help! objdump displays 64bit binary in 32bit format!

In taking Vivek Ramachandran’s course x86/64 Assembly and Sellcoding on Linux  I ran into a slight problem.  When we get to video #8, he’s discussing how to trim down the size of our code by removing unused registers (using AL instead of the full RAX register for example.)

He uses objdump to check the registers and see what data is stored in the registers of our executable.  When he does it in the video, it looks like like this:

Screen Shot 2015-10-26 at 1.51.31 PM

Here we have our long format, showing all 64 bits in the register (including the null bytes.)  However, when I (and others) tried this, we get:

Screen Shot 2015-10-26 at 1.52.34 PM

See the difference?  when we use objdump (they same way he did, with: objdump -M intel -d [executable]) we are not getting the full 64bit result.

After a bit of searching I found this post on StackOverflow, asking the same question.  The answer provided works perfectly.  He advised using -O0 (capital O and zero) to the string… like so:

nasm -O0 -f elf64 hellowworld.nasm -o HelloWorld.o

Now this can be compiled down with our standard linking:

ld HelloWorld.o -o HelloWorld

Re-running objdump -M intel -d [executable] now correctly renders the full 64bit format:

Screen Shot 2015-10-26 at 1.56.59 PM

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Written by Admin

I work for a Telecom company writing and testing software. My passion for writing code is expressed through this blog. It's my hope that it gives hope to any and all who are self-taught.


Leave a Reply


Disassembly: Tricking an Application

Assembly – What is Assembly?