Extract string variable from elf / obj file
I am trying to extract a specific string variable (i.e. character) from a Linux program file elf file, or even from .o. It's in the .rodata section, and obviously I know the name of the symbol. Is there a sequence of objdump style commands and parameters that I can use to dump a string?
Update:
For example, a .map file includes:
.rodata.default_environment 0x000000001013f763 0x615 common/built-in.o
0x000000001013f763 default_environment
The variable itself default_environment
is a standard null-terminated text string.
source to share
Is there a sequence of objdump style commands and parameters that I can use to dump a string?
Sure. Let's take an example:
const char foo[] = "Some text";
const char bar[] = "Other text";
const void *fn1() { return foo; }
const void *fn2() { return bar; }
$ gcc -c t.c
Let's say we want to extract content bar[]
.
$ readelf -Ws t.o | grep bar
10: 000000000000000a 11 OBJECT GLOBAL DEFAULT 5 bar
This tells us that the "content" of the variable bar
is in section 5 with an offset 0xa
and is 11 bytes long.
We can extract the entire section 5:
$ readelf -x5 t.o
Hex dump of section '.rodata':
0x00000000 536f6d65 20746578 74004f74 68657220 Some text.Other
0x00000010 74657874 00 text.
and indeed find the string we are looking for. If you really only want to extract the content bar
(e.g. because it is .rodata
really big and / or because it bar
contains inline NUL
s):
$ objcopy -j.rodata -O binary t.o t.rodata # extract just .rodata section
$ dd if=t.rodata of=bar bs=1 skip=10 count=11 # extract just bar
11+0 records in
11+0 records out
11 bytes (11 B) copied, 0.000214501 s, 51.3 kB/s
Look at the result:
$ xd bar
000000 O t h e r t e x t nul O t h e r t e x t .
QED.
source to share