NAME

alicedump — Object dumper.

SYNOPSIS

alicedump FILE

DESCRIPTION

Alicedump is an object dumper. By default, invoking it with a FILE will attempt to open, detect its type, and print a summary of the object, like file(1).

Many options exist to select the type of information to dump on screen. Its list of options can be viewed by invoking `--help`.

AVAILABILITY

Alicedump supports various object formats and these information types:

• UNIX Archives (ar): Headers
• COFF Objects: Headers
• ELF: Header, Program Headers, Sections, Dynamic Symbols, Disassembly
• LX: Header
• Mach-O: Regular and Fat Headers, Load Commands
• Memory Dumps (dmp): Header
• Minidump (mdmp): Header
• MSCOFF (Anonymous Objects): Header
• MZ: Header, Relocations
• NE: Header
• OMF Objects: Headers
• OMF Libraries: Headers
• PDB 2.0: Header
• PDB 7.0: Header, Stream information
• PE32: Headers, Directories, Sections, Exports, Imports, Debug entries, Disassembly

EXAMPLES

Default behavior is printing a short summary:

$ alicedump alicedbg
alicedbg: Executable and Linkable Format (elf), Executable, for AMD x86-64 (amd64) machines
$ alicedump alicedbg.exe
alicedbg.exe: Portable Executable (pe32), Executable, for AMD x86-64 (amd64) machines

To get headers of an object, using `--headers`:

$ alicedump --headers alicedbg
filename                    : alicedbg
filesize                    : 124096
type                        : Executable and Linkable Format
shortname                   : elf

# Header
e_ident[0]                  : 0x7f      (\x7f)
e_ident[1]                  : 0x45      (E)
e_ident[2]                  : 0x4c      (L)
e_ident[3]                  : 0x46      (F)
e_ident[EI_CLASS]           : 2 (ELF64)
e_ident[EI_DATA]            : 1 (LSB)
e_ident[EI_VERSION]         : 1
e_ident[EI_OSABI]           : 0 (NONE)
e_ident[EI_ABIVERSION]      : 0
e_ident[9]                  : 0
e_ident[10]                 : 0
e_ident[11]                 : 0
e_ident[12]                 : 0
e_ident[13]                 : 0
e_ident[14]                 : 0
e_ident[15]                 : 0
e_type                      : 2 (EXEC)
e_machine                   : 62        (AMD x86-64)
e_entry                     : 0x0000000000401032
e_phoff                     : 0x0000000000000040
e_shoff                     : 0x000000000001e100
e_flags                     : 0x00000000
e_ehsize                    : 64
e_phentsize                 : 56
e_phnum                     : 7
e_shentsize                 : 64
e_shnum                     : 15
e_shstrndx                  : 14

# Program Headers

index                       : 0
p_type                      : 1 (LOAD)
p_flags                     : 0x00000004        (PF_R)
p_offset                    : 0x0000000000000000
p_vaddr                     : 0x0000000000400000
p_paddr                     : 0x0000000000400000
p_filesz                    : 0x00000000000001c8
p_memsz                     : 0x00000000000001c8
p_align                     : 0x0000000000001000

index                       : 1
p_type                      : 1 (LOAD)
p_flags                     : 0x00000005        (PF_R,PF_X)
p_offset                    : 0x0000000000001000
p_vaddr                     : 0x0000000000401000
p_paddr                     : 0x0000000000401000
p_filesz                    : 0x000000000000f4e1
p_memsz                     : 0x000000000000f4e1
p_align                     : 0x0000000000001000

index                       : 2
p_type                      : 1 (LOAD)
p_flags                     : 0x00000004        (PF_R)
p_offset                    : 0x0000000000011000
p_vaddr                     : 0x0000000000411000
p_paddr                     : 0x0000000000411000
p_filesz                    : 0x0000000000008f4c
p_memsz                     : 0x0000000000008f4c
p_align                     : 0x0000000000001000

index                       : 3
p_type                      : 1 (LOAD)
p_flags                     : 0x00000006        (PF_R,PF_W)
p_offset                    : 0x000000000001a9f0
p_vaddr                     : 0x000000000041a9f0
p_paddr                     : 0x000000000041a9f0
p_filesz                    : 0x0000000000003648
p_memsz                     : 0x0000000000004810
p_align                     : 0x0000000000001000

index                       : 4
p_type                      : 1685382480        (GNU_EH_FRAME)
p_flags                     : 0x00000004        (PF_R)
p_offset                    : 0x000000000001916c
p_vaddr                     : 0x000000000041916c
p_paddr                     : 0x000000000041916c
p_filesz                    : 0x00000000000001ec
p_memsz                     : 0x00000000000001ec
p_align                     : 0x0000000000000004

index                       : 5
p_type                      : 1685382481        (GNU_STACK)
p_flags                     : 0x00000006        (PF_R,PF_W)
p_offset                    : 0x0000000000000000
p_vaddr                     : 0x0000000000000000
p_paddr                     : 0x0000000000000000
p_filesz                    : 0x0000000000000000
p_memsz                     : 0x0000000000000000
p_align                     : 0x0000000000000010

index                       : 6
p_type                      : 1685382482        (GNU_RELRO)
p_flags                     : 0x00000004        (PF_R)
p_offset                    : 0x000000000001a9f0
p_vaddr                     : 0x000000000041a9f0
p_paddr                     : 0x000000000041a9f0
p_filesz                    : 0x0000000000000610
p_memsz                     : 0x0000000000000610
p_align                     : 0x0000000000000001

AUTHOR

Alicedump was written by dd86k.

SEE ALSO

file(1), objdump(1), nm(1), readelf(1), pedump, Dependency Walker, PeInternal, PEAlchemist.