|< Linux gnu ldd, readelf, od 5 |Main |Site Index |Download |





MODULE 111-6







My Training Period: xx hours


The size - Viewing Sizes



The GNU size utility lists the section sizes and the total size for each of the object or archive files OBJFILE in its argument list.  By default, one line of output is generated for each object file or each module in an archive.OBJFILE are the object files to be examined.  If none are specified, the file 'a.out' will be used.

Usage: size [option(s)] [file(s)]

Displays the sizes of sections inside binary files  If no input file(s) are specified, a.out is assumed

The options are:

-A|-B     --format={sysv|berkeley}

Select output style (default is Berkeley)

-o|-d|-x  --radix={8|10|16}

Display numbers in octal, decimal or hex

-t        --totals

Display the total sizes (Berkeley only)


Set the binary file format

-h        --help

Display this information

-v        --version

Display the program's version




Compile and link (for static linking).


[bodo@bakawali testbed5]$ gcc -g -static testbuff.c -o testbuff

/tmp/ccwh4rvU.o(.text+0x1e): In function `Test':

/home/bodo/testbed5/testbuff.c:8: warning: the `gets' function is dangerous and should not be used.


[bodo@bakawali testbed5]$ size -d testbuff

   text           data     bss   dec     hex  filename

 380157    3368    4476  388001   5eba1 testbuff


Compile and link (for dynamic linking).  Note the executable size difference. Statically link will result in bigger file size!


[bodo@bakawali testbed5]$ gcc -g testbuff.c -o testbuff

/tmp/ccMunGye.o(.text+0x1e): In function `Test':

/home/bodo/testbed5/testbuff.c:8: warning: the `gets' function is dangerous and should not be used.


[bodo@bakawali testbed5]$ size -d testbuff

   text     data      bss  dec      hex filename

   1031     264       4    1299     513 testbuff


The strings - Printing The Printable Characters



For each FILE given, GNUstrings utility prints the printable character sequences that are at least 4 characters long (or the number given with the options below) and are followed by an unprintable character.  By default, it only prints the strings from theinitialized and loaded sections of object files; for other types of files, it prints the strings from the whole file.  'strings' is mainly useful for determining the contents of non-text files for displaying printable strings in [file(s)] (stdin by default)

Usage: strings [option(s)] [file(s)]

The options are:

-a - --all

Scan the entire file, not just the data section

-f --print-file-name

Print the name of the file before each string

-n --bytes=[number]

Locate & print any NUL-terminated sequence of at


least [number] characters (default 4).

-t --radix={o,x,d}

Print the location of the string in base 8, 10 or 16


An alias for --radix=o

-T --target=<BFDNAME>

Specify the binary file format

-e --encoding={s,S,b,l,B,L}

Select character size and endianness:

s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit

-h --help

Display this information

-v --version

Print the program's version number




[bodo@bakawali testbed5]$ strings -a -f -t x testbuff.o

testbuff.o:      94 Some input:

testbuff.o:      a2 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

testbuff.o:      d3 .symtab

testbuff.o:      db .strtab

testbuff.o:      e3 .shstrtab

testbuff.o:      ed .rel.text

testbuff.o:      f7 .data

testbuff.o:      fd .bss

testbuff.o:     102 .rodata

testbuff.o:     10a .note.GNU-stack

testbuff.o:     11a .comment

testbuff.o:     3ad testbuff.c

testbuff.o:     3b8 Test

testbuff.o:     3bd printf

testbuff.o:     3c4 gets

testbuff.o:     3c9 puts

testbuff.o:     3ce main











[bodo@bakawali testbed5]$ strings -a -f -t x testbuff

testbuff:     114 /lib/ld-linux.so.2

testbuff:     1fd _Jv_RegisterClasses

testbuff:     211 __gmon_start__

testbuff:     220 libc.so.6

testbuff:     22a printf

testbuff:     231 gets

testbuff:     236 puts

testbuff:     23b _IO_stdin_used

testbuff:     24a __libc_start_main

testbuff:     25c GLIBC_2.0

testbuff:     330 PTRh

testbuff:     510 Some input:


testbuff:     6c0 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

testbuff:     6f1 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

testbuff:     722 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

testbuff:     784 Test

testbuff:     78d main

testbuff:     7ae GNU C 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)

testbuff:     7da testbuff.c

testbuff:     7e5 /home/bodo/testbed5

testbuff:     801 unsigned char

testbuff:     812 short unsigned int

testbuff:     828 long unsigned int

testbuff:     83d signed char


testbuff:     94f argc

testbuff:     95e argv

testbuff:     a6c testbuff.c

testbuff:     a7a <internal>

testbuff:     b26 .hash

testbuff:     b2c .dynsym


testbuff:     b95 .dtors

testbuff:     b9c .jcr

testbuff:     ba1 .dynamic

testbuff:     baa .got

testbuff:     baf .got.plt

testbuff:     bb8 .data

testbuff:     bbe .bss

testbuff:     bc3 .comment

testbuff:     bcc .debug_aranges

testbuff:     bdb .debug_pubnames




[bodo@bakawali testbed5]$


The objcopy - Copying/Transforming A Binary File


objcopy will copy a binary file, possibly transforming it in the process. Add/remove ELF sections.

Usage: objcopy [option(s)] in-file [out-file]

The options are:

-I --input-target <bfdname>

Assume input file is in format <bfdname>

-O --output-target <bfdname>

Create an output file in format <bfdname>

-B --binary-architecture <arch>

Set arch of output file, when input is binary

-F --target <bfdname>

Set both input and output format to <bfdname>


Convert debugging information, if possible

-p --preserve-dates

Copy modified/access timestamps to the output

-j --only-section <name>

Only copy section <name> into the output


Add section .gnu_debuglink linking to <file>

-R --remove-section <name>

Remove section <name> from the output

-S --strip-all

Remove all symbol and relocation information

-g --strip-debug

Remove all debugging symbols & sections


Remove all symbols not needed by relocations

-N --strip-symbol <name>

Do not copy symbol <name>


Strip everything but the debug information

-K --keep-symbol <name>

Only copy symbol <name>

-L --localize-symbol <name>

Force symbol <name> to be marked as a local

-G --keep-global-symbol <name>

Localize all symbols except <name>

-W --weaken-symbol <name>

Force symbol <name> to be marked as a weak


Force all global symbols to be marked as weak

-w --wildcard

Permit wildcard in symbol comparison

-x --discard-all

Remove all non-global symbols

-X --discard-locals

Remove any compiler-generated symbols

-i --interleave <number>

Only copy one out of every <number> bytes

-b --byte <num>

Select byte <num> in every interleaved block

--gap-fill <val>

Fill gaps between sections with <val>

--pad-to <addr>

Pad the last section up to address <addr>

--set-start <addr>

Set the start address to <addr>

{--change-start|--adjust-start} <incr>

Add <incr> to the start address

{--change-addresses|--adjust-vma} <incr>

Add <incr> to LMA, VMA and start addresses

{--change-section-address|--adjust-section-vma} <name>{=|+|-}<val>

Change LMA and VMA of section <name> by <val>

--change-section-lma <name>{=|+|-}<val>

Change the LMA of section <name> by <val>

--change-section-vma <name>{=|+|-}<val>

Change the VMA of section <name> by <val>


Warn if a named section does not exist

--set-section-flags <name>=<flags>

Set section <name>'s properties to <flags>

--add-section <name>=<file>

Add section <name> found in <file> to output

--rename-section <old>=<new>[,<flags>]

Rename section <old> to <new>


Force output format's leading character style


Remove leading character from global symbols

--redefine-sym <old>=<new>

Redefine symbol name <old> to <new>

--redefine-syms <file>

--redefine-sym for all symbol pairs listed in <file>

--srec-len <number>

Restrict the length of generated Srecords


Restrict the type of generated Srecords to S3

--strip-symbols <file>

-N for all symbols listed in <file>

--keep-symbols <file>

-K for all symbols listed in <file>

--localize-symbols <file>

-L for all symbols listed in <file>

--keep-global-symbols <file>

-G for all symbols listed in <file>

--weaken-symbols <file>

-W for all symbols listed in <file>

--alt-machine-code <index>

Use alternate machine code for output


Mark the output text as writable


Make the output text write protected


Mark the output file as demand paged


Mark the output file as impure

--prefix-symbols <prefix>

Add <prefix> to start of every symbol name

--prefix-sections <prefix>

Add <prefix> to start of every section name

--prefix-alloc-sections <prefix>

Add <prefix> to start of every allocatable section name

-v --verbose

List all object files modified

-V --version

Display this program's version number

-h --help

Display this output


List object formats & architectures supported


The GNU objcopy utility copies the contents of an object file to another. objcopy uses the GNU BFD Library to read and write the object files.  It can write the destination object file in a format different from that of the source object file.  The exact behavior of objcopy is controlled by command-line options.  Note that objcopy should be able to copy a fully linked file between any two formats.

However, copying a relocatable object file between any two formats may not work as expected.

objcopy creates temporary files to do its translations and deletes them afterward. objcopy uses BFD to do all its translation work; it has access to all the formats described in BFD and thus is able to recognize most formats without being told explicitly.

objcopy can be used to generate S-records by using an output target of 'srec' (e.g., use '-O srec').

objcopy can be used to generate a raw binary file by using an output target of  'binary' (e.g., use '-O binary').  When objcopy generates a raw binary file, it will essentially produce a memory dump of the contents of the input object file.  All symbols and relocation information will be discarded.  The memory dump will start at the load address of the lowest section copied into the output file.

When generating an S-record or a raw binary file, it may be helpful to use '-S' to remove sections containing debugging information.  In some cases '-R' will be useful to remove sections which contain information that is not needed by the binary file.


Note: objcopy is not able to change the endianness of its input files.  If the input format has endianness (some formats do not), objcopy can only copy the inputs into file formats that have the same endianness or which have no endianness (e.g., srec).


The strace - Tracing System Calls And Signals



strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file][-p pid] ... [-s strsize] [-u username] [-E var=val] ...[command [arg ...]]


strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...[command [arg ...]]


count time, calls, and errors for each syscall and report summary


follow forks


with output into separate files


attempt to follow vforks


print help message


print instruction pointer at time of syscall


suppress messages about attaching, detaching, etc.


print relative timestamp


absolute timestamp


with usecs


print time spent in each syscall


print version


verbose mode: print unabbreviated argv, stat, termio[s], etc. args


print non-ascii strings in hex


print all strings in hex

-a column

alignment COLUMN for printing syscall results (default 40)

-e expr

A qualifying expression: option=[!]all or option=[!]val1[,val2]...

options: trace, abbrev, verbose, raw, signal, read, or write

-o file

send trace output to FILE instead of stderr

-O overhead

set overhead for tracing syscalls to OVERHEAD usecs

-p pid

trace process with process id PID, may be repeated

-s strsize

limit length of print strings to STRSIZE chars (default 32)

-S sortby

sort syscall counts by: time, calls, name, nothing (default time)

-u username

run command as username handling setuid and/or setgid

-E var=val

put var=val in the environment for command

-E var

remove var from the environment for command




strace - trace system calls and signals.



strace  [-dffhiqrtttTvxx] [-acolumn] [-eexpr] ... [-ofile] [-ppid] ... [-sstrsize] [-uusername] [-Evar=val] ... [-Evar] ... [command [arg ...]]


strace -c [-eexpr] ... [-Ooverhead] [-Ssortby] [command [arg ...]]


In the simplest case strace runs the specified command until it exits.   It intercepts and records the system calls which are called by a process and the signals which are received by a process.  The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option.

strace is a useful diagnostic, instructional, and debugging tool.  System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them.  Students, hackers and the overly curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs.  And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions.

Each  line  in  the  trace  contains  the system call name, followed by its arguments in parentheses  and  its  return  value.   An example from stracing the command at /dev/null is:


open("/dev/null", O_RDONLY) = 3


Errors (typically a return value of -1) have the errno symbol and error string appended.


open("/foo/bar", O_RDONLY) = -1 ENOENT (No such file or directory)


Signals are printed as a signal symbol and a signal string.  An excerpt from stracing and interrupting the command sleep is:


sigsuspend([] <unfinished ...>

--- SIGINT (Interrupt) ---

+++ killed by SIGINT +++


Arguments are printed in symbolic form with a passion.  This example shows the shell performing >>xyzzy output redirection:


open("xyzzy", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3


Here the three argument form of open is decoded by breaking down the flag argument into its three bitwise-OR constituents and printing the mode value in octal by tradition.  Where traditional or native usage differs from ANSI or POSIX, the latter forms are preferred.  In some cases, strace output has proven to be more readable than the source.


Structure pointers are dereferenced and the members are displayed as appropriate.  In all cases arguments are formatted in the most C-like fashion possible.  For example, the essence of the command ls -l /dev/null is captured as:


lstat("/dev/null", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0


Notice how the struct stat argument is dereferenced and how each member is displayed symbolically.  In particular, observe how the st_mode member is carefully decoded into a bitwise-OR of symbolic and numeric values.  Also notice in this example that the first argument to lstat is an input to the system call and the second argument is an output.  Since output arguments are not modified if the system call fails, arguments may not always be dereferenced.  For example, retrying the ls -l example with a non-existent file produces the following line:


lstat("/foo/bar", 0xb004) = -1 ENOENT (No such file or directory)


In this case the porch light is on but nobody is home.

Character pointers are dereferenced and printed as C strings.  Non-printing characters in strings are normally represented by ordinary C escape codes.  Only the first sstrsize (32 by default) bytes of strings are printed; longer strings have an ellipsis appended following the closing quote.  Here is a line from ls -l where the getpwuid library routine is reading the password file:


read(3, "root::0:0:System Administrator:/"..., 1024) = 422


While structures are annotated using curly braces, simple pointers and arrays are printed using square brackets with commas separating elements.  Here is an example from the command id on a system with supplementary group ids:


getgroups(32, [100, 0]) = 2


On the other hand, bit-sets are also shown using square brackets but set elements are separated only by a space.  Here is the shell preparing to execute an external command:


sigprocmask(SIG_BLOCK, [CHLD TTOU], []) = 0


Here the second argument is a bit-set of two signals,SIGCHLD and SIGTTOU.   In some cases the bit-set is so full that printing out the unset elements is more valuable.  In that case, the bit-set is prefixed by a tilde like this:


sigprocmask(SIG_UNBLOCK, ~[], NULL) = 0


Here, the second argument represents the full set of all signals.








Further related reading:


  1. Check the best selling C / C++, Networking, Linux and Open Source books at Amazon.com.

  2. Linux Socket programming tutorial.

  3. C, Buffer overflow and stack frame (construction and destruction).

  4. C, Compiler, Assembler and Linker.






|< Linux gnu ldd, readelf, od 5 |Main |Site Index |Download |

C & Linux GNU Related Utilities: Part 1 | Part 2 | Part 3 | Part 4 | Part 5 | Part 6