We covered quite a bit already, but like the previous recipe, we didn't cover everything this tool offers. Most of the time, we'll just use this tool for disassembling our binary when performing static analysis, unless you prefer the output objdump offers over that of readelf, but I'll leave that up to you to decide when the time comes. Like some of the other tools we've gone over already, objdump can operate against multiple files at once. This becomes incredibly useful when we need to disassemble multiple files at once. For example, when we're analyzing a binary using an unknown library and we want to disassemble the library too, we can issue the following command:

$ objdump -d -M intel -l -F -w [binary] [library1] [library2]

Notice that we issued the lowercase -d argument so that we only review the executable sections of the binary and the libraries. Most of the time, this will be sufficient once we've determined any libraries that are used by the binary itself. In the event that the libraries themselves are also using a ton of shared libraries—and there's a small chance they are—we can use the capital -D argument to disassemble everything in each of the files.

Another useful feature of objdump are the arguments -EB and -EL, which tell objdump that the file is using either Big Endian format (-EB), or Little Endian format (-EL), while disassembling the file. This can be useful if you're analyzing a binary that runs on a system that's been formatted to use an Endian format different than the default Endianness of the system you're using to analyze the binary. Furthermore, we can use objdump to process data within a binary using a start and stop address by passing --start-address and --stop-address, respectively. These arguments come in handy if we only want to analyze a small portion of a binary, such as a small portion within the .text section.