堆栈内存溢出
  简体   繁体   English

为什么剥离的二进制文件在反汇编文件中仍然可以有库调用信息?

[英]Why a stripped binary file can still have library call information in the disassembled file?

 原文  2014-01-15 01:10:47       linux/ compilation/ linker/ strip/ symbol-table

问题描述

test platform is 32 bit Linux.测试平台为32位Linux。

I compile ac program without strip the symbol information, and use objdump to disassembly the elf executable file.我编译ac程序不带符号信息,使用objdump反汇编elf可执行文件。

Here is part of the results.这是部分结果。

804831c:  e8 8c fe ff ff     call 8048360 <printf@plt>

If I use:如果我使用:

strip binary

to remove the symbol info and use objdump to disassembly the elf executable file again, I can still see the results like:删除符号信息并使用objdump再次反汇编elf可执行文件,我仍然可以看到如下结果:

804831c:  e8 8c fe ff ff     call 8048360 <printf@plt>

So my question is:所以我的问题是:

How can disassembly tool like objdump know the name of certain library functions after I have stripped all the symbol information..?在我剥离了所有符号信息后,像 objdump 这样的反汇编工具如何知道某些库函数的名称..?

Thank you!谢谢!

2 个解决方案

解决方案1
 4 已采纳  2014-01-15 02:04:36

ELF file has 2 symbol tables: .symtab and .dynsym. ELF 文件有 2 个符号表:.symtab 和 .dynsym。 The latter is for dynamic symbols needed for dynamic linking (relocation).后者用于动态链接(重定位)所需的动态符号。 In your case, printf is in .dynsym and it may also be present in .symtab;在你的情况下, printf 在 .dynsym 中,它也可能出现在 .symtab 中; by default strip would remove .symtab but not .dynsym which is needed for relocation.默认情况下,strip 将删除 .symtab 而不是 .dynsym ,这是重新定位所需的。

You may try你可以试试

strip -R .dynsym your_binary strip -R .dynsym your_binary

to remove the dynsym section manually and you will find it fails to run due to relocation failure.手动删除dynsym部分,你会发现它由于重定位失败而无法运行。

解决方案2
 2  2014-01-15 02:20:16

Imported calls will always have the name, it is needed to link at runtime.导入的调用将始终具有名称,需要在运行时链接。 If you stripped the import name, how would your application know what to call?如果您去掉导入名称,您的应用程序如何知道该调用什么? Methods from external libraries may (and usually do) have a different address every time your application is executed.每次执行应用程序时,来自外部库的方法可能(并且通常确实)具有不同的地址。

On another note, inlined or statically-linked methods can sometimes be identified and named even without symbol information.另一方面,即使没有符号信息,有时也可以识别和命名内联或静态链接的方法。 Many disassemblers look for common patterns associated with some standard library functions.许多反汇编程序寻找与某些标准库函数相关的通用模式。 memcpy() for example, can often be heuristically identified and labeled even without symbol info available.例如,即使没有可用的符号信息, memcpy()通常也可以启发式地识别和标记。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 dlsym 如何从剥离的二进制库中成功导入 function? - How can dlsym successfully import function from stripped binary library? 我没有包括<unistd.h>头文件,为什么我仍然可以成功调用getpid()函数? - I have not included the <unistd.h> header file, why can I still invoke the getpid() function successfully? 如何将核心文件TEXT页面转储为反汇编文本文件? - How to dump a core file TEXT pages as disassembled text file? 在编译过程中,为什么文件命令报告的可执行文件“未剥离,带有debug_info”,而没有“ -g”选项? - Why does file command report “not stripped, with debug_info” of the executable file without “-g” option during compilation? 当我对共享库使用“file”命令时,“stripped, with debug_info”是什么意思? - What's the meaning of "stripped, with debug_info" when I use "file" command for a shared library? 如何验证已从二进制文件中删除了无效代码? - how can I verify that dead code was stripped from the binary? Windows和Linux中二进制文件的C库校验和 - C Library checksum for binary file in windows and linux Linux中剥离的二进制文件和非剥离的二进制文件之间的区别 - Difference between a stripped binary and a non stripped binary in Linux 剥离二进制之后的调试节 - Debug sections after binary is stripped CMake保存剥离的调试信息 - CMake save stripped debug information
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM