剥离二进制之后的调试节

Question

I built my application(c/c++) on linux and stripped it using "strip" command. 我在linux上构建了我的应用程序（c / c ++）并使用“strip”命令将其剥离。 I thought without giving any options it will strip all the debugging info from the original binary. 我以为如果不提供任何选项，它将从原始二进制文件中剥离所有调试信息。 I stripped using following: 我剥离使用以下：

strip my_app -o $odir/my_app_stripped  (where $odir is preconfigured location)

However, when I do the following: 但是，当我执行以下操作时：

objdump -h my_app_stripped

It gives me the following output: 它给了我以下输出：

my_app_stripped: file format elf32-i386
Sections:
Idx Name          Size      VMA       LMA       File off  Algn
 0 .interp       0000002c  00048154  00048154  00000154  2**0
                 CONTENTS, ALLOC, LOAD, READONLY, DATA
 1 .note.ABI-tag 00000020  00048180  00048180  00000180  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
 2 .hash         00067dcc  000481a0  000481a0  000001a0  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
 3 .dynsym       0011f6e0  000aff6c  000aff6c  00067f6c  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
 4 .dynstr       00488e4c  001cf64c  001cf64c  0018764c  2**0
              CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .gnu.version  00023edc  00658498  00658498  00610498  2**1
              CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .gnu.version_r 00000290  0067c374  0067c374  00634374  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .rel.dyn      00006860  0067c604  0067c604  00634604  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .rel.plt      00003768  00682e64  00682e64  0063ae64  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .init         00000017  006865cc  006865cc  0063e5cc  2**2
              CONTENTS, ALLOC, LOAD, READONLY, CODE
10 .plt          00006ee0  006865e4  006865e4  0063e5e4  2**2
              CONTENTS, ALLOC, LOAD, READONLY, CODE
11 .text         01120918  0068d4d0  0068d4d0  006454d0  2**4
              CONTENTS, ALLOC, LOAD, READONLY, CODE
12 BINK          00018d20  017addf0  017addf0  01765df0  2**4
              CONTENTS, ALLOC, LOAD, READONLY, CODE
13 BINK32        00001350  017c6b10  017c6b10  0177eb10  2**4
              CONTENTS, ALLOC, LOAD, READONLY, CODE
14 BINK16        00001008  017c7e60  017c7e60  0177fe60  2**4
              CONTENTS, ALLOC, LOAD, READONLY, CODE
15 BINKP8        000008fb  017c8e70  017c8e70  01780e70  2**4
              CONTENTS, ALLOC, LOAD, READONLY, CODE
16 BINKY16       000008e1  017c9770  017c9770  01781770  2**4
              CONTENTS, ALLOC, LOAD, READONLY, CODE
17 BINKY12       000001b0  017ca060  017ca060  01782060  2**4
              CONTENTS, ALLOC, LOAD, READONLY, CODE
18 .fini         0000001a  017ca210  017ca210  01782210  2**2
              CONTENTS, ALLOC, LOAD, READONLY, CODE
19 .rodata       00164204  017ca240  017ca240  01782240  2**6
              CONTENTS, ALLOC, LOAD, READONLY, DATA
20 .debug$S      000010f8  0192e444  0192e444  018e6444  2**0
              CONTENTS, ALLOC, LOAD, READONLY, DATA
21 BINKCONST     00004e40  0192f540  0192f540  018e7540  2**6
              CONTENTS, ALLOC, LOAD, READONLY, DATA
22 .debug$F      00000250  01934380  01934380  018ec380  2**0
              CONTENTS, ALLOC, LOAD, READONLY, DATA
23 .rdata        00000080  019345d0  019345d0  018ec5d0  2**4
              CONTENTS, ALLOC, LOAD, READONLY, DATA
24 .eh_frame_hdr 0004765c  01934650  01934650  018ec650  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
25 .eh_frame     00128fec  0197bcac  0197bcac  01933cac  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
26 .gcc_except_table 000aaaf1  01aa4c98  01aa4c98  01a5cc98  2**2
              CONTENTS, ALLOC, LOAD, READONLY, DATA
27 .tbss         00000004  01b5078c  01b5078c  01b0778c  2**2
              ALLOC, THREAD_LOCAL
28 .ctors        000004f4  01b5078c  01b5078c  01b0778c  2**2
              CONTENTS, ALLOC, LOAD, DATA
29 .dtors        000004d0  01b50c80  01b50c80  01b07c80  2**2
              CONTENTS, ALLOC, LOAD, DATA
30 .jcr          00000004  01b51150  01b51150  01b08150  2**2
              CONTENTS, ALLOC, LOAD, DATA
31 .data.rel.ro  00012160  01b51160  01b51160  01b08160  2**5
              CONTENTS, ALLOC, LOAD, DATA
32 .dynamic      00000240  01b632c0  01b632c0  01b1a2c0  2**2
              CONTENTS, ALLOC, LOAD, DATA
33 .got          00002e6c  01b63500  01b63500  01b1a500  2**2
              CONTENTS, ALLOC, LOAD, DATA
34 .data         000481a8  01b66380  01b66380  01b1d380  2**5
              CONTENTS, ALLOC, LOAD, DATA
35 .got.plt      00001bc0  01bae528  01bae528  01b65528  2**2
              CONTENTS, ALLOC, LOAD, DATA
36 BINKDATA      00002de0  01bb0100  01bb0100  01b67100  2**5
              CONTENTS, ALLOC, LOAD, DATA
37 .bss          0046f8e8  01bb2ee0  01bb2ee0  01b69ee0  2**5
              ALLOC
38 BINKBSS       000067a0  020227e0  020227e0  01b69ee0  2**5
              ALLOC
39 .comment      00002d95  00000000  00000000  01b69ee0  2**0
              CONTENTS, READONLY
40 .drectve      0000005d  00000000  00000000  01b6cc75  2**0
              CONTENTS, READONLY

So, if debugging was all removed what are the sections ".debug$S" and ".debug$F" ? 所以，如果调试全部删除了什么部分“.debug $ S”和“.debug $ F”？

Answer 1

Despite their names those sections aren't debugging sections, at least not according to their flags. 尽管它们的名称是这些部分，但它们并不是调试部分，至少不是根据其标志。 You'll notice that they have the same flags, CONTENTS, ALLOC, LOAD, READONLY, DATA , as a number of other sections in the executable like .rodata . 您会注意到，它们与.rodata等可执行文件中的许多其他节具有相同的标志CONTENTS, ALLOC, LOAD, READONLY, DATA 。 These flags say that the section is meant to be loaded into memory and used as data. 这些标志表示该部分旨在加载到内存中并用作数据。 The strip command has no way knowing if these sections are unnecessary or not. strip命令无法知道这些部分是否是不必要的。 Discarding the .rodata section would break your program, causing it to crash every time its run. .rodata节将破坏您的程序，从而使其在每次运行时崩溃。 The strip command doesn't know that discarding the .debug$F and .debug$S sections wouldn't do the same thing. strip命令不知道丢弃.debug$F和.debug$S部分不会做相同的事情。

Note that you don't normally find sections named .debug$F and debug$S in ELF executables. 请注意，您通常不会在ELF可执行文件中找到名为.debug$F和debug$S 。 The DWARF debugging information normally used in ELF files is stored in sections whose names begin with .debug_ not .debug$ . 通常在ELF文件中使用的DWARF调试信息存储在名称以.debug_而不是.debug$开头的部分中。 They also have the DEBUGGING flag set (but not the LOAD flag) so strip knows that they're debugging sections and that it should and can remove. 它们还设置了DEBUGGING标志（但不是LOAD标志），因此strip知道它们正在调试部分，它应该并且可以删除。 Sections with these names are normally only seen in PECOFF files produced by Microsoft's compilers. 具有这些名称的部分通常仅在Microsoft编译器生成的PECOFF文件中可见。 They contain debugging information in Microsoft's proprietary format. 它们包含Microsoft专有格式的调试信息。

If you can determine that these sections don't contain useful information and want to get rid of them you should remove them from the object files before linking. 如果可以确定这些部分不包含有用的信息，并且希望摆脱这些部分，则应在链接之前从目标文件中将其删除。 Since they're loaded into memory, it's probably too late to completely remove them after linking. 由于它们已加载到内存中，因此在链接之后完全删除它们可能为时已晚。 You can use a command like objcopy -R ".debug$*" foo.o foo-stripped.o and then link with foo-stripped.o instead of foo.o . 您可以使用objcopy -R ".debug$*" foo.o foo-stripped.o ，然后使用foo-stripped.o而不是foo.o进行链接。

You might also want to strip the .comment and .directve sections from the executable, as the these sections probably aren't necessary. 您可能还希望从可执行文件中删除.comment和.directve部分，因为这些部分可能不是必需的。 In particular .directve is another PECOFF section you don't normally see in ELF files. 特别是.directve是您通常不会在ELF文件中看到的另一个PECOFF部分。

剥离二进制之后的调试节

问题描述

1 个解决方案

解决方案1
0 2016-03-28 02:29:11

剥离二进制之后的调试节

问题描述

1 个解决方案

解决方案1 0 2016-03-28 02:29:11

解决方案1
0 2016-03-28 02:29:11