从elf二进制文件中提取调试符号信息
[英]extract debug symbol info from elf binary
问题描述
Let's have a look to this basic c program: 
我们来看看这个基本的c程序:
#include <stdio.h>
int myadd(int a, int b);
int myadd(int a, int b)
{
return a+b;
}
int main(int argc, char *argv[])
{
int res = myadd(argc,3);
printf("%d\n",res);
return 0;
}
What i want is to understand how debug symbol files work. 我想要的是了解调试符号文件的工作原理。
If i compile this way: 如果我这样编译:
gcc test.c
I can see debug symbols in gdb: 我可以在gdb中看到调试符号:
gdb ./a.out
(gdb) disassemble myadd
Dump of assembler code for function myadd:
0x00000000000006b0 <+0>: push %rbp
That's fine ! 没关系 !
Now, if i run: 现在,如果我跑:
gcc -s test.c
Here what i get in gdb: 这是我在gdb中得到的:
(gdb) disassemble myadd
No symbol table is loaded. Use the "file" command.
That's fine too, because i have stripped symbols with -s gcc option. 那也没关系,因为我用-s gcc选项剥离了符号。
Now, i want to "split" my elf executable in 2 files: - A stripped elf executable - an external debug symbol files. 现在,我想在两个文件中“拆分”我的elf可执行文件: - 剥离的精灵可执行文件 - 外部调试符号文件。
Here what i read in some tutorials: 这是我在一些教程中读到的内容:
gcc test.c
objcopy --only-keep-debug a.out a.dbg
strip ./a.out
But, now, if i want to run gdb, i say to gdb to look inside ./a.dbg for debug symbols 但是,现在,如果我想运行gdb,我会告诉gdb查看./a.dbg中的调试符号
gdb -s ./a.dbg a.out
And gdb cannot resolve myadd function: 并且gdb无法解析myadd函数:
(gdb) disassemble myadd
No symbol table is loaded. Use the "file" command.
And this is what i do not understand: Why gdb does not resolv myadd function? 这是我不明白的:为什么gdb不解析myadd函数?
Thanks 谢谢
1 个解决方案
解决方案1
6 已采纳 2017-08-13 18:34:30
If i compile this way:
gcc test.cI can see debug symbols in gdbgcc test.c我可以在gdb中看到调试符号
You do not see debug symbols here, only the symbol table (which is distinct from debug symbols). 这里没有看到调试符号,只有符号表(与调试符号不同)。
To see debug symbols, compile with gcc -g test.c . 要查看调试符号,请使用gcc -g test.c编译。
gdb -s a.dbg a.out
The problem here is that when GDB sees "unadorned" a.out , it throws away previously specified symbol file ( a.dbg ) and replaces it with (fully stripped) a.out . 这里的问题是当GDB看到“unadorned” a.out ,它抛弃先前指定的符号文件( a.dbg )并用(完全剥离) a.out 替换它。 You want: 你要:
gdb -s a.dbg -e a.out
Update: 更新:
What does mean a "stripped" file: Does it mean this is a file without symbol table or without debuging informations?
On ELF platforms, the state of the file with respect to "strip"-ness is not binary: you can remove individual sections of the file, and depending on exactly what you stripped, your debugging experience will be affected to varying degree. 在ELF平台上,与“strip”-ness相关的文件状态不是二进制文件:您可以删除文件的各个部分,并且根据您删除的确切内容,您的调试体验将受到不同程度的影响。
This command: strip -g a.out removes all .debug_* sections, leaving you without instruction address to source file and line mapping, and without stack address to local variables mapping. 此命令: strip -g a.out删除所有.debug_*部分,使您没有指令地址到源文件和行映射,并且没有堆栈地址到局部变量映射。 However, the symbol table remains in the binary, and can be used to provide instruction address to function name mapping. 但是,符号表保留在二进制文件中,可用于为函数名称映射提供指令地址。
This command: strip a.out removes all .debug_* sections, as well as .symtab and .strtab (which together form the symbol table). 此命令: strip a.out删除所有.debug_*部分,以及.symtab和.strtab (它们一起构成符号表)。 Such binary is often called "fully stripped". 这种二进制文件通常称为“完全剥离”。
One could also use obcopy to remove individual sections. 也可以使用obcopy删除单个部分。 It is possible to remove source file/line info ( .debug_line section) without removing variable info, and vice versa. 可以删除源文件/行信息( .debug_line部分)而不删除变量信息,反之亦然。
I have tried eu-unstrip ./a.out ./a.dbg but ./a.out result file does not contains debug informations.
You may be hitting a bug in eu-unstrip , perhaps this one . 你可能会在eu-unstrip遇到一个bug,也许就是这个 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.