GDB符号从何而来? [英] Where are GDB symbols coming from?
问题描述
当我将Fedora 28的/usr/bin/ls文件加载到GDB中时,即使它不以字符串形式出现也不存在于二进制文件的符号表中,我也可以访问符号abformat_init.
When I load Fedora 28's /usr/bin/ls file into GDB, I can access to the symbol abformat_init, even if it is not present as a string nor in the symbols table of the binary file.
$ file /usr/bin/ls
/usr/bin/ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=d6d0ea6be508665f5586e90a30819d090710842f, stripped, too many notes (256)
$ readelf -S /usr/bin/ls | grep abformat
$ nm /usr/bin/ls
nm: /usr/bin/ls: no symbols
$ strings /usr/bin/ls | grep abformat
$ gdb /usr/bin/ls
[...]
Reading symbols from /usr/bin/ls...Reading symbols from /usr/bin/ls...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Missing separate debuginfos, use: dnf debuginfo-install coreutils-8.29-7.fc28.x86_64
(gdb) info symbol abformat_init
abformat_init in section .text of /usr/bin/ls
此符号来自何处?是否有一个程序可以将它们提取到GDB之外?
Where does this symbol comes from? Is there a program that allows to extract them outside of GDB?
推荐答案
TL; DR:
- GDB读取的Fedora二进制文件中有一个特殊的
.gnu_debugdata压缩节,其中包含符号. - 可以使用
eu-readelf -Ws --elf-section /usr/bin/ls方便地打印该部分的内容
- There is a special
.gnu_debugdatacompressed section in Fedora binaries that GDB reads, and which contains mini-symbols. - Contents of that section can be conveniently printed with
eu-readelf -Ws --elf-section /usr/bin/ls
readelf -S /usr/bin/ls | grep abformat
该命令正在转储节.您需要符号:
That command is dumping sections. You want symbols instead:
readelf -s /usr/bin/ls | grep abformat
readelf --all /usr/bin/ls | grep abformat
strings /usr/bin/ls | grep abformat
字符串尝试猜测您想要的是什么,并且不会输出二进制文件中找到的所有字符串.参见此博客文章并尝试:
Strings tries to guess what you want, and doesn't output all strings found in the binary. See this blog post and try:
strings -a /usr/bin/ls | grep abformat
更新:我确认了您观察到的结果:abformat没有出现在任何地方,但是GDB知道它.
Update: I confirmed the results you've observed: abformat does not appear anywhere, yet GDB knows about it.
原来,有一个.gnu_debugdata compressed 部分(描述为迷你符号.
Turns out, there is a .gnu_debugdata compressed section (described here), which has mini-symbols.
要提取此数据,通常可以这样做:
To extract this data, normally you would do:
objcopy -O binary -j .gnu_debugdata /usr/bin/ls ls.mini.xz
但是,我的系统上的损坏了(产生空输出) ,所以我改用dd:
However, that is broken on my system (produces empty output), so instead I used dd:
# You may need to adjust the numbers below from "readelf -WS /usr/bin/ls"
dd if=/usr/bin/ls of=ls.mini.xz bs=1 skip=151896 count=3764
xz -d ls.mini.xz
nm ls.mini | grep abformat
产生的结果:
00000000000005db0 t abformat_init
QED.
其他信息:
- Confusing GDB
no debugging symbolsis addressed in this bug. objcopyrefusing to copy.gnu_debugdatais the subject of this bug.There is a tool that can conveniently dump this info:
eu-readelf -Ws --elf-section /usr/bin/ls | grep abformat
37: 0000000000005db0 593 FUNC LOCAL DEFAULT 14 abformat_init
eu-readelf -Ws --elf-section /usr/bin/ls | grep abformat
37: 0000000000005db0 593 FUNC LOCAL DEFAULT 14 abformat_init
这篇关于GDB符号从何而来?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
