如何知道某个程序调用了库的哪些函数 [英] How to know which functions of a library get called by a program

问题描述

假设我有一个二进制库(* .so)和一个使用该库的二进制程序(即我都不拥有任何一个的源代码).

Assume I have binary library (*.so) and a binary program using that library (i.e. I do not own the source code for either).

如何确定在运行时调用了哪些库函数.我想知道他们的名字，但不需要实时信息.

How can I find out which of the library's functions are called at run time. I would like to know their names, but do not need live info.

两个二进制文件都不包含调试符号.

Neither of the binaries includes debugging symbols.

推荐答案

objdump 命令从二进制文件中转储外部符号引用.典型的用例是使用 -T 选项运行它，以转储二进制文件的外部符号引用.

The objdump command dumps external symbol references from a binary. The typical use case involves running it with the -T option, to dump a binary's external symbol references.

例如，在/bin/ls 上运行 objdump -T :

/bin/ls:     file format elf64-x86-64

DYNAMIC SYMBOL TABLE:
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.3   __ctype_toupper_loc
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 getenv
0000000000000000      DF *UND*  0000000000000000              cap_to_text
0000000000000000      DO *UND*  0000000000000000  GLIBC_2.2.5 __progname
0000000000000000      DF *UND*  0000000000000000  GLIBC_2.2.5 sigprocmask
...

以此类推.转储包括所有外部符号引用，而不仅仅是函数.手册页解释了第二列中代码的含义，这些代码指定了外部符号引用的类型.在这里，看起来我们会对 DF 感兴趣，表示动态函数调用.在这里，我们可以看到一些熟悉的C库函数，例如 getenv()和 sigprocmask()，它们被`/bin/ls引用.

And so on. The dump includes all external symbol references, not just functions. The manual page explains the meaning of codes in the 2nd column, that specify the type of the external symbol reference. Here, looks like we'll be interested in DFs, indicating dynamic function calls. Here, we see some familiar C library functions, like getenv() and sigprocmask(), being referenced by `/bin/ls.

无法识别的库调用很可能是使用库的内部实现详细信息在头文件中的内部宏的结果.这可能就是"__ctype_toupper_loc"的全部含义.

Unrecognized library calls are likely the result of internal macros in the header files, using the library's internal implementation details. That's probably what "__ctype_toupper_loc" is all about.

将其与C ++代码一起使用时，您还需要指定 -C 选项，以对C ++符号进行解散.

When using this with C++ code you also want to specify the -C option, to demangle C++ symbols.

当然，特定二进制文件带有对某些库函数的外部引用这一事实并不能保证二进制文件在运行时会真正调用它.

Of course, the fact that a particular binary carries an external reference to some library function doesn't guarantee that the binary will actually call it, at runtime.

这篇关于如何知道某个程序调用了库的哪些函数的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！