GDB 符号来自哪里? [英] Where are GDB symbols coming from?
问题描述
当我将 Fedora 28 的 /usr/bin/ls 文件加载到 GDB 中时,我可以访问符号 abformat_init,即使它不是作为字符串也不是在二进制文件的符号表中.
$ 文件/usr/bin/ls/usr/bin/ls:ELF 64 位 LSB 共享对象,x86-64,版本 1 (SYSV),动态链接,解释器/lib64/ld-linux-x86-64.so.2,用于 GNU/Linux 3.2.0,BuildID[sha1]=d6d0ea6be508665f5586e90a30819d090710842f,剥离,注释过多(256)$ readelf -S/usr/bin/ls |grep 格式$纳米/usr/bin/lsnm:/usr/bin/ls: 没有符号$ 字符串/usr/bin/ls |grep 格式$ gdb/usr/bin/ls[...]从/usr/bin/ls 读取符号...从/usr/bin/ls 读取符号...(未找到调试符号)...完成.(未找到调试符号)...完成.缺少单独的调试信息,使用:dnf debuginfo-install coreutils-8.29-7.fc28.x86_64(gdb) 信息符号 abformat_init/usr/bin/ls 的 .text 部分中的 abformat_init这个符号从何而来?是否有允许在 GDB 之外提取它们的程序?
TL;DR:
- GDB 读取的 Fedora 二进制文件中有一个特殊的
.gnu_debugdata压缩部分,其中包含 迷你符号. - 使用
eu-readelf -Ws --elf-section/usr/bin/ls 可以方便地打印该部分的内容
<小时><块引用>
readelf -S/usr/bin/ls |grep abformat
该命令正在转储节.你想要 symbols 代替:
readelf -s/usr/bin/ls |grep 格式readelf --all/usr/bin/ls |grep 格式<块引用>
字符串/usr/bin/ls |grep abformat
Strings 会尝试猜测您想要什么,并且不会输出在二进制文件中找到的所有字符串.请参阅这篇博文和试试:
字符串 -a/usr/bin/ls |grep 格式更新:我确认了您观察到的结果:abformat 没有出现在任何地方,但 GDB 知道.
原来,有一个 .gnu_debugdata compressed 部分(描述 这里),它有 迷你符号.
要提取这些数据,通常你会这样做:
objcopy -O binary -j .gnu_debugdata/usr/bin/ls ls.mini.xz但是,我的系统上 已损坏(产生空输出),所以我改为使用 dd:
# 你可能需要从readelf -WS/usr/bin/ls"调整下面的数字dd if=/usr/bin/ls of=ls.mini.xz bs=1 skip=151896 count=3764xz -d ls.mini.xz纳米ls.mini |grep 格式这产生了:
00000000000005db0 t abformat_initQED.
附加信息:
- 在这个错误.
objcopy拒绝复制.gnu_debugdata是 这个错误.有一个工具可以方便地转储这些信息:
eu-readelf -Ws --elf-section/usr/bin/ls |grep 格式37: 0000000000005db0 593 FUNC LOCAL DEFAULT 14 abformat_init
When I load Fedora 28's /usr/bin/ls file into GDB, I can access to the symbol abformat_init, even if it is not present as a string nor in the symbols table of the binary file.
$ file /usr/bin/ls
/usr/bin/ls: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=d6d0ea6be508665f5586e90a30819d090710842f, stripped, too many notes (256)
$ readelf -S /usr/bin/ls | grep abformat
$ nm /usr/bin/ls
nm: /usr/bin/ls: no symbols
$ strings /usr/bin/ls | grep abformat
$ gdb /usr/bin/ls
[...]
Reading symbols from /usr/bin/ls...Reading symbols from /usr/bin/ls...(no debugging symbols found)...done.
(no debugging symbols found)...done.
Missing separate debuginfos, use: dnf debuginfo-install coreutils-8.29-7.fc28.x86_64
(gdb) info symbol abformat_init
abformat_init in section .text of /usr/bin/ls
Where does this symbol comes from? Is there a program that allows to extract them outside of GDB?
TL;DR:
- There is a special
.gnu_debugdatacompressed section in Fedora binaries that GDB reads, and which contains mini-symbols. - Contents of that section can be conveniently printed with
eu-readelf -Ws --elf-section /usr/bin/ls
readelf -S /usr/bin/ls | grep abformat
That command is dumping sections. You want symbols instead:
readelf -s /usr/bin/ls | grep abformat
readelf --all /usr/bin/ls | grep abformat
strings /usr/bin/ls | grep abformat
Strings tries to guess what you want, and doesn't output all strings found in the binary. See this blog post and try:
strings -a /usr/bin/ls | grep abformat
Update: I confirmed the results you've observed: abformat does not appear anywhere, yet GDB knows about it.
Turns out, there is a .gnu_debugdata compressed section (described here), which has mini-symbols.
To extract this data, normally you would do:
objcopy -O binary -j .gnu_debugdata /usr/bin/ls ls.mini.xz
However, that is broken on my system (produces empty output), so instead I used dd:
# You may need to adjust the numbers below from "readelf -WS /usr/bin/ls"
dd if=/usr/bin/ls of=ls.mini.xz bs=1 skip=151896 count=3764
xz -d ls.mini.xz
nm ls.mini | grep abformat
This produced:
00000000000005db0 t abformat_init
QED.
Additional info:
- Confusing GDB
no debugging symbolsis addressed in this bug. objcopyrefusing to copy.gnu_debugdatais the subject of this bug.There is a tool that can conveniently dump this info:
eu-readelf -Ws --elf-section /usr/bin/ls | grep abformat 37: 0000000000005db0 593 FUNC LOCAL DEFAULT 14 abformat_init
这篇关于GDB 符号来自哪里?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
