Re: How to debug stripped executable? (250 Views)
Reply
Advisor
bill-clayton
Posts: 16
Registered: ‎03-08-2011
Message 1 of 4 (258 Views)

How to determine where in memory process is loaded

I need to use gdb/wdb to examine a program. This particular program when executed runs to completion and exits. I have no source code, so please don't ask for that. I have only the executable -- which is a shared executable dynamically linked and of course stripped -- no symbols what-so-ever. I need to examine some variables as it executes therefore I need to use gdb to break somewhere. Since I have no source, nor symbols, how can I determine a place to break on and make it work? What I really need is to be able to break (or catch) some point and then be able to display the assembly code using disas gdb command -- and then of course be able to step through the execution.  Any ideas -- anyone? I know that 'ps -l' will give an address, but that address only relates to the use of ps as far as I can tell and not the place where the program would execute.

bc
Acclaimed Contributor
Dennis Handly
Posts: 25,277
Registered: ‎03-06-2006
Message 2 of 4 (250 Views)

Re: How to debug stripped executable?

[ Edited ]

Is this Integrity or PA-RISC?

 

>of course stripped -- no symbols what-so-ever.

 

Without symbols, your options are limited.

You can set breakpoints in shlibs that aren't stripped, including libc.

From tusc, you can find what system calls are used.

 

Assuming you have unwind info, then you know the start of each function.

 

>I need to examine some variables

 

Without symbols, you can't do that.  The best you can do is if you know those variables are passed to functions where you can set breakpoints.

 

How important is this?  How much time do you want to spend on it?

Advisor
bill-clayton
Posts: 16
Registered: ‎03-08-2011
Message 3 of 4 (236 Views)

Re: How to debug stripped executable?

Thanks for the reply. I should have given a little more info. This is a PA-RISC system, an old 11.00 HPUX. I am really trying to get a way to see a disassembly listing. I have a static listing, but using gdb/wdb I should be able to see actual values for args passed, variables used on stack, etc. Through much analysis via tusc -- used it quite a bit, and the static analysis, I have narrowed my search to a fairly small are of the code, say a couple hundred lines of assembly. I thought a little about symbols from shared libs like libc, will try something today. I have unwind info to some degree, it is all listed one byte at a time. I assume unwind data should be a word (four bytes each) -- correct? Now I do know partial virtual addresses via IDA-PRO. It does a fairly good job with PA-RISC code. I generated a core file hoping that might help, but review of 'Debugging with GDB" states that global, local and other variables are not available when analyzing a core file. No luck there.

 

I will try some of your suggestions and let you know.

bc
Acclaimed Contributor
Dennis Handly
Posts: 25,277
Registered: ‎03-06-2006
Message 4 of 4 (233 Views)

Re: How to debug stripped executable?

>an old 11.00 HP-UX.

 

You may not have the tools like gdb and odump there?

 

>but using gdb/wdb I should be able to see actual values for args passed, variables used on stack, etc.

 

Yes, at the assembly level.

 

>I have unwind info to some degree, it is all listed one byte at a time.

 

Huh?  You should have fully formatted unwind info with: odump -unwind

Also with gdb's: maint print unwind hex-address

 

>review of 'Debugging with GDB" states that global, local and other variables are not available when analyzing a core file.

 

I'm not sure of the context of that statement.  If you have debug info, you have that with a core file.

If it is stripped, you don't.

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.