admin管理员组

文章数量:1434943

I have a shared library /opt/evince-3.28.4/lib/evince/4/backends/libpdfdocument.so. In GDB, I can easily detect a function at offset 0xa830 of this library, as shown below:

(gdb) disas 0xa830
Dump of assembler code for function ev_link_from_action(PdfDocument*, PopplerAction*):
   0x000000000000a830 <+0>:     cmpl   $0xa,(%rsi)
   0x000000000000a833 <+3>:     ja     0xaaf0 <ev_link_from_action(PdfDocument*, PopplerAction*)+704>
   0x000000000000a839 <+9>:     push   %r15
   0x000000000000a83b <+11>:    push   %r14
   0x000000000000a83d <+13>:    lea    0x5f28(%rip),%rdx        # 0x1076c

The output of objdump -D on the library for this offset is shown below:

a826:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
a82d:   00 00 00 
a830:   83 3e 0a                cmpl   $0xa,(%rsi)
a833:   0f 87 b7 02 00 00       ja     aaf0 <__cxa_finalize@plt+0x1d10>
a839:   41 57                   push   %r15

No function name is printed at 0xa830. Also, the output of objdump -t on the library does not contain this offset. How can I detect the symbol name assuming the offset is known and GDB is not available?

P.S.: The shared library contains debuginfo. The relevant portion of objdump -h on the library is shown below:

 25 .debug_aranges 00000030  0000000000000000  0000000000000000  00014bd9  2**0
              CONTENTS, READONLY, DEBUGGING
 26 .debug_info   00014b8d  0000000000000000  0000000000000000  00014c09  2**0
              CONTENTS, READONLY, DEBUGGING
 27 .debug_abbrev 00000773  0000000000000000  0000000000000000  00029796  2**0
              CONTENTS, READONLY, DEBUGGING
 28 .debug_line   00002036  0000000000000000  0000000000000000  00029f09  2**0
              CONTENTS, READONLY, DEBUGGING
 29 .debug_str    0000c377  0000000000000000  0000000000000000  0002bf3f  2**0
              CONTENTS, READONLY, DEBUGGING
 30 .debug_loc    0000d45f  0000000000000000  0000000000000000  000382b6  2**0
              CONTENTS, READONLY, DEBUGGING
 31 .debug_ranges 00001080  0000000000000000  0000000000000000  00045715  2**0
              CONTENTS, READONLY, DEBUGGING

I have a shared library /opt/evince-3.28.4/lib/evince/4/backends/libpdfdocument.so. In GDB, I can easily detect a function at offset 0xa830 of this library, as shown below:

(gdb) disas 0xa830
Dump of assembler code for function ev_link_from_action(PdfDocument*, PopplerAction*):
   0x000000000000a830 <+0>:     cmpl   $0xa,(%rsi)
   0x000000000000a833 <+3>:     ja     0xaaf0 <ev_link_from_action(PdfDocument*, PopplerAction*)+704>
   0x000000000000a839 <+9>:     push   %r15
   0x000000000000a83b <+11>:    push   %r14
   0x000000000000a83d <+13>:    lea    0x5f28(%rip),%rdx        # 0x1076c

The output of objdump -D on the library for this offset is shown below:

a826:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
a82d:   00 00 00 
a830:   83 3e 0a                cmpl   $0xa,(%rsi)
a833:   0f 87 b7 02 00 00       ja     aaf0 <__cxa_finalize@plt+0x1d10>
a839:   41 57                   push   %r15

No function name is printed at 0xa830. Also, the output of objdump -t on the library does not contain this offset. How can I detect the symbol name assuming the offset is known and GDB is not available?

P.S.: The shared library contains debuginfo. The relevant portion of objdump -h on the library is shown below:

 25 .debug_aranges 00000030  0000000000000000  0000000000000000  00014bd9  2**0
              CONTENTS, READONLY, DEBUGGING
 26 .debug_info   00014b8d  0000000000000000  0000000000000000  00014c09  2**0
              CONTENTS, READONLY, DEBUGGING
 27 .debug_abbrev 00000773  0000000000000000  0000000000000000  00029796  2**0
              CONTENTS, READONLY, DEBUGGING
 28 .debug_line   00002036  0000000000000000  0000000000000000  00029f09  2**0
              CONTENTS, READONLY, DEBUGGING
 29 .debug_str    0000c377  0000000000000000  0000000000000000  0002bf3f  2**0
              CONTENTS, READONLY, DEBUGGING
 30 .debug_loc    0000d45f  0000000000000000  0000000000000000  000382b6  2**0
              CONTENTS, READONLY, DEBUGGING
 31 .debug_ranges 00001080  0000000000000000  0000000000000000  00045715  2**0
              CONTENTS, READONLY, DEBUGGING
  • linux
  • gdb
  • debug-symbols
  • objdump
  • dwarf
Share Improve this question edited Nov 17, 2024 at 23:12 TheAhmad asked Nov 17, 2024 at 0:52 TheAhmadTheAhmad 9401 gold badge11 silver badges29 bronze badges 3
  • 1 Comment as this isn't really answering your question, but I don't believe that objdump makes use of debug symbols in its disassembly output, it only uses symbols found in the ELF symbol table, which will only be externally visible functions. I'm not aware of a tool that can do offset to function name mapping other than GDB, though there probably is one. – Andrew Commented Nov 17, 2024 at 8:46
  • @Andrew In fact, I would prefer to use GDB. I need mangled symbols, while GDB forces demangling even with set print demangle off and set print asm-demangle off. This occurs even on the most recent GDB version. Hence, I fell back on Objdump. – TheAhmad Commented Nov 17, 2024 at 11:58
  • 1 you should consider filling a bug about the demangled symbol here: sourceware./bugzilla as that feels like it would be a pretty simple fix. – Andrew Commented Nov 18, 2024 at 9:47
Add a comment  | 

1 Answer 1

Reset to default 1

How can I detect the symbol name assuming the offset is known and GDB is not available?

You'll have to use the same mechanism GDB used.

Unfortunately, you haven't told us where the libpdfdocument.so came from, and without that we can't tell you what mechanism GDB actually used.

There are two likely candidates (that I know about):

  • a separate debug info file.
  • a special .gnu_debugdata mini-symbols section (see this answer).

本文标签: linuxSymbol not Detectable by ObjdumpStack Overflow

版权声明:本文标题:linux - Symbol not Detectable by Objdump - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745640647a2667835.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。