Operating System - HP-UX
1748157 Members
4154 Online
108758 Solutions
New Discussion юеВ

Re: How to debug stripped executable?

 
bill-clayton
Advisor

How to determine where in memory process is loaded

I need to use gdb/wdb to examine a program. This particular program when executed runs to completion and exits. I have no source code, so please don't ask for that. I have only the executable -- which is a shared executable dynamically linked and of course stripped -- no symbols what-so-ever. I need to examine some variables as it executes therefore I need to use gdb to break somewhere. Since I have no source, nor symbols, how can I determine a place to break on and make it work? What I really need is to be able to break (or catch) some point and then be able to display the assembly code using disas gdb command -- and then of course be able to step through the execution.  Any ideas -- anyone? I know that 'ps -l' will give an address, but that address only relates to the use of ps as far as I can tell and not the place where the program would execute.

bc
3 REPLIES 3
Dennis Handly
Acclaimed Contributor

Re: How to debug stripped executable?

Is this Integrity or PA-RISC?

 

>of course stripped -- no symbols what-so-ever.

 

Without symbols, your options are limited.

You can set breakpoints in shlibs that aren't stripped, including libc.

From tusc, you can find what system calls are used.

 

Assuming you have unwind info, then you know the start of each function.

 

>I need to examine some variables

 

Without symbols, you can't do that.  The best you can do is if you know those variables are passed to functions where you can set breakpoints.

 

How important is this?  How much time do you want to spend on it?

bill-clayton
Advisor

Re: How to debug stripped executable?

Thanks for the reply. I should have given a little more info. This is a PA-RISC system, an old 11.00 HPUX. I am really trying to get a way to see a disassembly listing. I have a static listing, but using gdb/wdb I should be able to see actual values for args passed, variables used on stack, etc. Through much analysis via tusc -- used it quite a bit, and the static analysis, I have narrowed my search to a fairly small are of the code, say a couple hundred lines of assembly. I thought a little about symbols from shared libs like libc, will try something today. I have unwind info to some degree, it is all listed one byte at a time. I assume unwind data should be a word (four bytes each) -- correct? Now I do know partial virtual addresses via IDA-PRO. It does a fairly good job with PA-RISC code. I generated a core file hoping that might help, but review of 'Debugging with GDB" states that global, local and other variables are not available when analyzing a core file. No luck there.

 

I will try some of your suggestions and let you know.

bc
Dennis Handly
Acclaimed Contributor

Re: How to debug stripped executable?

>an old 11.00 HP-UX.

 

You may not have the tools like gdb and odump there?

 

>but using gdb/wdb I should be able to see actual values for args passed, variables used on stack, etc.

 

Yes, at the assembly level.

 

>I have unwind info to some degree, it is all listed one byte at a time.

 

Huh?  You should have fully formatted unwind info with: odump -unwind

Also with gdb's: maint print unwind hex-address

 

>review of 'Debugging with GDB" states that global, local and other variables are not available when analyzing a core file.

 

I'm not sure of the context of that statement.  If you have debug info, you have that with a core file.

If it is stripped, you don't.