|< Linux gnu ldd, readelf, od 5 |Main |Site Index |Download |
MODULE 111-6
OTHER USEFUL GDB/GCC FRIENDS 6
My Training Period: xx hours
The size - Viewing Sizes
Examples:
Compile and link (for static linking).
[bodo@bakawali testbed5]$ gcc -g -static testbuff.c -o testbuff /tmp/ccwh4rvU.o(.text+0x1e): In function `Test': /home/bodo/testbed5/testbuff.c:8: warning: the `gets' function is dangerous and should not be used.
[bodo@bakawali testbed5]$ size -d testbuff text data bss dec hex filename 380157 3368 4476 388001 5eba1 testbuff
| |||||||||||||||||||||||
Compile and link (for dynamic linking). Note the executable size difference. Statically link will result in bigger file size!
[bodo@bakawali testbed5]$ gcc -g testbuff.c -o testbuff
/tmp/ccMunGye.o(.text+0x1e): In function `Test':
/home/bodo/testbed5/testbuff.c:8: warning: the `gets' function is dangerous and should not be used.
[bodo@bakawali testbed5]$ size -d testbuff
text data bss dec hex filename
1031 264 4 1299 513 testbuff
The strings - Printing The Printable Characters
strings | |
For each FILE given, GNUstrings utility prints the printable character sequences that are at least 4 characters long (or the number given with the options below) and are followed by an unprintable character. By default, it only prints the strings from theinitialized and loaded sections of object files; for other types of files, it prints the strings from the whole file. 'strings' is mainly useful for determining the contents of non-text files for displaying printable strings in [file(s)] (stdin by default) | |
Usage: strings [option(s)] [file(s)] | |
The options are: | |
-a - --all | Scan the entire file, not just the data section |
-f --print-file-name | Print the name of the file before each string |
-n --bytes=[number] | Locate & print any NUL-terminated sequence of at |
-<number> | least [number] characters (default 4). |
-t --radix={o,x,d} | Print the location of the string in base 8, 10 or 16 |
-o | An alias for --radix=o |
-T --target=<BFDNAME> | Specify the binary file format |
-e --encoding={s,S,b,l,B,L} | Select character size and endianness: s = 7-bit, S = 8-bit, {b,l} = 16-bit, {B,L} = 32-bit |
-h --help | Display this information |
-v --version | Print the program's version number |
Examples:
[bodo@bakawali testbed5]$ strings -a -f -t x testbuff.o
testbuff.o: 94 Some input:
testbuff.o: a2 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
testbuff.o: d3 .symtab
testbuff.o: db .strtab
testbuff.o: e3 .shstrtab
testbuff.o: ed .rel.text
testbuff.o: f7 .data
testbuff.o: fd .bss
testbuff.o: 102 .rodata
testbuff.o: 10a .note.GNU-stack
testbuff.o: 11a .comment
testbuff.o: 3ad testbuff.c
testbuff.o: 3b8 Test
testbuff.o: 3bd printf
testbuff.o: 3c4 gets
testbuff.o: 3c9 puts
testbuff.o: 3ce main
[bodo@bakawali testbed5]$ strings -a -f -t x testbuff
testbuff: 114 /lib/ld-linux.so.2
testbuff: 1fd _Jv_RegisterClasses
testbuff: 211 __gmon_start__
testbuff: 220 libc.so.6
testbuff: 22a printf
testbuff: 231 gets
testbuff: 236 puts
testbuff: 23b _IO_stdin_used
testbuff: 24a __libc_start_main
testbuff: 25c GLIBC_2.0
testbuff: 330 PTRh
testbuff: 510 Some input:
[omitted]
testbuff: 6c0 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
testbuff: 6f1 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
testbuff: 722 GCC: (GNU) 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
testbuff: 784 Test
testbuff: 78d main
testbuff: 7ae GNU C 3.4.2 20041017 (Red Hat 3.4.2-6.fc3)
testbuff: 7da testbuff.c
testbuff: 7e5 /home/bodo/testbed5
testbuff: 801 unsigned char
testbuff: 812 short unsigned int
testbuff: 828 long unsigned int
testbuff: 83d signed char
[omitted]
testbuff: 94f argc
testbuff: 95e argv
testbuff: a6c testbuff.c
testbuff: a7a <internal>
testbuff: b26 .hash
testbuff: b2c .dynsym
[omitted]
testbuff: b95 .dtors
testbuff: b9c .jcr
testbuff: ba1 .dynamic
testbuff: baa .got
testbuff: baf .got.plt
testbuff: bb8 .data
testbuff: bbe .bss
testbuff: bc3 .comment
testbuff: bcc .debug_aranges
testbuff: bdb .debug_pubnames
[omitted]
...
...
[bodo@bakawali testbed5]$
The objcopy - Copying/Transforming A Binary File
objcopy will copy a binary file, possibly transforming it in the process. Add/remove ELF sections. | |
Usage: objcopy [option(s)] in-file [out-file] | |
The options are: | |
-I --input-target <bfdname> | Assume input file is in format <bfdname> |
-O --output-target <bfdname> | Create an output file in format <bfdname> |
-B --binary-architecture <arch> | Set arch of output file, when input is binary |
-F --target <bfdname> | Set both input and output format to <bfdname> |
--debugging | Convert debugging information, if possible |
-p --preserve-dates | Copy modified/access timestamps to the output |
-j --only-section <name> | Only copy section <name> into the output |
--add-gnu-debuglink=<file> | Add section .gnu_debuglink linking to <file> |
-R --remove-section <name> | Remove section <name> from the output |
-S --strip-all | Remove all symbol and relocation information |
-g --strip-debug | Remove all debugging symbols & sections |
--strip-unneeded | Remove all symbols not needed by relocations |
-N --strip-symbol <name> | Do not copy symbol <name> |
--only-keep-debug | Strip everything but the debug information |
-K --keep-symbol <name> | Only copy symbol <name> |
-L --localize-symbol <name> | Force symbol <name> to be marked as a local |
-G --keep-global-symbol <name> | Localize all symbols except <name> |
-W --weaken-symbol <name> | Force symbol <name> to be marked as a weak |
--weaken | Force all global symbols to be marked as weak |
-w --wildcard | Permit wildcard in symbol comparison |
-x --discard-all | Remove all non-global symbols |
-X --discard-locals | Remove any compiler-generated symbols |
-i --interleave <number> | Only copy one out of every <number> bytes |
-b --byte <num> | Select byte <num> in every interleaved block |
--gap-fill <val> | Fill gaps between sections with <val> |
--pad-to <addr> | Pad the last section up to address <addr> |
--set-start <addr> | Set the start address to <addr> |
{--change-start|--adjust-start} <incr> | Add <incr> to the start address |
{--change-addresses|--adjust-vma} <incr> | Add <incr> to LMA, VMA and start addresses |
{--change-section-address|--adjust-section-vma} <name>{=|+|-}<val> | Change LMA and VMA of section <name> by <val> |
--change-section-lma <name>{=|+|-}<val> | Change the LMA of section <name> by <val> |
--change-section-vma <name>{=|+|-}<val> | Change the VMA of section <name> by <val> |
{--[no-]change-warnings|--[no-]adjust-warnings} | Warn if a named section does not exist |
--set-section-flags <name>=<flags> | Set section <name>'s properties to <flags> |
--add-section <name>=<file> | Add section <name> found in <file> to output |
--rename-section <old>=<new>[,<flags>] | Rename section <old> to <new> |
--change-leading-char | Force output format's leading character style |
--remove-leading-char | Remove leading character from global symbols |
--redefine-sym <old>=<new> | Redefine symbol name <old> to <new> |
--redefine-syms <file> | --redefine-sym for all symbol pairs listed in <file> |
--srec-len <number> | Restrict the length of generated Srecords |
--srec-forceS3 | Restrict the type of generated Srecords to S3 |
--strip-symbols <file> | -N for all symbols listed in <file> |
--keep-symbols <file> | -K for all symbols listed in <file> |
--localize-symbols <file> | -L for all symbols listed in <file> |
--keep-global-symbols <file> | -G for all symbols listed in <file> |
--weaken-symbols <file> | -W for all symbols listed in <file> |
--alt-machine-code <index> | Use alternate machine code for output |
--writable-text | Mark the output text as writable |
--readonly-text | Make the output text write protected |
--pure | Mark the output file as demand paged |
--impure | Mark the output file as impure |
--prefix-symbols <prefix> | Add <prefix> to start of every symbol name |
--prefix-sections <prefix> | Add <prefix> to start of every section name |
--prefix-alloc-sections <prefix> | Add <prefix> to start of every allocatable section name |
-v --verbose | List all object files modified |
-V --version | Display this program's version number |
-h --help | Display this output |
--info | List object formats & architectures supported |
The GNU objcopy utility copies the contents of an object file to another. objcopy uses the GNU BFD Library to read and write the object files. It can write the destination object file in a format different from that of the source object file. The exact behavior of objcopy is controlled by command-line options. Note that objcopy should be able to copy a fully linked file between any two formats. However, copying a relocatable object file between any two formats may not work as expected. objcopy creates temporary files to do its translations and deletes them afterward. objcopy uses BFD to do all its translation work; it has access to all the formats described in BFD and thus is able to recognize most formats without being told explicitly. objcopy can be used to generate S-records by using an output target of 'srec' (e.g., use '-O srec'). objcopy can be used to generate a raw binary file by using an output target of 'binary' (e.g., use '-O binary'). When objcopy generates a raw binary file, it will essentially produce a memory dump of the contents of the input object file. All symbols and relocation information will be discarded. The memory dump will start at the load address of the lowest section copied into the output file. When generating an S-record or a raw binary file, it may be helpful to use '-S' to remove sections containing debugging information. In some cases '-R' will be useful to remove sections which contain information that is not needed by the binary file. |
Note: objcopy is not able to change the endianness of its input files. If the input format has endianness (some formats do not), objcopy can only copy the inputs into file formats that have the same endianness or which have no endianness (e.g., srec).
The strace - Tracing System Calls And Signals
strace | strace [-dffhiqrtttTvVxx] [-a column] [-e expr] ... [-o file][-p pid] ... [-s strsize] [-u username] [-E var=val] ...[command [arg ...]] or strace -c [-e expr] ... [-O overhead] [-S sortby] [-E var=val] ...[command [arg ...]] |
-c | count time, calls, and errors for each syscall and report summary |
-f | follow forks |
-ff | with output into separate files |
-F | attempt to follow vforks |
-h | print help message |
-i | print instruction pointer at time of syscall |
-q | suppress messages about attaching, detaching, etc. |
-r | print relative timestamp |
-t | absolute timestamp |
-tt | with usecs |
-T | print time spent in each syscall |
-V | print version |
-v | verbose mode: print unabbreviated argv, stat, termio[s], etc. args |
-x | print non-ascii strings in hex |
-xx | print all strings in hex |
-a column | alignment COLUMN for printing syscall results (default 40) |
-e expr | A qualifying expression: option=[!]all or option=[!]val1[,val2]... options: trace, abbrev, verbose, raw, signal, read, or write |
-o file | send trace output to FILE instead of stderr |
-O overhead | set overhead for tracing syscalls to OVERHEAD usecs |
-p pid | trace process with process id PID, may be repeated |
-s strsize | limit length of print strings to STRSIZE chars (default 32) |
-S sortby | sort syscall counts by: time, calls, name, nothing (default time) |
-u username | run command as username handling setuid and/or setgid |
-E var=val | put var=val in the environment for command |
-E var | remove var from the environment for command |
strace - trace system calls and signals.
SYNTAX
strace [-dffhiqrtttTvxx] [-acolumn] [-eexpr] ... [-ofile] [-ppid] ... [-sstrsize] [-uusername] [-Evar=val] ... [-Evar] ... [command [arg ...]]
strace -c [-eexpr] ... [-Ooverhead] [-Ssortby] [command [arg ...]]
In the simplest case strace runs the specified command until it exits. It intercepts and records the system calls which are called by a process and the signals which are received by a process. The name of each system call, its arguments and its return value are printed on standard error or to the file specified with the -o option.
strace is a useful diagnostic, instructional, and debugging tool. System administrators, diagnosticians and trouble-shooters will find it invaluable for solving problems with programs for which the source is not readily available since they do not need to be recompiled in order to trace them. Students, hackers and the overly curious will find that a great deal can be learned about a system and its system calls by tracing even ordinary programs. And programmers will find that since system calls and signals are events that happen at the user/kernel interface, a close examination of this boundary is very useful for bug isolation, sanity checking and attempting to capture race conditions.
Each line in the trace contains the system call name, followed by its arguments in parentheses and its return value. An example from stracing the command at /dev/null is:
open("/dev/null", O_RDONLY) = 3
Errors (typically a return value of -1) have the errno symbol and error string appended.
open("/foo/bar", O_RDONLY) = -1 ENOENT (No such file or directory)
Signals are printed as a signal symbol and a signal string. An excerpt from stracing and interrupting the command sleep is:
sigsuspend([] <unfinished ...>
--- SIGINT (Interrupt) ---
+++ killed by SIGINT +++
Arguments are printed in symbolic form with a passion. This example shows the shell performing >>xyzzy output redirection:
open("xyzzy", O_WRONLY|O_APPEND|O_CREAT, 0666) = 3
Here the three argument form of open is decoded by breaking down the flag argument into its three bitwise-OR constituents and printing the mode value in octal by tradition. Where traditional or native usage differs from ANSI or POSIX, the latter forms are preferred. In some cases, strace output has proven to be more readable than the source.
Structure pointers are dereferenced and the members are displayed as appropriate. In all cases arguments are formatted in the most C-like fashion possible. For example, the essence of the command ls -l /dev/null is captured as:
lstat("/dev/null", {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 3), ...}) = 0
Notice how the struct stat argument is dereferenced and how each member is displayed symbolically. In particular, observe how the st_mode member is carefully decoded into a bitwise-OR of symbolic and numeric values. Also notice in this example that the first argument to lstat is an input to the system call and the second argument is an output. Since output arguments are not modified if the system call fails, arguments may not always be dereferenced. For example, retrying the ls -l example with a non-existent file produces the following line:
lstat("/foo/bar", 0xb004) = -1 ENOENT (No such file or directory)
In this case the porch light is on but nobody is home.
Character pointers are dereferenced and printed as C strings. Non-printing characters in strings are normally represented by ordinary C escape codes. Only the first sstrsize (32 by default) bytes of strings are printed; longer strings have an ellipsis appended following the closing quote. Here is a line from ls -l where the getpwuid library routine is reading the password file:
read(3, "root::0:0:System Administrator:/"..., 1024) = 422
While structures are annotated using curly braces, simple pointers and arrays are printed using square brackets with commas separating elements. Here is an example from the command id on a system with supplementary group ids:
getgroups(32, [100, 0]) = 2
On the other hand, bit-sets are also shown using square brackets but set elements are separated only by a space. Here is the shell preparing to execute an external command:
sigprocmask(SIG_BLOCK, [CHLD TTOU], []) = 0
Here the second argument is a bit-set of two signals,SIGCHLD and SIGTTOU. In some cases the bit-set is so full that printing out the unset elements is more valuable. In that case, the bit-set is prefixed by a tilde like this:
sigprocmask(SIG_UNBLOCK, ~[], NULL) = 0
Here, the second argument represents the full set of all signals.
Further related reading:
Check the best selling C / C++, Networking, Linux and Open Source books at Amazon.com.
Linux Socket programming tutorial.
C, Buffer overflow and stack frame (construction and destruction).