l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
August 5: Social gathering
Next Installfest:
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2004 Feb 26 09:29

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] late night musings: stripping
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] late night musings: stripping

Hi Pete,

The difference you're seeing is one of debugging information vs. symbol table.

The symbol table is used during linking, and contains the addresses of function entry points and global variables. gdb can use this to decode the stack frames to tell what the call stack is, but can't give you more detailed information.

The debugging info will tell you much more, since it will allow gdb to tie the PC to the source, so you can see what source line is actually executing. It will also give symbolic access to local automatic and static variables, as well as allow the debugger to display more complicated data structures intelligently.

The -g option only give minimal information. Better to use -ggdb

As for disabling copy protection/license checking/etc.... You're right..though you need to set the appropriate return value as well, and cracked versions of programs much use that technique. However, the developers know that, and they take steps to make this more difficult. It starts with stripping the executable, burying the check deep in a library somewhere, and making more than one check. There are bunches of other techniques as well...

-- Mitch

On Thursday, Feb 26, 2004, at 06:08 US/Pacific, Peter Jay Salzman wrote:

there's no point to this post, other than to share some things i found
interesting while playing around with some code last night.

here's some code that i compiled WITHOUT an enhanced symbol table:

#include <stdio.h>
void myfunction(void);

int main(void)
return 0;

void myfunction(void)
printf("hello world\n");

i can still set a breakpoint at main, since that's a libc thing. every
program has a main function, even ones that don't have a main function
are given a main function (like fortran):

(gdb) break main
Breakpoint 1 at 0x804836a
(gdb) run
Starting program: /home/p/stuff/hello2

Breakpoint 1, 0x0804836a in main ()
(gdb) stepi
0x0804836d in main ()
0x08048372 in main ()
0x08048374 in main ()
0x08048380 in myfunction ()
0x08048381 in myfunction ()
0x08048383 in myfunction ()
0x08048386 in myfunction ()
0x0804838d in myfunction ()
0x08048288 in printf ()

i found it odd that gdb has any concept of what i name my functions when
i don't specify -g. but it obviously does:

(gdb) info functions
All defined functions:

Non-debugging symbols:
0x08048250 _init
0x08048278 __libc_start_main
0x08048288 printf
0x080482c4 call_gmon_start
0x080482f0 __do_global_dtors_aux
0x08048330 frame_dummy
0x08048364 main
0x08048380 myfunction
0x080483a0 __libc_csu_init
0x08048400 __libc_csu_fini
0x08048450 __i686.get_pc_thunk.bx
0x08048460 __do_global_ctors_aux
0x08048490 _fini

although i didn't compile the function with "-g", file reports the
executable as unstripped:

p@satan$ file hello2
hello2: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for
GNU/Linux 2.2.0, dynamically linked (uses shared libs), not stripped

so let's strip it:

p@satan$ strip hello2

function names are gone:

p@satan$ gdb hello2
(no debugging symbols found)...(gdb)
(gdb) info functions
All defined functions:

Non-debugging symbols:
0x08048278 __libc_start_main
0x08048288 printf

i'm not sure what stripped is, but my little experiment certainly hints
at what it is.

i have mathematica installed on my system (legally). it is statically
linked and unstripped.

i also have the intel fortran compiler on my system (legally). it is
unstripped and dynamically linked. it's also protected by a license
manager called flexlm (which i've had many bad experiences with. i've
had other software (legally) where flexlm decided to stop working out of
the blue, and at the worst possible moments). it SHOULD be possible to
be be able to step through compiler, figure out the flexlm function that
grants access to the program and NOP it out.

not that i would do that. i believe this would be illegal under the
DMCA. and i have the compiler installed on my system legally. but it
is an interesting thought.

yet another thing to put on my google/reading list....


ps- the intel compiler / debugger is non-free (it's free as in beer, not
free as in liberty) but very good. i've been able to get DDD to use
intel's debugger (idb) as a backend. it's not perfect, but it works
well enough.

although it doesn't "support" debian, i was able to install it within
minutes. a combination of "alien" and looking at some bash scripts to
discover where certain directories are made it a snap to install.

Make everything as simple as possible, but no simpler. -- Albert Einstein
GPG Instructions: http://www.dirac.org/linux/gpg
GPG Fingerprint: B9F1 6CF3 47C4 7CD8 D33E 70A9 A3B9 1945 67EA 951D
vox-tech mailing list

vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!