4

I have a number of questions regarding gdb and objdump.

Addresses in objdump

If I do: objdump -d binary-file-name, then I get output that includes this part:

Disassembly of section .text:

080484a0 <_start>:
 80484a0:   31 ed                   xor    %ebp,%ebp
 80484a2:   5e                      pop    %esi
 80484a3:   89 e1                   mov    %esp,%ecx

I assume these numbers in the first column are addresses? But I don't understand how these addresses can be known because when a process is loaded it is placed at a random place in memory right, which means the code has different addresses every time? Or are these addresses relative to the process' addres-space?

And what are the values that are listed under <_start>?

GDB stepping through code

I got a binary file of which I don't have the source code. I want to step through the program, but there is no symbol information. I can't set breakpoints on functionnames or linenumbers. I tried to set a breakpoint on an addresses and this worked, but I can't figure out how to step through the program step by step. When I do: (gdb) s or (gdb) n It says it doesnt have line information and just runs the whole function. Is there a way to step through it, or step through the assembly instructions?

Maricruzz
  • 405
  • 3
  • 7
  • 14

2 Answers2

8

Yes, the first column is the address column. Executables are loaded at specific addresses (each section has its own), unless they are specially marked as PIE (Position Independent Executable) in which case the addresses displayed would start from 0, and would indeed be just offsets from a randomized load address. Shared libraries, however, are position independent by default and may be mapped at different addresses.

The second column is the machine code itself: the program as a sequence of bytes as it's stored in memory and what the processor actually sees and executes.

You can use the stepi or nexti (short forms si and ni, respectively) if you don't have debug info. layout asm and friends could also be useful if you are not using some GUI frontend.

Jester
  • 56,577
  • 4
  • 81
  • 125
  • Is there a way to know the randomized address a shared object was mapped? So the offset given by `objdump` can be matched with addresses in `gdb`. – St.Antario Sep 15 '19 at 12:41
  • 1
    Once it's loaded, yes. In gdb you can use `info proc mappings` – Jester Sep 15 '19 at 13:04
0

To add on with @Jester's comment you can also use 'x' command which is to examine the instruction for example after reaching a breakpoint set by your gdb you could write

(gdb) x/10xb *[address] (to get next 10 bytes of instructions)
Jiger Jain
  • 17
  • 7