I've written a simple program that all it does is call a function called meller1, which calls to meller2, and so on until some function calls free and crashes. When running gdb backtrace on this program with the coredump file, I receive:
My question is, how does gdb bt knows that free is taken from /lib/libc.so.6? Is there a manual way I could do it myself given a Coredump file and the executable itself? Thanks.
My question is, how does gdb bt knows that free is taken from /lib/libc.so.6?
It doesn't. All GDB knows (in the beginning) is that the crash happened at address 0xf7e3bf9c. Then GDB has to work to map that address into something meaningful.
The way GDB does this by looking at the loader map of current ELF images to find the right image -- the image that "covers" given address (this gives it /lib/libc.so.6), and then reading symbol table in that ELF image to figure out the function that covers given address (that finally produces the free).
Is there a manual way I could do it myself given a Coredump file and the executable itself?
Sure: GDB is just a program, and you can certainly write another program that would perform all the same steps. It will only take you a few years to write such a program.
