2

The background is that we have a prebuilt object file without unwind table, but somehow gcc unwind had problem backtracking on the object. Is it possible to generate unwind table without source code? Considering unwind table is based stack statics which is also available even without source code.

Florian Weimer
  • 32,022
  • 3
  • 48
  • 92
Bill Randerson
  • 1,028
  • 1
  • 11
  • 29
  • gcc or gdb? gcc shouldn't be unwinding anything. I assume gdb or a similar tool. And I assume it's not about exception handling (in that case you'd really need enough unwinding info for the code to even work, let alone be debuggable). If you can accurately disassemble the object file and insert just enough CFI directives and assemble it back, then you should be able to remedy the situation. Depending on the case, it may be impractically tedious. – Alexey Frunze Mar 02 '19 at 09:21
  • Thanks for the reply. I meant the unwind table generated in the object file when -funwind-table passed to GCC. – Bill Randerson Mar 03 '19 at 20:03
  • @AlexeyFrunze It's an interesting point you brought up about accurately disassembling the object file. Is it possible to disassemble object to asm file and reassemble back? – Bill Randerson Mar 03 '19 at 20:07
  • Poke around [here](https://reverseengineering.stackexchange.com/q/3800) for projects, papers, ideas. – Alexey Frunze Mar 06 '19 at 11:58
  • @AlexeyFrunze Thanks. – Bill Randerson Mar 06 '19 at 17:43

1 Answers1

2

In general, it is not possible to generate proper unwind tables from machine code in an object file. For a start, some constructs are quite difficult to represent accurately in unwinding information. Retpolines are an example.

The larger practical problem is that DWARF unwinding information is structured per function. A bare object file (without debugging information and only a minimal symbol table) does not capture function boundary information. Without that, it is impossible to say if a location in the file is the target of a function call and the start of a function. Similarly, a call to a noreturn function may be the last instruction in a function, even though it is not followed by a return instruction. It may be possible to use relocation data. There are several tools out there which attempt to infer function boundaries; every disassembler does it to some extent.

Your best bet is to locate the functions which fail unwinding and figure out why, and then compensate for that, either using custom-written unwind data or a GDB plugin. As Alexey Frunze said, a full conversion will be rather tedious.

Florian Weimer
  • 32,022
  • 3
  • 48
  • 92