1

I am learning about reversing a program and I was wondering .. if I compile with debug info :

gcc -g ....

Does this help the reversing process some how? do I give extra information if I do that? I Couldn't find any information about the subject.

sagi
  • 40,026
  • 6
  • 59
  • 84
  • debug information does not provide that kind of information. Perhaps reading about _[dis-assemblers](https://en.wikipedia.org/wiki/Interactive_Disassembler)_ will help. – ryyker Jun 26 '19 at 15:56
  • What do you mean by reverse-engineering, what do you expect produced by it ? (for instance some UML modeler have a reverse populating the UML model from the **sources**). The debug infos produced by the option `-g` are typically used by a debugger to associate an address with a line in a function/operation, to know where the variables are in memory/stack etc, but this is not a reverse-engineering – bruno Jun 26 '19 at 15:58
  • 3
    All `-g` should affect is whether symbolic debugging information is generated at compile+link times. It shouldn't actually affect the *code* generation. That said, is your *real* question whether compiling with `-g` somehow makes *your* code easier for *someone else* to reverse-engineer? – WhozCraig Jun 26 '19 at 16:04
  • @WhozCraig Yes, this is exactly what I'm asking.. – sagi Jun 26 '19 at 16:47

1 Answers1

4

It helps by adding line numbers, file names, macro definitions and such to the resulting binary. However, it does not include the full source of the program inside the program itself.

Here's an example of macro definitions being included in the resulting file:

username@localhost /path/to/source/code $ gcc test.c -Wall -Wextra -gdwarf-4 -g3
username@localhost /path/to/source/code $ grep __STDC_VERSION__ a.out 
Binary file a.out matches

Debugging information is more useful for decompiling when compiling with -g3, as shown in the above example.

So, the answer to your question is: It gives a little bit of extra information that may be useful in decompiling, but not enough to be able to decompile and recompile the program successfully. If possible, just give the source code to the person.

If you want to prevent decompiling your code, just run strip on it like this after building and debugging your program:

strip program-file

-g should not affect code generation, it just adds information only useful to a debugger to the resulting program file.

If you want to prohibit someone from disassembling or decompiling your software, just include that in your license.

S.S. Anne
  • 15,171
  • 8
  • 38
  • 76
  • the macros definition / usage disappear *before* the compilation during the preprocessing and cannot be part of the debug infos – bruno Jun 26 '19 at 16:01
  • The information is included in the binary. Just `grep` something compiled with `-g3` for `__STDC_VERSION__` and you'll see. – S.S. Anne Jun 26 '19 at 16:02
  • do `#define AZE 1 int main() { return AZE; }` (on at least 2 lines of course) and compile with `-g` and you will not see _AZE_ in the binary/executable, you can also compile with the option `-E` and check _AZE_ does not appears in the result of the preprocessing – bruno Jun 26 '19 at 16:06
  • @bruno Sorry, that specific debugging information only appears when compiling with `-g3`. – S.S. Anne Jun 26 '19 at 16:07
  • ok with `-g3` you have the definition of _AZE_ (I didn't know that, thank you for learning me that) but not where it is used in the source, so the interest is very limited (in fact I do not see what it can be ^^) – bruno Jun 26 '19 at 16:10
  • @bruno The line number is not included as a string, but as a native-endian integer. A debugger will be more useful when testing for that. – S.S. Anne Jun 26 '19 at 16:11
  • Maybe I wasn't clear.. I meant, If I compile my program with -g, -g3 or w/e , does it somehow helps another to do reverse engineering on my program ? – sagi Jun 26 '19 at 16:48
  • @sagi Somewhat. If possible, just give them the source code. – S.S. Anne Jun 26 '19 at 16:49
  • I mean I want to prevent reversing on my code. Does compiling like this affect it somehow , or it just doesn’t matter? – sagi Jun 26 '19 at 16:51
  • @sagi You want to prevent decompiling your code? If so, just run `strip` on it after you build it. – S.S. Anne Jun 26 '19 at 16:52
  • You’re missing my point. I’m not asking how to do it, I’m asking if compiling like this compromise it somehow – sagi Jun 26 '19 at 16:53
  • No. In no way will anyone ever get a working program from decompiling software. Just write a license that prohibits decompilation and disassembly. – S.S. Anne Jun 26 '19 at 16:55