I have an incomplete stacktrace which stops at a known library (linux i686 architecture). In order to ascertain the function last called, I am trying to map $eip as output by gdb, to an address within a file generated by “objdump -d library.so”.
I thought I might be able to use the From address output from “info shared” within gdb, along with the $eip to calculate an offset, which I could then translate to an offset from the disassembly text section of the objdump -d output?
Not sure if this approach is sensible, but trying it in a simple test harness app with a shared library does not give me an address within the right function.
Any help much appreciated.
I have an incomplete stacktrace which stops at a known library (linux i686 architecture).
Share
Yes, that is exactly what you need to do.
The
Fromaddress in GDB display tells you where.textsection of the shared library was located.The
readelf -S foo.so | grep '\.text'will tell you offset of.textin thefoo.soitself. Subtract one from the other, and you get the relocation for that shared library (it will be page-aligned).Now take the
$eipfrom GDB, subtract relocation, and you’ll get an address that will match output ofnmandobjdumpforfoo.so.However, GDB will have already completed all of the above steps internally. If it wasn’t able to deduce which function
$eipended up in, you shouldn’t expect that performing these steps manually will produce any better result.