What approach does GDB take to determining the length of a function? I noticed that after I removed two bytes from main() GDB believed the function was still the original length, so I’m assuming it is using some debug information?
In particular, the end of main() was originally:
0x00000000004005a1 <+133>: mov edi,0x4006ac
0x00000000004005a6 <+138>: call 0x4003a0 <puts@plt>
0x00000000004005ab <+143>: mov eax,0x0
0x00000000004005b0 <+148>: leave
0x00000000004005b1 <+149>: ret
Then after I removed two bytes (earlier in the program listing):
0x000000000040059f <+131>: mov edi,0x4006ac
0x00000000004005a4 <+136>: call 0x40039e
0x00000000004005a9 <+141>: mov eax,0x0
0x00000000004005ae <+146>: leave
0x00000000004005af <+147>: ret
0x00000000004005b0 <+148>: nop
0x00000000004005b1 <+149>: nop
I.e. GDB believes the overall length is still the same. I’d like to know how GDB does this.
The file is the following type: a.out: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
Created simply with “gcc”, given no arguments.
It looks in the
ELFsymbol table (.st_sizemember). You can see it withreadelf -s a.out | grep main