Question
test platform is 32 bit Linux.
I compile a c program without strip the symbol information, and use objdump to disassembly the elf executable file.
Here is part of the results.
https://stackoverflow.com/questions/21127308
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian804831c: e8 8c fe ff ff call 8048360 <printf@plt>
If I use:
strip binary
to remove the symbol info and use objdump to disassembly the elf executable file again, I can still see the results like:
804831c: e8 8c fe ff ff call 8048360 <printf@plt>
So my question is:
How can disassembly tool like objdump know the name of certain library functions after I have stripped all the symbol information..?
Thank you!
Solution
ELF file has 2 symbol tables: .symtab and .dynsym. The latter is for dynamic symbols needed for dynamic linking (relocation). In your case, printf is in .dynsym and it may also be present in .symtab; by default strip would remove .symtab but not .dynsym which is needed for relocation.
You may try
strip -R .dynsym your_binary
to remove the dynsym section manually and you will find it fails to run due to relocation failure.
OTHER TIPS
Imported calls will always have the name, it is needed to link at runtime. If you stripped the import name, how would your application know what to call? Methods from external libraries may (and usually do) have a different address every time your application is executed.
On another note, inlined or statically-linked methods can sometimes be identified and named even without symbol information. Many disassemblers look for common patterns associated with some standard library functions. memcpy() for example, can often be heuristically identified and labeled even without symbol info available.
