How to map $eip in gdb to output of objdump -d?

Question

I have an incomplete stacktrace which stops at a known library (linux i686 architecture). In order to ascertain the function last called, I am trying to map $eip as output by gdb, to an address within a file generated by "objdump -d library.so". I thought I might be able to use the From address output from "info shared" within gdb, along with the $eip to calculate an offset, which I could then translate to an offset from the disassembly text section of the objdump -d output? Not sure if this approach is sensible, but trying it in a simple test harness app with a shared library does not give me an address within the right function. Any help much appreciated.

Answer 1

I thought I might be able to use the From address output from "info shared" within gdb, along with the $eip to calculate an offset, which I could then translate to an offset from the disassembly text section of the objdump -d output?

Yes, that is exactly what you need to do.

The From address in GDB display tells you where .text section of the shared library was located.

The readelf -S foo.so | grep '\.text' will tell you offset of .text in the foo.so itself. Subtract one from the other, and you get the relocation for that shared library (it will be page-aligned).

Now take the $eip from GDB, subtract relocation, and you'll get an address that will match output of nm and objdump for foo.so.

However, GDB will have already completed all of the above steps internally. If it wasn't able to deduce which function $eip ended up in, you shouldn't expect that performing these steps manually will produce any better result.