Linux C program: How to find the library to which a function belongs

Say at runtime, I want to find out where a function “printf” is defined. How would I do this? My first attempt was to print out the address of “printf” and compare it against the virtual address mapping of the process:

my program:

#include <stdio.h>
#include <unistd.h>

void main()
{
    printf("address of printf is 0x%Xn", printf);
    printf("pid is  %dn", getpid());
    while (1);
}

JavaScript
​x
 
#include <stdio.h>#include <unistd.h>​void main(){    printf("address of printf is 0x%Xn", printf);    printf("pid is  %dn", getpid());    while (1);}​

output:

-bash-4.1$ ./a &
[1] 28837
-bash-4.1$ address of printf is 0x4003F8
pid is  28837

JavaScript
 
-bash-4.1$ ./a &[1] 28837-bash-4.1$ address of printf is 0x4003F8pid is  28837​

However, this says the function is defined in my own program!

-bash-4.1$ head /proc/28837/maps 
00400000-00401000 r-xp 00000000 08:06 6946857                            /data2/temp/del/a      <<<<<<< Address 0x4003F8 is in my own program?
00600000-00601000 rw-p 00000000 08:06 6946857                            /data2/temp/del/a
397ec00000-397ec20000 r-xp 00000000 08:11 55837039                       /lib64/ld-2.12.so
397ee1f000-397ee20000 r--p 0001f000 08:11 55837039                       /lib64/ld-2.12.so
397ee20000-397ee21000 rw-p 00020000 08:11 55837039                       /lib64/ld-2.12.so
397ee21000-397ee22000 rw-p 00000000 00:00 0 
397f000000-397f18a000 r-xp 00000000 08:11 55837204                       /lib64/libc-2.12.so
397f18a000-397f38a000 ---p 0018a000 08:11 55837204                       /lib64/libc-2.12.so
397f38a000-397f38e000 r--p 0018a000 08:11 55837204                       /lib64/libc-2.12.so
397f38e000-397f38f000 rw-p 0018e000 08:11 55837204                       /lib64/libc-2.12.so

JavaScript
 
-bash-4.1$ head /proc/28837/maps 00400000-00401000 r-xp 00000000 08:06 6946857                            /data2/temp/del/a      <<<<<<< Address 0x4003F8 is in my own program?00600000-00601000 rw-p 00000000 08:06 6946857                            /data2/temp/del/a397ec00000-397ec20000 r-xp 00000000 08:11 55837039                       /lib64/ld-2.12.so397ee1f000-397ee20000 r--p 0001f000 08:11 55837039                       /lib64/ld-2.12.so397ee20000-397ee21000 rw-p 00020000 08:11 55837039                       /lib64/ld-2.12.so397ee21000-397ee22000 rw-p 00000000 00:00 0 397f000000-397f18a000 r-xp 00000000 08:11 55837204                       /lib64/libc-2.12.so397f18a000-397f38a000 ---p 0018a000 08:11 55837204                       /lib64/libc-2.12.so397f38a000-397f38e000 r--p 0018a000 08:11 55837204                       /lib64/libc-2.12.so397f38e000-397f38f000 rw-p 0018e000 08:11 55837204                       /lib64/libc-2.12.so​

Shouldnt it be a call into libc? How do I find out where this “printf” or any other function came from?

Answer

At runtime, you can use gdb for this:

(terminal 1)$ ./a
pid is  16614
address of printf is 0x400450

(terminal 2)$ gdb -p 16614
(...)
Attaching to process 16614
(...)
0x00000000004005a4 in main ()
(gdb)

(gdb) info sym printf
printf in section .text of /lib/x86_64-linux-gnu/libc.so.6

JavaScript
 
(terminal 1)$ ./apid is  16614address of printf is 0x400450​(terminal 2)$ gdb -p 16614(...)Attaching to process 16614(...)0x00000000004005a4 in main ()(gdb)​(gdb) info sym printfprintf in section .text of /lib/x86_64-linux-gnu/libc.so.6​

If you don’t want to interrupt your program or are reluctant to use gdb, you may also ask ld.so to output some debugging info:

(terminal 1)$ LD_DEBUG=bindings LD_DEBUG_OUTPUT=syms ./a
pid is  17180
address of printf is 0x400450

(terminal 2)$ fgrep printf syms.17180
    17180:  binding file ./a [0] to /lib/x86_64-linux-gnu/libc.so.6 [0]: normal symbol `printf' [GLIBC_2.2.5]

JavaScript
 
(terminal 1)$ LD_DEBUG=bindings LD_DEBUG_OUTPUT=syms ./apid is  17180address of printf is 0x400450​(terminal 2)$ fgrep printf syms.17180    17180:  binding file ./a [0] to /lib/x86_64-linux-gnu/libc.so.6 [0]: normal symbol `printf' [GLIBC_2.2.5]​

Advertisement

Answer