Skip to content
Advertisement

Why a stripped binary file can still have library call information in the disassembled file?

test platform is 32 bit Linux.

I compile a c program without strip the symbol information, and use objdump to disassembly the elf executable file.

Here is part of the results.

804831c:  e8 8c fe ff ff     call 8048360 <printf@plt>

If I use:

strip binary 

to remove the symbol info and use objdump to disassembly the elf executable file again, I can still see the results like:

804831c:  e8 8c fe ff ff     call 8048360 <printf@plt>

So my question is:

How can disassembly tool like objdump know the name of certain library functions after I have stripped all the symbol information..?

Thank you!

Advertisement

Answer

ELF file has 2 symbol tables: .symtab and .dynsym. The latter is for dynamic symbols needed for dynamic linking (relocation). In your case, printf is in .dynsym and it may also be present in .symtab; by default strip would remove .symtab but not .dynsym which is needed for relocation.

You may try

strip -R .dynsym your_binary

to remove the dynsym section manually and you will find it fails to run due to relocation failure.

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement