P Costello wrote:
>
> What I need is:
....
> I want to be able to identify what data structure, function,
> or code segment where a given byte difference is located. That is: What is
> the closest symbol associated with the byte location
> with an ELF format file.
>
> GDB does not seem to be enough. How can you relate the byte offset within a
> binary to the actual code location?
>
The inforation you are after is definitely there, the trick is getting
it.
The "objdump" command is your friend.
First execute
objdump -h <exe>
The output should resemble:
a.out: file format elf32-i386
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 00000013 080480f4 080480f4 000000f4 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.ABI-tag 00000020 08048108 08048108 00000108 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .hash 000000b8 08048128 08048128 00000128 2**2
...
Pay close attention to "File off" and "Size" fields.
Now you should be able to tell in which section the difference occures.
Unfortunately, what to do next very much depends on what section is
affected.
The .note and .comment sections could be ignored.
OTOH, they also might provide a clue about the differences:
objdump -sj.comment a.out
a.out: file format elf32-i386
Contents of section .comment:
0000 00474343 3a202847 4e552920 65676373 .GCC: (GNU) egcs
0010 2d322e39 312e3636 20313939 39303331 -2.91.66 1999031
0020 342f4c69 6e757820 28656763 732d312e 4/Linux (egcs-1.
0030 312e3220 72656c65 61736529 00004743 1.2 release)..GC
...
If the difference is in .text, .init, .fini, .ctors or some other "code"
section,
you can disassemble it with "objdump -d"
If it is in .data, .rodata, or some other "data" section (better not be
in .bss),
you'll need to decode debug stabs with "objdump --stabs".
Cheers,
--
Paul Pluzhnikov [EMAIL PROTECTED]
