debugging-tools: add symbol reinsert and PIE info

PIE binaries are now the default, so let's talk about them. Particularly
for mtrace it is important to understand.

Signed-off-by: John Ogness <john.ogness@linutronix.de>

1 files changed, 53 insertions, 11 deletions

diff --git a/application-devel/debugging-tools/pres_debugging-tools_en.tex b/application-devel/debugging-tools/pres_debugging-tools_en.tex
index 9a6d414..ccbe9be 100644
--- a/application-devel/debugging-tools/pres_debugging-tools_en.tex
+++ b/application-devel/debugging-tools/pres_debugging-tools_en.tex
@@ -187,9 +187,9 @@ $ ls -l core
 \frametitle{Analyzing Core Files with gdb}
 start the debugger
 \begin{verbatim}
-$ gdb hello_crash ./core 
+$ gdb ./hello_crash ./core
 [...]
-Reading symbols from hello_crash...done.
+Reading symbols from ./hello_crash...done.
 [New LWP 1239]
 Core was generated by `./hello_crash'.
 Program terminated with signal SIGSEGV, Segmentation fault.
@@ -245,22 +245,46 @@ strip --strip-all hello_crash
 \frametitle{Symbol Tables}
 cannot debug using only the release binary
 \begin{verbatim}
-$ gdb ./hello_crash core
+$ gdb ./hello_crash ./core
 [...]
 Reading symbols from ./hello_crash...(no debugging symbols found)...done.
 [New LWP 1555]
 Core was generated by `./hello_crash'.
 Program terminated with signal SIGSEGV, Segmentation fault.
-#0  0x000000000040051a in ?? ()
+#0  0x00005645f239a6c4 in ?? ()
 \end{verbatim}
-load the symbol file
+start gdb specifying symbol file
 \begin{verbatim}
-(gdb) symbol-file ./hello_crash.dbg 
-Load new symbol table from "./hello_crash.dbg"? (y or n) y
+$ gdb --symbols=./hello_crash.dbg --exec=./hello_crash --core=./core
+[...]
 Reading symbols from ./hello_crash.dbg...done.
-(gdb) bt
-$ bt
-#0  0x000000000040051a in main () at hello_crash.c:7
+[New LWP 1555]
+Core was generated by `./hello_crash'.
+Program terminated with signal SIGSEGV, Segmentation fault.
+#0  0x00005645f239a6c4 in main () at hello_crash.c:7
+7               printf("Hello, crash! %c\n", *p);
+\end{verbatim}
+\end{frame}
+
+\begin{frame}[containsverbatim]
+\frametitle{Symbol Tables}
+link debug symbols to the binary
+\begin{verbatim}
+objcopy --add-gnu-debuglink=./hello_crash.dbg ./hello_crash
+\end{verbatim}
+now the binary can be debugged (symbol file still used!)
+\begin{verbatim}
+$ gdb ./hello_crash ./core
+[...]
+Reading symbols from ./hello_crash...
+Reading symbols from /home/devel/work/hello_crash.dbg...done.
+done.
+warning: exec file is newer than core file.
+[New LWP 1555]
+Core was generated by `./hello_crash'.
+Program terminated with signal SIGSEGV, Segmentation fault.
+#0  0x00005645f239a6c4 in main () at hello_crash.c:7
+7               printf("Hello, crash! %c\n", *p);
 \end{verbatim}
 \end{frame}
 
@@ -416,7 +440,7 @@ int main(void)
 \frametitle{The glibc Mechanism: mtrace}
 build the test program with debug symbols
 \begin{verbatim}
-$ gcc -g -omem_leak mem_leak.c
+$ gcc -fno-PIE -no-pie -g -omem_leak mem_leak.c
 \end{verbatim}
 run the test program with mtrace activated
 \begin{verbatim}
@@ -437,6 +461,24 @@ Address   Size   Caller
 \end{frame}
 
 \begin{frame}[containsverbatim]
+\frametitle{mtrace and PIE}
+With a patched mtrace, PIE can be traced by disabling ASLR.
+\begin{verbatim}
+$ gcc -fPIE -pie -g -omem_leak mem_leak.c
+$ setarch `uname -m` -R env MALLOC_TRACE=mem_leak.trace ./mem_leak
+$ setarch `uname -m` -R ./mtrace-patched ./mem_leak mytrace.log
+
+Memory not freed:
+-----------------
+Address   Size   Caller
+0x0000555555756450 0x1 at /home/devel/work/mem_leak.c:13
+0x0000555555756470 0x1 at /home/devel/work/mem_leak.c:13
+0x0000555555756490 0x1 at /home/devel/work/mem_leak.c:13
+[...]
+\end{verbatim}
+\end{frame}
+
+\begin{frame}[containsverbatim]
 \frametitle{glibc Hooks for malloc()}
 \_\_malloc\_hook:\\
 \begin{verbatim}