Saturday, April 6, 2013

10 Linux Strip Command Examples (Reduce Executable/Binary File Size)

Strip command is used mostly in situations where you want to produce a production quality object file which contains minimum required information so that it can be light weight. You can also use it if you don’t want your executable or object file to get reverse engineered.
In this article, we will understand the usage of this command through some practical examples.

The syntax of strip command is :
strip [options] objfile...

Examples

Before jumping on to the examples, here is the code behind the executable that we would be using in this article.
#include<stdio.h>

// Declare a static global
static int i=10;
// Declare a non static global
int global = 20;

int inc_func()
{
    static int local = 0;
    // return static local value
    return (++local);
}

int main(void)
{
    int count = inc_func();
    // Print the sum
    printf( "\n [%d] \n",(count + global + i));

    return 0;
}
Please note that the nm command that we mentioned in our Reverse Engineering Tools in Linux, cannot be used on an executable that is stripped using strip command.

1. Strip the symbol table using -s option

The symbol table can be stripped from an object file using -s option of strip command.
Consider the following example :
$ readelf -s example

Symbol table '.dynsym' contains 4 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)

Symbol table '.symtab' contains 69 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000400238     0 SECTION LOCAL  DEFAULT    1
     2: 0000000000400254     0 SECTION LOCAL  DEFAULT    2
     ..
   28: 000000000040046c     0 FUNC    LOCAL  DEFAULT   14 call_gmon_start
    29: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    30: 0000000000600e18     0 OBJECT  LOCAL  DEFAULT   19 __CTOR_LIST__
    31: 0000000000600e28     0 OBJECT  LOCAL  DEFAULT   20 __DTOR_LIST__
    32: 0000000000600e38     0 OBJECT  LOCAL  DEFAULT   21 __JCR_LIST__
    33: 0000000000400490     0 FUNC    LOCAL  DEFAULT   14 __do_global_dtors_aux
    34: 0000000000601028     1 OBJECT  LOCAL  DEFAULT   26 completed.7382
    35: 0000000000601030     8 OBJECT  LOCAL  DEFAULT   26 dtor_idx.7384
    36: 0000000000400500     0 FUNC    LOCAL  DEFAULT   14 frame_dummy
    37: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    38: 0000000000600e20     0 OBJECT  LOCAL  DEFAULT   19 __CTOR_END__
    39: 0000000000400750     0 OBJECT  LOCAL  DEFAULT   18 __FRAME_END__
    40: 0000000000600e38     0 OBJECT  LOCAL  DEFAULT   21 __JCR_END__
    41: 0000000000400630     0 FUNC    LOCAL  DEFAULT   14 __do_global_ctors_aux
    42: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS example.c
    43: 0000000000601020     4 OBJECT  LOCAL  DEFAULT   25 i
    44: 0000000000601038     4 OBJECT  LOCAL  DEFAULT   26 local.2047
    45: 0000000000600fe8     0 OBJECT  LOCAL  HIDDEN   24 _GLOBAL_OFFSET_TABLE_
    46: 0000000000600e14     0 NOTYPE  LOCAL  HIDDEN   19 __init_array_end
    47: 0000000000600e14     0 NOTYPE  LOCAL  HIDDEN   19 __init_array_start
    48: 0000000000600e40     0 OBJECT  LOCAL  HIDDEN   22 _DYNAMIC
    49: 0000000000601010     0 NOTYPE  WEAK   DEFAULT   25 data_start
    50: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@@GLIBC_2.2.5
    51: 0000000000400590     2 FUNC    GLOBAL DEFAULT   14 __libc_csu_fini
    52: 0000000000400440     0 FUNC    GLOBAL DEFAULT   14 _start
    53: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
    54: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses
    55: 0000000000400668     0 FUNC    GLOBAL DEFAULT   15 _fini
    56: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@@GLIBC_
    57: 0000000000601024     4 OBJECT  GLOBAL DEFAULT   25 global
    58: 0000000000400678     4 OBJECT  GLOBAL DEFAULT   16 _IO_stdin_used
    59: 0000000000601010     0 NOTYPE  GLOBAL DEFAULT   25 __data_start
    60: 0000000000601018     0 OBJECT  GLOBAL HIDDEN   25 __dso_handle
    61: 0000000000600e30     0 OBJECT  GLOBAL HIDDEN   20 __DTOR_END__
    62: 00000000004005a0   137 FUNC    GLOBAL DEFAULT   14 __libc_csu_init
    63: 0000000000601028     0 NOTYPE  GLOBAL DEFAULT  ABS __bss_start
    64: 0000000000601040     0 NOTYPE  GLOBAL DEFAULT  ABS _end
    65: 0000000000601028     0 NOTYPE  GLOBAL DEFAULT  ABS _edata
    66: 0000000000400524    27 FUNC    GLOBAL DEFAULT   14 inc_func
    67: 000000000040053f    67 FUNC    GLOBAL DEFAULT   14 main
    68: 00000000004003f0     0 FUNC    GLOBAL DEFAULT   12 _init
The above output indicates that the executable contains the following symbols initially. Now lets strip the symbol table using -s option and then again see the output :
$ strip -s example
$ readelf -s example

Symbol table '.dynsym' contains 4 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)
As can be seen clearly from the above output, the complete symbol table was stripped off.

2. Remove debug symbols only using –strip-debug option

Consider the following example :
$ strip --strip-debug example
Now lets check the symbol table (partial output shown below):
$ readelf -a example
ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x400440
  Start of program headers:          64 (bytes into file)
  Start of section headers:          4464 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         9
  Size of section headers:           64 (bytes)
  Number of section headers:         31
  Section header string table index: 28

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 5] .gnu.hash         GNU_HASH         00000000004002c0  000002c0
       000000000000001c  0000000000000000   A       6     0     8
  [29] .symtab           SYMTAB           0000000000000000  00001930
       0000000000000630  0000000000000018          30    46     8
  [30] .strtab           STRTAB           0000000000000000  00001f60
       00000000000001fd  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)

There are no section groups in this file.

Program Headers:
  Type           Offset             VirtAddr           PhysAddr
                 FileSiz            MemSiz              Flags  Align
  PHDR           0x0000000000000040 0x0000000000400040 0x0000000000400040
                 0x00000000000001f8 0x00000000000001f8  R E    8
  ..
                0x0000000000000000 0x0000000000000000  RW     8
  GNU_RELRO      0x0000000000000e18 0x0000000000600e18 0x0000000000600e18
                 0x00000000000001e8 0x00000000000001e8  R      1

 Section to Segment mapping:
  Segment Sections...
   00
   01     .interp
   02     .interp .note.ABI-tag .note.gnu.build-id .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame
   03     .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
   04     .dynamic
   05     .note.ABI-tag .note.gnu.build-id
   06     .eh_frame_hdr
   07
   08     .ctors .dtors .jcr .dynamic .got 

Dynamic section at offset 0xe40 contains 21 entries:
  Tag        Type                         Name/Value
 0x0000000000000001 (NEEDED)             Shared library: [libc.so.6]
 ..
 0x0000000000000000 (NULL)               0x0

Relocation section '.rela.dyn' at offset 0x3a8 contains 1 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000600fe0  000200000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0

Relocation section '.rela.plt' at offset 0x3c0 contains 2 entries:
  Offset          Info           Type           Sym. Value    Sym. Name + Addend
000000601000  000100000007 R_X86_64_JUMP_SLO 0000000000000000 printf + 0
000000601008  000300000007 R_X86_64_JUMP_SLO 0000000000000000 __libc_start_main + 0

There are no unwind sections in this file.

Symbol table '.dynsym' contains 4 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)

Symbol table '.symtab' contains 66 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 000000000040046c     0 FUNC    LOCAL  DEFAULT   14 call_gmon_start
     2: 0000000000600e18     0 OBJECT  LOCAL  DEFAULT   19 __CTOR_LIST__
     ...
    61: 0000000000601040     0 NOTYPE  GLOBAL DEFAULT  ABS _end
    62: 0000000000601028     0 NOTYPE  GLOBAL DEFAULT  ABS _edata
    63: 0000000000400524    27 FUNC    GLOBAL DEFAULT   14 inc_func
    64: 000000000040053f    67 FUNC    GLOBAL DEFAULT   14 main
    65: 00000000004003f0     0 FUNC    GLOBAL DEFAULT   12 _init

Histogram for bucket list length (total of 3 buckets):
 Length  Number     % of total  Coverage
      0  0          (  0.0%)
      1  3          (100.0%)    100.0%

..

Notes at offset 0x00000254 with length 0x00000020:
  Owner  Data size Description
  GNU  0x00000010 NT_GNU_ABI_TAG (ABI version tag)

Notes at offset 0x00000274 with length 0x00000024:
  Owner  Data size Description
  GNU  0x00000014 NT_GNU_BUILD_ID (unique build ID bitstring)
Now if we compare the above output with the non stripped output of the same file then we see that the debug information highlighted in bold has been stripped off :
...
   36: 0000000000400500     0 FUNC    LOCAL  DEFAULT   14 frame_dummy
    37: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c
    38: 0000000000600e20     0 OBJECT  LOCAL  DEFAULT   19 __CTOR_END__
    39: 0000000000400750     0 OBJECT  LOCAL  DEFAULT   18 __FRAME_END__
    40: 0000000000600e38     0 OBJECT  LOCAL  DEFAULT   21 __JCR_END__
    41: 0000000000400630     0 FUNC    LOCAL  DEFAULT   14 __do_global_ctors_aux
 42: 0000000000000000 0 FILE LOCAL DEFAULT ABS example.c
    43: 0000000000601020     4 OBJECT  LOCAL  DEFAULT   25 i
    44: 0000000000601038     4 OBJECT  LOCAL  DEFAULT   26 local.2047
    45: 0000000000600fe8     0 OBJECT  LOCAL  HIDDEN   24 _GLOBAL_OFFSET_TABLE_
    46: 0000000000600e14     0 NOTYPE  LOCAL  HIDDEN   19 __init_array_end
...

3. Remove a particular section using -R option

If required, a complete section can be explicitly removed using the -R option.
Consider the following example :
Here, first we check all the section headers in non-stripped version of executable :
$ readelf -S example
There are 31 section headers, starting at offset 0x1170:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000400238  00000238
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             0000000000400254  00000254
       0000000000000020  0000000000000000   A       0     0     4
  [ 3] .note.gnu.build-i NOTE             0000000000400274  00000274
       0000000000000024  0000000000000000   A       0     0     4
  [ 4] .hash             HASH             0000000000400298  00000298
       0000000000000024  0000000000000004   A       6     0     8
  [ 5] .gnu.hash         GNU_HASH         00000000004002c0  000002c0
       000000000000001c  0000000000000000   A       6     0     8
  [ 6] .dynsym           DYNSYM           00000000004002e0  000002e0
       0000000000000060  0000000000000018   A       7     1     8
  [ 7] .dynstr           STRTAB           0000000000400340  00000340
       000000000000003f  0000000000000000   A       0     0     1
  [ 8] .gnu.version VERSYM 0000000000400380 00000380 0000000000000008 0000000000000002 A 6 0 2
  [ 9] .gnu.version_r    VERNEED          0000000000400388  00000388
       0000000000000020  0000000000000000   A       7     1     8
  [10] .rela.dyn         RELA             00000000004003a8  000003a8
       0000000000000018  0000000000000018   A       6     0     8
  [11] .rela.plt         RELA             00000000004003c0  000003c0
       0000000000000030  0000000000000018   A       6    13     8
  [12] .init             PROGBITS         00000000004003f0  000003f0
       0000000000000018  0000000000000000  AX       0     0     4
  [13] .plt              PROGBITS         0000000000400408  00000408
       0000000000000030  0000000000000010  AX       0     0     4
  [14] .text             PROGBITS         0000000000400440  00000440
       0000000000000228  0000000000000000  AX       0     0     16
  [15] .fini             PROGBITS         0000000000400668  00000668
       000000000000000e  0000000000000000  AX       0     0     4
  [16] .rodata           PROGBITS         0000000000400678  00000678
       000000000000000d  0000000000000000   A       0     0     4
  [17] .eh_frame_hdr     PROGBITS         0000000000400688  00000688
       000000000000002c  0000000000000000   A       0     0     4
  [18] .eh_frame         PROGBITS         00000000004006b8  000006b8
       000000000000009c  0000000000000000   A       0     0     8
  [19] .ctors            PROGBITS         0000000000600e18  00000e18
       0000000000000010  0000000000000000  WA       0     0     8
  [20] .dtors            PROGBITS         0000000000600e28  00000e28
       0000000000000010  0000000000000000  WA       0     0     8
  [21] .jcr              PROGBITS         0000000000600e38  00000e38
       0000000000000008  0000000000000000  WA       0     0     8
  [22] .dynamic          DYNAMIC          0000000000600e40  00000e40
       00000000000001a0  0000000000000010  WA       7     0     8
  [23] .got              PROGBITS         0000000000600fe0  00000fe0
       0000000000000008  0000000000000008  WA       0     0     8
  [24] .got.plt          PROGBITS         0000000000600fe8  00000fe8
       0000000000000028  0000000000000008  WA       0     0     8
  [25] .data             PROGBITS         0000000000601010  00001010
       0000000000000018  0000000000000000  WA       0     0     8
  [26] .bss              NOBITS           0000000000601028  00001028
       0000000000000018  0000000000000000  WA       0     0     8
  [27] .comment          PROGBITS         0000000000000000  00001028
       0000000000000048  0000000000000001  MS       0     0     1
  [28] .shstrtab         STRTAB           0000000000000000  00001070
       00000000000000fe  0000000000000000           0     0     1
  [29] .symtab           SYMTAB           0000000000000000  00001930
       0000000000000678  0000000000000018          30    49     8
  [30] .strtab           STRTAB           0000000000000000  00001fa8
       0000000000000212  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)
Now, lets strip the .gnu.version section from the executable :
strip -R .gnu.version example
Now, if we cross check the list of sections :
$ readelf -S example
There are 28 section headers, starting at offset 0x1158:

Section Headers:
  [Nr] Name              Type             Address           Offset
       Size              EntSize          Flags  Link  Info  Align
  [ 0]                   NULL             0000000000000000  00000000
       0000000000000000  0000000000000000           0     0     0
  [ 1] .interp           PROGBITS         0000000000400238  00000238
       000000000000001c  0000000000000000   A       0     0     1
  [ 2] .note.ABI-tag     NOTE             0000000000400254  00000254
       0000000000000020  0000000000000000   A       0     0     4
  [ 3] .note.gnu.build-i NOTE             0000000000400274  00000274
       0000000000000024  0000000000000000   A       0     0     4
  [ 4] .hash             HASH             0000000000400298  00000298
       0000000000000024  0000000000000004   A       6     0     8
  [ 5] .gnu.hash         GNU_HASH         00000000004002c0  000002c0
       000000000000001c  0000000000000000   A       6     0     8
  [ 6] .dynsym           DYNSYM           00000000004002e0  000002e0
       0000000000000060  0000000000000018   A       7     1     8
  [ 7] .dynstr           STRTAB           0000000000400340  00000340
       000000000000003f  0000000000000000   A       0     0     1
  [ 8] .gnu.version_r    VERNEED          0000000000400388  00000388
       0000000000000020  0000000000000000   A       7     1     8
  [ 9] .rela.dyn         RELA             00000000004003a8  000003a8
       0000000000000018  0000000000000018   A       6     0     8
  [10] .rela.plt         RELA             00000000004003c0  000003c0
       0000000000000030  0000000000000018   A       6    12     8
  [11] .init             PROGBITS         00000000004003f0  000003f0
       0000000000000018  0000000000000000  AX       0     0     4
  [12] .plt              PROGBITS         0000000000400408  00000408
       0000000000000030  0000000000000010  AX       0     0     4
  [13] .text             PROGBITS         0000000000400440  00000440
       0000000000000228  0000000000000000  AX       0     0     16
  [14] .fini             PROGBITS         0000000000400668  00000668
       000000000000000e  0000000000000000  AX       0     0     4
  [15] .rodata           PROGBITS         0000000000400678  00000678
       000000000000000d  0000000000000000   A       0     0     4
  [16] .eh_frame_hdr     PROGBITS         0000000000400688  00000688
       000000000000002c  0000000000000000   A       0     0     4
  [17] .eh_frame         PROGBITS         00000000004006b8  000006b8
       000000000000009c  0000000000000000   A       0     0     8
  [18] .ctors            PROGBITS         0000000000600e18  00000e18
       0000000000000010  0000000000000000  WA       0     0     8
  [19] .dtors            PROGBITS         0000000000600e28  00000e28
       0000000000000010  0000000000000000  WA       0     0     8
  [20] .jcr              PROGBITS         0000000000600e38  00000e38
       0000000000000008  0000000000000000  WA       0     0     8
  [21] .dynamic          DYNAMIC          0000000000600e40  00000e40
       00000000000001a0  0000000000000010  WA       7     0     8
  [22] .got              PROGBITS         0000000000600fe0  00000fe0
       0000000000000008  0000000000000008  WA       0     0     8
  [23] .got.plt          PROGBITS         0000000000600fe8  00000fe8
       0000000000000028  0000000000000008  WA       0     0     8
  [24] .data             PROGBITS         0000000000601010  00001010
       0000000000000018  0000000000000000  WA       0     0     8
  [25] .bss              NOBITS           0000000000601028  00001028
       0000000000000018  0000000000000000  WA       0     0     8
  [26] .comment          PROGBITS         0000000000000000  00001028
       0000000000000048  0000000000000001  MS       0     0     1
  [27] .shstrtab         STRTAB           0000000000000000  00001070
       00000000000000e1  0000000000000000           0     0     1
Key to Flags:
  W (write), A (alloc), X (execute), M (merge), S (strings)
  I (info), L (link order), G (group), x (unknown)
  O (extra OS processing required) o (OS specific), p (processor specific)
So we see that the .gnu.version section was stripped off.

4. Remove unneeded symbols using –strip-unneeded option

The unneeded symbols that are not required for relocation processing can be stripped off using the –strip-unneeded option.
Consider the following example :
$ strip --strip-unneeded example
The above command should have stripped the unneeded symbols from the executable.
Confirm this using the readelf command. In the output of readelf command, you’ll notice that unneeded information like .symtab section etc were stripped off.
$ readelf -a example

5. Shield a particular symbol from stripping using -K option

In a scenario where all the symbols are needed to be stripped off except one, then this can be achieved by supplying the symbol name along with the -K option.
Consider the example below :
$ strip -s -Kexample.c example
$ readelf -s example

Symbol table '.dynsym' contains 4 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)

Symbol table '.symtab' contains 29 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000 0 FILE LOCAL DEFAULT ABS example.c
...
...
...
So we see that the symbol example.c was not stripped off. Please note that multiple -K options can be used in the same command.
Note: I am not sure why some other symbols were also not stripped off along with example.c in the example above. Any type of knowledge and suggestions are welcome on this.

6. Strip off a particular symbol using -N option

In a scenario where only a particular symbol is to be stripped off, just supply the symbol name along with the -N option.
Consider the example below :
$ strip -Nexample.c example
The above command should have stripped off the symbol example.c from the executable.
Confirming it using readelf :
$ readelf -s example

Symbol table '.dynsym' contains 4 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@GLIBC_2.2.5 (2)
     2: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
     3: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@GLIBC_2.2.5 (2)

Symbol table '.symtab' contains 68 entries:
   Num:    Value          Size Type    Bind   Vis      Ndx Name
     0: 0000000000000000     0 NOTYPE  LOCAL  DEFAULT  UND
     1: 0000000000400238     0 SECTION LOCAL  DEFAULT    1
     2: 0000000000400254     0 SECTION LOCAL  DEFAULT    2
     3: 0000000000400274     0 SECTION LOCAL  DEFAULT    3
     4: 0000000000400298     0 SECTION LOCAL  DEFAULT    4
     5: 00000000004002c0     0 SECTION LOCAL  DEFAULT    5
     6: 00000000004002e0     0 SECTION LOCAL  DEFAULT    6
     7: 0000000000400340     0 SECTION LOCAL  DEFAULT    7
     8: 0000000000400380     0 SECTION LOCAL  DEFAULT    8
     9: 0000000000400388     0 SECTION LOCAL  DEFAULT    9
    10: 00000000004003a8     0 SECTION LOCAL  DEFAULT   10
    11: 00000000004003c0     0 SECTION LOCAL  DEFAULT   11
    12: 00000000004003f0     0 SECTION LOCAL  DEFAULT   12
    13: 0000000000400408     0 SECTION LOCAL  DEFAULT   13
    14: 0000000000400440     0 SECTION LOCAL  DEFAULT   14
    15: 0000000000400668     0 SECTION LOCAL  DEFAULT   15
    16: 0000000000400678     0 SECTION LOCAL  DEFAULT   16
    17: 0000000000400688     0 SECTION LOCAL  DEFAULT   17
    18: 00000000004006b8     0 SECTION LOCAL  DEFAULT   18
    19: 0000000000600e18     0 SECTION LOCAL  DEFAULT   19
    20: 0000000000600e28     0 SECTION LOCAL  DEFAULT   20
    21: 0000000000600e38     0 SECTION LOCAL  DEFAULT   21
    22: 0000000000600e40     0 SECTION LOCAL  DEFAULT   22
    23: 0000000000600fe0     0 SECTION LOCAL  DEFAULT   23
    24: 0000000000600fe8     0 SECTION LOCAL  DEFAULT   24
    25: 0000000000601010     0 SECTION LOCAL  DEFAULT   25
    26: 0000000000601028     0 SECTION LOCAL  DEFAULT   26
    27: 0000000000000000     0 SECTION LOCAL  DEFAULT   27
    28: 000000000040046c     0 FUNC    LOCAL  DEFAULT   14 call_gmon_start
    29: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    30: 0000000000600e18     0 OBJECT  LOCAL  DEFAULT   19 __CTOR_LIST__
    31: 0000000000600e28     0 OBJECT  LOCAL  DEFAULT   20 __DTOR_LIST__
    32: 0000000000600e38     0 OBJECT  LOCAL  DEFAULT   21 __JCR_LIST__
    33: 0000000000400490     0 FUNC    LOCAL  DEFAULT   14 __do_global_dtors_aux
    34: 0000000000601028     1 OBJECT  LOCAL  DEFAULT   26 completed.7382
    35: 0000000000601030     8 OBJECT  LOCAL  DEFAULT   26 dtor_idx.7384
    36: 0000000000400500     0 FUNC    LOCAL  DEFAULT   14 frame_dummy
    37: 0000000000000000     0 FILE    LOCAL  DEFAULT  ABS crtstuff.c
    38: 0000000000600e20     0 OBJECT  LOCAL  DEFAULT   19 __CTOR_END__
    39: 0000000000400750     0 OBJECT  LOCAL  DEFAULT   18 __FRAME_END__
    40: 0000000000600e38     0 OBJECT  LOCAL  DEFAULT   21 __JCR_END__
    41: 0000000000400630     0 FUNC    LOCAL  DEFAULT   14 __do_global_ctors_aux
    42: 0000000000601020     4 OBJECT  LOCAL  DEFAULT   25 i
    43: 0000000000601038     4 OBJECT  LOCAL  DEFAULT   26 local.2047
    44: 0000000000600fe8     0 OBJECT  LOCAL  HIDDEN   24 _GLOBAL_OFFSET_TABLE_
    45: 0000000000600e14     0 NOTYPE  LOCAL  HIDDEN   19 __init_array_end
    46: 0000000000600e14     0 NOTYPE  LOCAL  HIDDEN   19 __init_array_start
    47: 0000000000600e40     0 OBJECT  LOCAL  HIDDEN   22 _DYNAMIC
    48: 0000000000601010     0 NOTYPE  WEAK   DEFAULT   25 data_start
    49: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND printf@@GLIBC_2.2.5
    50: 0000000000400590     2 FUNC    GLOBAL DEFAULT   14 __libc_csu_fini
    51: 0000000000400440     0 FUNC    GLOBAL DEFAULT   14 _start
    52: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND __gmon_start__
    53: 0000000000000000     0 NOTYPE  WEAK   DEFAULT  UND _Jv_RegisterClasses
    54: 0000000000400668     0 FUNC    GLOBAL DEFAULT   15 _fini
    55: 0000000000000000     0 FUNC    GLOBAL DEFAULT  UND __libc_start_main@@GLIBC_
    56: 0000000000601024     4 OBJECT  GLOBAL DEFAULT   25 global
    57: 0000000000400678     4 OBJECT  GLOBAL DEFAULT   16 _IO_stdin_used
    58: 0000000000601010     0 NOTYPE  GLOBAL DEFAULT   25 __data_start
    59: 0000000000601018     0 OBJECT  GLOBAL HIDDEN   25 __dso_handle
    60: 0000000000600e30     0 OBJECT  GLOBAL HIDDEN   20 __DTOR_END__
    61: 00000000004005a0   137 FUNC    GLOBAL DEFAULT   14 __libc_csu_init
    62: 0000000000601028     0 NOTYPE  GLOBAL DEFAULT  ABS __bss_start
    63: 0000000000601040     0 NOTYPE  GLOBAL DEFAULT  ABS _end
    64: 0000000000601028     0 NOTYPE  GLOBAL DEFAULT  ABS _edata
    65: 0000000000400524    27 FUNC    GLOBAL DEFAULT   14 inc_func
    66: 000000000040053f    67 FUNC    GLOBAL DEFAULT   14 main
    67: 00000000004003f0     0 FUNC    GLOBAL DEFAULT   12 _init
So the absence of example.c symbol in the above output confirms that it was stripped off.

7. Create a new stripped off file using -o option

By default the strip command replaces the existing executable or object file with the stripped off version of the same. But, in case there is a requirement that the stripped file should not replace the original one then that can be done by supplying the name of the new file along with the -o option.
Consider the following example:
$ strip -s -ostripped_example example
$ ls -lart stripped_example
-rwxr-xr-x 1 himanshu family 6304 2012-08-22 21:49 stripped_example
So we see that the new file ‘stripped_example’ was created.

8. Preserve the access and modification date/time using -p option

In a scenario where the modification and access dates/time are to be preserved in the stripped off file, the option -p is used.
Consider the following example :
Lets first check the access and modification time of the original file using stat command:
$ stat example
  File: `example'
  Size: 8634       Blocks: 24         IO Block: 4096   regular file
Device: 805h/2053d Inode: 1443986     Links: 1
Access: (0755/-rwxr-xr-x)  Uid: ( 1000/himanshu)   Gid: ( 1001/  family)
Access: 2012-08-22 21:54:28.393778010 +0530
Modify: 2012-08-22 21:54:28.393778010 +0530
Change: 2012-08-22 21:54:28.393778010 +0530
Now, we strip the file :
$ strip -s -p example
Now, check the access and modification time again :
$ stat example
  File: `example'
  Size: 6304       Blocks: 16         IO Block: 4096   regular file
Device: 805h/2053d Inode: 1447364     Links: 1
Access: (0755/-rwxr-xr-x)  Uid: ( 1000/himanshu)   Gid: ( 1001/  family)
Access: 2012-08-22 21:54:28.000000000 +0530
Modify: 2012-08-22 21:54:28.000000000 +0530
Change: 2012-08-22 21:54:38.033844203 +0530
So we see that the access and modification time were preserved up to the seconds level.

9. Read command line options from file using the @file option

Consider the following example :
$ echo "-s example"
-s example

$ echo "-s example" > options.txt

$ cat options.txt
-s example

$ strip @options.txt
So the above output indicates that the strip command accepted the output from the file options.txt.

10. Get verbose output using -v option

If detailed information needs to be seen regarding what’s going behind the scene (when strip command works), the -v option can be used.
Consider the following example :
$ strip -v example a.out bufferoverflow
copy from `example' [elf64-x86-64] to `stiBqF4K' [elf64-x86-64]
copy from `a.out' [elf64-x86-64] to `stN5L0lp' [elf64-x86-64]
copy from `bufferoverflow' [elf64-x86-64] to `stYVKfE3' [elf64-x86-64]
So we see that information on intermediate steps was produced in the output when strip command was asked to strip down three executables.

No comments:

Post a Comment