I have a shared library /opt/evince-3.28.4/lib/evince/4/backends/libpdfdocument.so. In GDB, I can easily detect a function at offset 0xa830 of this library, as shown below:

(gdb) disas 0xa830
Dump of assembler code for function ev_link_from_action(PdfDocument*, PopplerAction*):
   0x000000000000a830 <+0>:     cmpl   $0xa,(%rsi)
   0x000000000000a833 <+3>:     ja     0xaaf0 <ev_link_from_action(PdfDocument*, PopplerAction*)+704>
   0x000000000000a839 <+9>:     push   %r15
   0x000000000000a83b <+11>:    push   %r14
   0x000000000000a83d <+13>:    lea    0x5f28(%rip),%rdx        # 0x1076c

The output of objdump -D on the library for this offset is shown below:

a826:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
a82d:   00 00 00 
a830:   83 3e 0a                cmpl   $0xa,(%rsi)
a833:   0f 87 b7 02 00 00       ja     aaf0 <__cxa_finalize@plt+0x1d10>
a839:   41 57                   push   %r15

No function name is printed at 0xa830. Also, the output of objdump -t on the library does not contain this offset. How can I detect the symbol name assuming the offset is known and GDB is not available?

P.S.: The shared library contains debuginfo. The relevant portion of objdump -h on the library is shown below:

 25 .debug_aranges 00000030  0000000000000000  0000000000000000  00014bd9  2**0
              CONTENTS, READONLY, DEBUGGING
 26 .debug_info   00014b8d  0000000000000000  0000000000000000  00014c09  2**0
              CONTENTS, READONLY, DEBUGGING
 27 .debug_abbrev 00000773  0000000000000000  0000000000000000  00029796  2**0
              CONTENTS, READONLY, DEBUGGING
 28 .debug_line   00002036  0000000000000000  0000000000000000  00029f09  2**0
              CONTENTS, READONLY, DEBUGGING
 29 .debug_str    0000c377  0000000000000000  0000000000000000  0002bf3f  2**0
              CONTENTS, READONLY, DEBUGGING
 30 .debug_loc    0000d45f  0000000000000000  0000000000000000  000382b6  2**0
              CONTENTS, READONLY, DEBUGGING
 31 .debug_ranges 00001080  0000000000000000  0000000000000000  00045715  2**0
              CONTENTS, READONLY, DEBUGGING

I have a shared library /opt/evince-3.28.4/lib/evince/4/backends/libpdfdocument.so. In GDB, I can easily detect a function at offset 0xa830 of this library, as shown below:

(gdb) disas 0xa830
Dump of assembler code for function ev_link_from_action(PdfDocument*, PopplerAction*):
   0x000000000000a830 <+0>:     cmpl   $0xa,(%rsi)
   0x000000000000a833 <+3>:     ja     0xaaf0 <ev_link_from_action(PdfDocument*, PopplerAction*)+704>
   0x000000000000a839 <+9>:     push   %r15
   0x000000000000a83b <+11>:    push   %r14
   0x000000000000a83d <+13>:    lea    0x5f28(%rip),%rdx        # 0x1076c

The output of objdump -D on the library for this offset is shown below:

a826:   66 2e 0f 1f 84 00 00    nopw   %cs:0x0(%rax,%rax,1)
a82d:   00 00 00 
a830:   83 3e 0a                cmpl   $0xa,(%rsi)
a833:   0f 87 b7 02 00 00       ja     aaf0 <__cxa_finalize@plt+0x1d10>
a839:   41 57                   push   %r15

No function name is printed at 0xa830. Also, the output of objdump -t on the library does not contain this offset. How can I detect the symbol name assuming the offset is known and GDB is not available?

P.S.: The shared library contains debuginfo. The relevant portion of objdump -h on the library is shown below:

 25 .debug_aranges 00000030  0000000000000000  0000000000000000  00014bd9  2**0
              CONTENTS, READONLY, DEBUGGING
 26 .debug_info   00014b8d  0000000000000000  0000000000000000  00014c09  2**0
              CONTENTS, READONLY, DEBUGGING
 27 .debug_abbrev 00000773  0000000000000000  0000000000000000  00029796  2**0
              CONTENTS, READONLY, DEBUGGING
 28 .debug_line   00002036  0000000000000000  0000000000000000  00029f09  2**0
              CONTENTS, READONLY, DEBUGGING
 29 .debug_str    0000c377  0000000000000000  0000000000000000  0002bf3f  2**0
              CONTENTS, READONLY, DEBUGGING
 30 .debug_loc    0000d45f  0000000000000000  0000000000000000  000382b6  2**0
              CONTENTS, READONLY, DEBUGGING
 31 .debug_ranges 00001080  0000000000000000  0000000000000000  00045715  2**0
              CONTENTS, READONLY, DEBUGGING

• linux
• gdb
• debug-symbols
• objdump
• dwarf

• 1 Comment as this isn't really answering your question, but I don't believe that objdump makes use of debug symbols in its disassembly output, it only uses symbols found in the ELF symbol table, which will only be externally visible functions. I'm not aware of a tool that can do offset to function name mapping other than GDB, though there probably is one. – Andrew Commented Nov 17, 2024 at 8:46
• @Andrew In fact, I would prefer to use GDB. I need mangled symbols, while GDB forces demangling even with set print demangle off and set print asm-demangle off. This occurs even on the most recent GDB version. Hence, I fell back on Objdump. – TheAhmad Commented Nov 17, 2024 at 11:58
• 1 you should consider filling a bug about the demangled symbol here: sourceware./bugzilla as that feels like it would be a pretty simple fix. – Andrew Commented Nov 18, 2024 at 9:47

1 Answer 1

How can I detect the symbol name assuming the offset is known and GDB is not available?

You'll have to use the same mechanism GDB used.

Unfortunately, you haven't told us where the libpdfdocument.so came from, and without that we can't tell you what mechanism GDB actually used.

There are two likely candidates (that I know about):

• a separate debug info file.
• a special .gnu_debugdata mini-symbols section (see this answer).