From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gdb-return-29153-listarch-gdb=sources.redhat.com@sourceware.org>
Received: (qmail 32149 invoked by alias); 18 Jul 2007 21:56:47 -0000
Received: (qmail 32140 invoked by uid 22791); 18 Jul 2007 21:56:47 -0000
X-Spam-Check-By: sourceware.org
Received: from euclid.ucsd.edu (HELO euclid.ucsd.edu) (132.239.145.52)     by sourceware.org (qpsmtpd/0.31) with ESMTP; Wed, 18 Jul 2007 21:56:41 +0000
Received: from zeno.ucsd.edu (zeno.ucsd.edu [132.239.145.22]) 	by euclid.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id l6ILudj23174 	for <gdb@sourceware.org>; Wed, 18 Jul 2007 14:56:39 -0700 (PDT)
Received: from localhost (neldredg@localhost) 	by zeno.ucsd.edu (8.11.7p3+Sun/8.11.7) with ESMTP id l6ILudu01055 	for <gdb@sourceware.org>; Wed, 18 Jul 2007 14:56:39 -0700 (PDT)
Date: Thu, 19 Jul 2007 03:09:00 -0000
From: Nate Eldredge <neldredge@math.ucsd.edu>
To: gdb@sourceware.org
Subject: Add to symbol table for reverse engineering?
Message-ID: <Pine.GSO.4.64.0707181341040.15725@zeno.ucsd.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Mailing-List: contact gdb-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gdb.sourceware.org>
List-Subscribe: <mailto:gdb-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/gdb/>
List-Post: <mailto:gdb@sourceware.org>
List-Help: <mailto:gdb-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: gdb-owner@sourceware.org
X-SW-Source: 2007-07/txt/msg00147.txt.bz2

Hi all,

I am trying to reverse engineer a stripped binary using gdb.  I wonder if 
there is a way to interactively add symbols as I go.  For example, suppose 
I discover that 0xdeadbeef is the address of a function that does "foo". 
Presumably the binary originally had an entry "foo = 0xdeadbeef" in its 
symbol table, which is now gone.  I would like to be able to "put it back" 
and use it with gdb's convenient symbol features.  For instance, if I come 
across a "call 0xdeadbeef" instruction elsewhere in the program, I would 
like the gdb disassembler to tag it as "call 0xdeadbeef <foo>".  Is there 
any way to do this?  I didn't see such a thing in the manual.

I know I can do:

set $foo = 0xdeadbeef


so that at least the address is saved, but gdb won't do the reverse 
translation in disassembly.

I suppose it is possible to keep an external symbol table which I load, 
but then I would have to have a separate file which I have to paste in 
stuff from gdb, and then reload it every time I add something new.

-- 

Nate Eldredge
neldredge@math.ucsd.edu