When I debug any program with debugger (for example OllyDbg), in disassembled assembly code, I can see function names, for example:
push 0
call msvcrt.exit
How does the debugger know the function names? Where do they come from? In machine code, it is represented as call address
. So how debugger knows it?
Compilers generate "symbols" files, providing to debuggers a way to show the name of a symbol that corresponds to a particular address or an offset. This is highly system-dependent: for example, VS toolchain on Windows places these symbols in separate .pdb files, while on some UNIX flavors these debug symbols are embedded into the executable. EDIT : According to the comments, OllyDbg pulls symbols from the Import Address Table embedded in executable files.
When symbols are embedded into the executable, compiler vendors provide a tool to remove these symbols. For example, GNU provides the strip
utility to work with their toolchain.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With