Hello, I tried this script: http://www.brendangregg.com/DTrace/dappprof (using pid provider to construct call graph by tracing function entries/returns), on an ELF binary with symbol table (.symtab) stripped away. The Dtrace script was still able to generates the call graph with symbolic function names and addresses, for example:
.... 874/1: 450 . . -> ld.so.1:stravl_insert(0xD17C2679, 0x0, 0x0) 874/1: 450 . . -> ld.so.1:pnavl_create(0x18, 0x0, 0x0) 874/1: 450 . . -> ld.so.1:malloc(0x14, 0x0, 0x0) 874/1: 450 . . -> ld.so.1:split(0xD17FEB78, 0x18, 0x0) 874/1: 450 0 0 <- ld.so.1:split = 79 874/1: 450 0 0 <- ld.so.1:malloc = 212 874/1: 450 . . -> ld.so.1:avl_create(0xD17FEB88, 0xD17D2EC0, 0x18) 874/1: 450 0 0 <- ld.so.1:avl_create = 32 874/1: 450 0 0 <- ld.so.1:pnavl_create = 66 874/1: 450 . . -> ld.so.1:strlen(0xD17C2679, 0x0, 0x0) 874/1: 450 0 0 <- ld.so.1:strlen = 85 .... I am really curious and interested to know how the pid provider can figure out the symbolic information of the called functions from a stripped program. Could someone help me demystify the mechanism? Thanks in advance.
_______________________________________________ dtrace-discuss mailing list dtrace-discuss@opensolaris.org
