Given a .so file and function name, is there any simple way to find the function's signature through bash?
Return example:
#_ZN9CCSPlayer10SwitchTeamEi
Thank you.
My compiler mangles things a little different to yours (OSX g++) but changing your leading # to an underscore and passing the result to c++filt gives me the result that I think you want:
bash> echo __ZN9CCSPlayer10SwitchTeamEi | c++filt
CCSPlayer::SwitchTeam(int)
doing the reverse is trickier as CCSPlayer could be a namespace or a class (and I suspect they're mangled differently). However since you have the .so you can do this:
bash> nm library.so | c++filt | grep CCSPlayer::SwitchTeam
000ca120 S CCSPlayer::SwitchTeam
bash> nm library.so | grep 000ca120
000ca120 S __ZN9CCSPlayer10SwitchTeamEi
Though you might need to be a bit careful about getting some extra results. ( There are some funny symbols in those .so files sometimes)
nm has a useful --demangle flag that can demangle your .so all at once
nm --demangle library.so
Try
strings <library.so>
nm -D library.so | grep FuncName
Related
I know how to see which libraries a certain component correponds to with the command:
llvm-config --libs core
Now, suppose I get a linker error and wants to include another library to resolve it.
Say, the linker can't resolve some symbol A. Then how do I:
1) Find the library that contains the specific symbol, like e.g. LLVMCore.lib.
2) Look up contents of libraries to see what symbols it defines?
I don't understand how to do this reading the documentation.
As you have already discovered a proper LLVM-way to do this would be using llvm-config by indicating the components you intend to link against or use, e.g.
llvm-config --cxxflags --ldflags --system-libs --libs core
Other common non-llvm specific methods that you can use to find a symbol: on a Win platform (use VS native tools cmd or equivalent environment-set one):
for %f in (*.lib) do (dumpbin.exe /symbols %f | findstr /C:"your_symbol")
if you can't deal with findstr's limitations GNU grep might be a better choice.
If you have unix tools installed and in your PATH you can also use
for %f in (*.lib) do (nm -gC %f | findstr /C:"your_symbol")
as baddger964 suggests.
On a unix system:
for lib in $(find . -name \*.so) ; do nm -gC $lib | grep my_symbol | grep -v " U " ; done
(search *.so libraries in this directory for my_symbol; extern-only, demangle and exclude undefined symbols)
Given the above question 2 is trivial.
One way to see symbols of your lib is to use the nm command :
nm -gC mylib.so
I have an .SO file (note, not .a, not .dylib and not .o) and I need to get symbol information from it on OSX.
I have tried
nm -gU lib.so
However, nothing is printed out.
I can't use otool because it's not an object file, and readelf does not exists on OSX. How do I get the symbol information?
Please note, that I am using this .so file in another project, and there is symbol information. I am able to load the library, and reference functions from it. However, I have yet to find a tool on OSX to let me print the symbol information from it.
As asked,
file lib.so
ELF 32-bit LSB shared object, ARM, version 1 (SYSV), dynamically linked, stripped
Try using c++filt piped from nm:
nm lib.so | c++filt -p -i
c++filt - Demangle C++ and Java symbols.
-p
--no-params
When demangling the name of a function, do not display the types of
the function's parameters.
-i
--no-verbose
Do not include implementation details (if any) in the demangled
output.
EDIT: Based upon the new (ARM) info provided in the question, try using symbols instead:
symbols lib.so -arch arm | awk '{print $4}'
I've used awk to simplify output; remove to output everything.
Manual page : Symbols
https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man1/nm.1.html
Nm displays the name list (symbol table) of each object file in the argument list. If an argument is
an archive, a listing for each object file in the archive will be produced. File can be of the form
libx.a(x.o), in which case only symbols from that member of the object file are listed. (The paren-
theses have to be quoted to get by the shell.) If no file is given, the symbols in a.out are listed.
I have c++filt command to demangle a symbol, what is the tool to do the opposite and mangle a symbol name?
This would be useful if I were to want to call dlsym() on a mangled C++ function name. I'd rather not hard code the name mangling in the code since it could change over time due to new complier versions or new compiler brands being used or at present due to compiling for multiple platforms.
Is there a programatic way to get the string that represents a C++ function at runtime so that the code is compiler independent? One way to possibly do this would be to call a utility at compile time that performs the name mangling for the compiler being used and inserts the appropriate mangled C++ symbol name into a string for dlsym() to use.
Here is the closest to a solution I've found on this site which is accomplished by using a fixed C style name to indirect to C++ symbols that are defined in the library you wish to dlsym(), but if you do not have control over what that library provides, this is not an option.
That's how g++ mangles names. You might implement those mangling rules on your program.
Another (crazy) solution would be to list all of the symbols in the library you want to use (it's not so difficult if you understand the format), demangle them all, and search your function's name in that list. The advantage with this method is that demangling is easier, as there is a function call to do it: abi::__cxa_demangle, from cxxabi.h header.
You may be able to get what you want by looking at the symbol table
of the .so you are looking at: Someone else answered this already
Returning a shared library symbol table.
However, if there are too many symbols ... that may not work.
So here's a crazy idea. Caveat emptor!
A potential solution is to:
create a file with a stub with exactly one name: the name you want: void myfunction() { }
compile that file (with -fPIC and -shared so it's a dynamic library)
call dlopen/dlsym on that particular file
Iterate through the symbols (there should just be only the one want plus other regular junk you can filter). Iterating through the symbols is clumsy, but you can do it:
Returning a shared library symbol table
dlclose() to free it up (lose the stub out of your symbols)
Open the file you want with dlopen
Basically, you would invoke the compiler from your code, it would create
a .so you could look at, get the only value out, then unload that .so
so you could load in the one you want.
It's crazy.
Name mangling is implementation specific.
There is no standard for name mangling so your best bet is to find a compiler to do it for you.
Name mangling
There is a table here that may help you if you wish to do this manually
An easier method than the first posted.
Write a little C++ program like:
#include <stdlib.h>
extern int doit(const char *toto, bool is);
int main(int argc, char *argv[])
{
exit(doit (argv[0], true));
}
Build it with
# g++ -S test.cpp
And extract symbol name from assembler source
# cat test.s | grep call | grep doit | awk '{print $2}'
You get:
rcoscali#srjlx0001:/tmp/TestC++$ cat test.s | grep call | grep doit | awk '{print $2}'
_Z4doitPKcb
rcoscali#srjlx0001:/tmp/TestC++$
The doit symbol mangled is _Z4doitPKcb
Use the compiler you plan to use because each compiler have its own name mangling rules (as it has been said before from one compiler to another these rules may change).
Have fun !
If you're using g++ on x86 or ARM then you can try this one(ish)-liner:
echo "<your-type> <your-name>(<your-parameters>) {}" \
| g++ -x c++ - -o - -S -w \
| grep '^_' \
| sed 's/:$//'
g++ invokes the front-end for the cc1plusplus compiler.
g++ -x c++ says to interpret the input language as C++.
g++ -x c++ - says to get the input from the stdin (the piped echo).
g++ -x c++ - -o - says to output to the stdout (your display).
g++ -x c++ - -o - -S says to output assembler/assembly language.
g++ -x c++ - -o - -S -w says to silence all warnings from cc1plusplus.
This gives us the raw assembly code output.
For x86(_64) or ARM(v7/v8) machines, the mangled name in the assembly output will start at the beginning of a line, prefixed by an underscore (_) (typically _Z).
Notably, no other lines will begin this way, so lines beginning with an underscore are guaranteed to be a code object name.
grep '^_' says to filter the output down to only lines beginning with an underscore (_).
Now we have the mangled names (one on each line--depending on how many you echoed into g++).
However, all the names in the assembly are suffixed by a colon (:) character. We can remove it with the Stream-EDitor, sed.
sed 's/:$//' says to remove the colon (:) character at the end of each line.
Lastly, a couple of concrete examples, showing mangling and then demangling for you to use as reference (output from an x86 machine):
Example 1:
echo "int MyFunction(int x, char y) {}" \
| g++ -x c++ - -o - -S -w \
| grep '^_' \
| sed 's/:$//'
_Z10MyFunctionic # This is the output from the command pipeline
c++filt _Z10MyFunctionic
MyFunction(int, char) # This is the output from c++filt
Example 2:
echo \
"\
namespace YourSpace { int YourFunction(int, char); }
int YourSpace::YourFunction(int x, char y) {}
"\
| g++ -x c++ - -o - -S -w \
| grep '^_' \
| sed 's/:$//'
_ZN9YourSpace12YourFunctionEic # This is the output from the command pipeline
c++filt _ZN9YourSpace12YourFunctionEic
YourSpace::YourFunction(int, char) # This is the output from c++filt
I originally saw how to apply g++ to stdin in Romain Picard's article:
How To Mangle And Demangle A C++ Method Name
I think it's a good read.
Hope this helped you.
Additional Info:
Primary source: GNU <libstdc++> Manual: Chapter 28 Part 3: Demangling
Suppose you work with a codebase comprising several tools and libraries and you want to port (or resurrect) some component within such codebase but any clue about where symbols lie within the various libs is either lost or will take ages to find out by looking at the code itself (yes improved documentation can avoid such issues but is quite demanding). What is the fastest way to discover in which library you can find symbols used in the code?
Assuming a linux box, the nm tool, listing names in library files, comes to the rescue.
It can be used to do an extensive search as follows: one can first find all the libraries available (assuming the project have been successfully compiled without the component you are adding) with a find, then such find can be enclosed in a loop where you call nm on all discovered libraries; the output you then grep for discarding "U" references (undefined symbols, aka where else the symbol is being used). On a single bash line that gives:
for lib in $(find base_path -name \*.a) ; do echo $lib ; nm $lib | grep my_symbol | grep -v " U " ; done
where:
base_path is the root of your codebase
my_symbol is the symbol you are looking for
The echo generates a list of all libraries found, which is not so clean since it outputs names of libs not holding the symbol, but it was the fastest way I found to have a direct reference to the library so when you see a:
base_path/component/libA.a
0000000000000080 D my_symbol
You have found your usual suspect.
Using nm, it is possible to list the symbols defined in a binary, and the --defined-only switch ignores undefined references.
Option 1: find
In a single command:
find $path -name \*.a -exec bash -c "nm --defined-only {} 2>/dev/null | grep $symbol && echo {}" \;
where $path is the root of the file tree containing the binaries, and $symbol is the name of the symbol you are looking for.
Option 2: find + GNU parallel
Running nm on all files can take time, so it could be helpful to process the results of find in parallel (using GNU parallel):
find $path -name \*.a | parallel "nm --defined-only {} 2>/dev/null | grep $symbol && echo {}"
Option 3: fd
And at last, my favourite. Using the fd tool, that has a simpler syntax than find, is generally faster, and processes the results in parallel by default:
fd '.*\.a$' -x bash -c "nm --defined-only {} 2>/dev/null | grep $symbol && echo {}"
Simple benchmark
Searching for the gz_write symbol in /usr/lib on my laptop:
find takes around 23 seconds
find | parallel takes around 10 seconds
fd takes around 8 seconds
Using nm's --defined-only switch is helpful here since it will remove the undefined references. Below is a csh script that may be useful to others.
#!/bin/csh
#
#recurse from current dir and output name of any .a files
#that contain the desired symbol.
echo "Search for: $1"
foreach i (`find . -name '*.a'`)
nm --defined-only $i | grep $1
if ($status == 0) then
echo $i
endif
end
I have c++filt command to demangle a symbol, what is the tool to do the opposite and mangle a symbol name?
This would be useful if I were to want to call dlsym() on a mangled C++ function name. I'd rather not hard code the name mangling in the code since it could change over time due to new complier versions or new compiler brands being used or at present due to compiling for multiple platforms.
Is there a programatic way to get the string that represents a C++ function at runtime so that the code is compiler independent? One way to possibly do this would be to call a utility at compile time that performs the name mangling for the compiler being used and inserts the appropriate mangled C++ symbol name into a string for dlsym() to use.
Here is the closest to a solution I've found on this site which is accomplished by using a fixed C style name to indirect to C++ symbols that are defined in the library you wish to dlsym(), but if you do not have control over what that library provides, this is not an option.
That's how g++ mangles names. You might implement those mangling rules on your program.
Another (crazy) solution would be to list all of the symbols in the library you want to use (it's not so difficult if you understand the format), demangle them all, and search your function's name in that list. The advantage with this method is that demangling is easier, as there is a function call to do it: abi::__cxa_demangle, from cxxabi.h header.
You may be able to get what you want by looking at the symbol table
of the .so you are looking at: Someone else answered this already
Returning a shared library symbol table.
However, if there are too many symbols ... that may not work.
So here's a crazy idea. Caveat emptor!
A potential solution is to:
create a file with a stub with exactly one name: the name you want: void myfunction() { }
compile that file (with -fPIC and -shared so it's a dynamic library)
call dlopen/dlsym on that particular file
Iterate through the symbols (there should just be only the one want plus other regular junk you can filter). Iterating through the symbols is clumsy, but you can do it:
Returning a shared library symbol table
dlclose() to free it up (lose the stub out of your symbols)
Open the file you want with dlopen
Basically, you would invoke the compiler from your code, it would create
a .so you could look at, get the only value out, then unload that .so
so you could load in the one you want.
It's crazy.
Name mangling is implementation specific.
There is no standard for name mangling so your best bet is to find a compiler to do it for you.
Name mangling
There is a table here that may help you if you wish to do this manually
An easier method than the first posted.
Write a little C++ program like:
#include <stdlib.h>
extern int doit(const char *toto, bool is);
int main(int argc, char *argv[])
{
exit(doit (argv[0], true));
}
Build it with
# g++ -S test.cpp
And extract symbol name from assembler source
# cat test.s | grep call | grep doit | awk '{print $2}'
You get:
rcoscali#srjlx0001:/tmp/TestC++$ cat test.s | grep call | grep doit | awk '{print $2}'
_Z4doitPKcb
rcoscali#srjlx0001:/tmp/TestC++$
The doit symbol mangled is _Z4doitPKcb
Use the compiler you plan to use because each compiler have its own name mangling rules (as it has been said before from one compiler to another these rules may change).
Have fun !
If you're using g++ on x86 or ARM then you can try this one(ish)-liner:
echo "<your-type> <your-name>(<your-parameters>) {}" \
| g++ -x c++ - -o - -S -w \
| grep '^_' \
| sed 's/:$//'
g++ invokes the front-end for the cc1plusplus compiler.
g++ -x c++ says to interpret the input language as C++.
g++ -x c++ - says to get the input from the stdin (the piped echo).
g++ -x c++ - -o - says to output to the stdout (your display).
g++ -x c++ - -o - -S says to output assembler/assembly language.
g++ -x c++ - -o - -S -w says to silence all warnings from cc1plusplus.
This gives us the raw assembly code output.
For x86(_64) or ARM(v7/v8) machines, the mangled name in the assembly output will start at the beginning of a line, prefixed by an underscore (_) (typically _Z).
Notably, no other lines will begin this way, so lines beginning with an underscore are guaranteed to be a code object name.
grep '^_' says to filter the output down to only lines beginning with an underscore (_).
Now we have the mangled names (one on each line--depending on how many you echoed into g++).
However, all the names in the assembly are suffixed by a colon (:) character. We can remove it with the Stream-EDitor, sed.
sed 's/:$//' says to remove the colon (:) character at the end of each line.
Lastly, a couple of concrete examples, showing mangling and then demangling for you to use as reference (output from an x86 machine):
Example 1:
echo "int MyFunction(int x, char y) {}" \
| g++ -x c++ - -o - -S -w \
| grep '^_' \
| sed 's/:$//'
_Z10MyFunctionic # This is the output from the command pipeline
c++filt _Z10MyFunctionic
MyFunction(int, char) # This is the output from c++filt
Example 2:
echo \
"\
namespace YourSpace { int YourFunction(int, char); }
int YourSpace::YourFunction(int x, char y) {}
"\
| g++ -x c++ - -o - -S -w \
| grep '^_' \
| sed 's/:$//'
_ZN9YourSpace12YourFunctionEic # This is the output from the command pipeline
c++filt _ZN9YourSpace12YourFunctionEic
YourSpace::YourFunction(int, char) # This is the output from c++filt
I originally saw how to apply g++ to stdin in Romain Picard's article:
How To Mangle And Demangle A C++ Method Name
I think it's a good read.
Hope this helped you.
Additional Info:
Primary source: GNU <libstdc++> Manual: Chapter 28 Part 3: Demangling