When working with binaries on Linux, especially for debugging, reverse engineering, or performance analysis, it's important to determine whether they contain symbol information. Symbols, such as function names, variable names, and debugging metadata, make it easier to analyze a binary. However, many production binaries are stripped to reduce size and prevent reverse engineering. A stripped binary lacks this metadata, making debugging more difficult. This tutorial explains how to check if symbols are stripped from a binary file on Linux.
To check if a binary is stripped, use the file
command. For example:
file /usr/bin/mkdir
This might return output similar to:
/usr/bin/mkdir: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=4b220cf0f1e9cc65cd2b166ff25c019513244280, for GNU/Linux 3.2.0, stripped
If you see the word "stripped" at the end of the output, it means that unneeded symbols have been removed from the binary. If the binary is not stripped, it will not include this keyword, meaning symbol information is still present.
Leave a Comment
Cancel reply