How do I view external function calls in dynamically linked ELF binary in linux?

Question

I used the file command in Linux to get information about a binary file. I am also looking for the addresses that these calls are located at. I think I can get this information from GDB or objdump but I am not very good with Linux commands and programs yet so any help is much appreciated. The output from the file command is below:

ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=0x6d232dd468b2344847a4b9c81eb064ffe257d5d0, stripped

Then using the strings command I got this output (I see several C function calls but which are external ?):

/lib/ld-linux.so.2
-#mH4
__gmon_start__
libc.so.6
_IO_stdin_used
exit
strncmp
strncpy
puts
printf
malloc
atoi
__libc_start_main
GLIBC_2.0
PTRh
QVh>
UWVS
[^_]
testing
strncmp: %s;
atoi
Complete
;*2$"

Answer 1

use nm instead of strings. Undefined symbols (indicated by a U) will be resolved externally (by the libc or whatever), and T (or t) symbols are locally defined. Lowercase indicates a local symbol, uppercase a global symbol.

Of course, this assumes there's a symbol table present. In your example, it's been stripped.

In that case, you can do objdump -T file to list the external references.

Answer 2

The answer to your question is fairly easy. You can either use the nm command with the -D switch (or --dynamic), or use objdump with the -T switch. Both commands will output the dynamic symbol table entries and the libraries they originate from.