5

How can I identify the entry point of an executable in LLDB?

In GDB, we can use the info file command, but that won't work in LLDB.

Can anyone show me how to do that?

hippietrail
  • 515
  • 4
  • 17
PSN
  • 153
  • 6

1 Answers1

8

You can make use of the command

(lldb) process launch --stop-at-entry

to start the program. This stops you right at the entry point. From there lldb will tell you the address as well, in case this is what you are interested in.

If instead you were interested in the actual main function, and not the entry point, you should have a look at the related question lldb: break at start of actual code, not entrypoint

Community
  • 1
Andrea Alberti
  • 96
  • 1
  • 4
  • 1
    What is the difference between --stop-at-entry and breaking at __libc_start_main? – JAL Nov 22 '16 at 05:13
  • @JAL: see https://reverseengineering.stackexchange.com/a/19572/60. BTW, __libc_start_main is not used on OS X (it's a glibc thing) – Igor Skochinsky Oct 18 '18 at 20:20