GDB put breakpoint at very first instruction

Question

When i type:

gdb mybinary

mybinary is a PIE executatable (Position indépendant Code).

i get a gdb prompt. The binary is not fully loaded in memory. Why do i say that ? This is because we do not know at this step what is the address of main entry point.

It is sometimes possible to type disassemble main, but i my case, the binary do not contains debugging informations.

If a type "run", the loader loads the program in memory and the program runs.

What should i do to force gdb to just run the loader and break on the first instruction in main. Is it possible ?

Thanks

Possible duplicate of [Stopping at the first machine code instruction in GDB](https://stackoverflow.com/questions/10483544/stopping-at-the-first-machine-code-instruction-in-gdb) — ks1322, Mar 27 '18 at 09:00

score 2 · Accepted Answer · answered Mar 28 '18 at 05:22

Is it possible

Sure. Here is one way to do it:

$ echo "int main() { return 0; }" | gcc -xc -
$ gdb -q ./a.out
Reading symbols from ./a.out...(no debugging symbols found)...done.
(gdb) x/i &main
   0x5fa <main>:    push   %rbp

Note that this is a PIE binary, and it has not been relocated yet (no code will ever execute at address 0x5fa on a Linux system).

(gdb) set stop-on-solib-events 1
(gdb) run
Starting program: /tmp/a.out
Stopped due to shared library event (no libraries added or removed)
(gdb) x/i &main
   0x5555555545fa <main>:   push   %rbp

You can now see that the binary has been relocated, and can set a breakpoint on main.

(gdb) b main
Breakpoint 1 at 0x5555555545fe
(gdb) c
Continuing.
Stopped due to shared library event:
  Inferior loaded /lib/x86_64-linux-gnu/libc.so.6
(gdb) c
Continuing.

Breakpoint 1, 0x00005555555545fe in main ()

Voilà.

@Bob5421 Code that performs dynamic relocations is in the dynamic loader: `ld-linux.so.2`. — Employed Russian, Mar 28 '18 at 14:05

score 0 · Answer 2 · answered Dec 28 '20 at 09:52

In modern GDB, start sets a temporary breakpoint in main and runs. That command was added in the past couple years, perhaps because of PIE executables becoming widespread.

start does work for PIE executables, avoiding the problem of main's real address not being known until after run, as long as main is in their symbol table so GDB can find it by name.

If not, you can only use starti to stop before running any user-space instructions at all, like your question title indicates. (Or perhaps @Employed Russian's suggestion of set stop-on-solib-events 1 can help you stop somewhere somewhat interesting even in a stripped binary.)

GDB put breakpoint at very first instruction

2 Answers2