Is it possible to debug core file generated by a executable compiled without gdb flag?
Yes you can. It will not be easy though. I will give you an example.
Lets say that I have the following program called foo.c:
main(){ *((char *) 0) = '\0';}I'll compile it and make sure that there is no symbols:
$ cc foo.c$ strip a.out$ file a.outa.out: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, strippedOk, time to run it:
$ ./a.outSegmentation fault (core dumped)Oops. There seems to be a bug. Let's start a debugger:
$ gdb ./a.out core[..]Reading symbols from /tmp/a.out...(no debugging symbols found)...done.[..]Core was generated by `./a.out'.Program terminated with signal 11, Segmentation fault.#0 0x0804839c in ?? ()(gdb) bt#0 0x0804839c in ?? ()#1 0xb7724e37 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6#2 0x08048301 in ?? ()Hmm, looks bad. No symbols. Can we figure out what happened?
(gdb) x/i $eip=> 0x804839c: movb $0x0,(%eax)Looks like it tried to store a byte with a value of zero to the memory location pointed by the EAX register. Why did it fail?
(gdb) p $eax$1 = 0(gdb)It failed because the EAX register is pointing to a memory address zero and it tried to store a byte at that address. Oops!
Unfortunately I do not have pointers to any good tutorials. Searching for "gdb reverse engineering" gives some links which have potentially helpful bits and pieces.
Update:
I noticed the comment that this is about debugging a core dump at a customer. When you ship stripped binaries to a customer, you should always keep a debug version of that binary.
I would recommend not stripping and even giving the source code though. All code that I write goes to a customer with the source code. I have been on the customer side too many times facing an incompetent vendor which has shipped a broken piece of software but does not know how to fix it. It sucks.
This seems to be actually a duplicate of this question:
Debug core file with no symbols
There is some additional info there.
Yes, you can, this is what people who i.e. write cracks are doing,unfortunately i don't have the slides and documents of a course i followed at university anymore, but googling for reverse engineering or disassembly tutorials will give you some starting points. Also knowing your way around in assembly code is essential.
Our class was based on a book mainly chapter 1 & 3 but there is a new edition out now
Computer Systems: A programmer's perspective by R.E. Bryant and D.R. O'Hallaron
which explains the basics behind computer systems and also gives you good knowledge of the working of programs in systems.
Also when learning this be aware that 64bit cpus have different assembly code than 32bit cpu's, just in case.
If the program is compiled without -g flag,you cannot debug core file.
Otherwise you can do so as:gdb executable corefile
More you can find at:http://wwwpub.zih.tu-dresden.de/~mlieber/practical_debugging/04_gdb.pdf