Dwarf Debugging Information

References:

Machine code -> source code file, function name, and line numbers

DWARF sections

.debug sections, and all the sections begin with .debug:

  • .debug_info
  • .debug_loc
  • .debug_frame

DWARF Format

DWARF: Debugging Information Entry(DIE). Each DIE has a tag – its type, and a set of attributes. DIEs are interlinked via sibling and child links, and value of attributes can point at other DIEs.

.debug_info section. objdump --dwarf=info <binary-file>

DWARF for Functions:

  • Entry tag DW_TAG_subprogram stores the debug info is for a certain function.
  • Attribute DW_AT_low_pc is the program counter (EIP in x86) value for the beginning of the function.
  • Attribute DW_AT_frame_base stores the frame base address for the function.
    • it can be 0x0 (location list), meaning the frame address is stored in the location list section .debug_loc
    • Entry in .debug_loc, such as `

DWARF for Variables:

  • Entry tag DW_TAG_variable, stores the debug info for a variable
  • Attribute DW_AT_type points to another Entry tag, which stores the type information
  • Attribute DW_AT_location stores information how to find the variable in memory. For example, DW_OP_fbreg: -20 means the variable is stored at offset -20 from the DW_AT_frame_base attribute of its containing function.
Created Jul 17, 2020 // Last Updated Jul 28, 2020

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?