I recently compiled some C++ code using GCC 3.4.5 (it's old I know), I made a debug release so that it would include symbol info.

If I load the file into IDA Pro, I don't see the usual prompt informing me that the binary includes symbol info which you would do if if were compiled with MSVC for example.
The same is true when with OllyDbg, there are no symbols to be seen in the disassembled code view.

Hmm, I've just noticed that Olly doesn't display symbols for my test file compiled with MSVC 6 either

I've taken a look at the plethora of options and settings in both Olly and IDA which didn't help much.
Google searching didn't give me any clues either.

Is anyone able to tell me if this is because Olly and IDA don't support GCC compiled symbol data? Maybe uses a different format or something? Or indeed something else I haven't considered?

Better still, if anyone knows how to fix this or could suggest a few ideas to try that would be most appreciated.

Update #1: I tried using the object scanner tool in Olly which fails to work for some reason. I added various object files from the debug release and it is unable to find a single match. Loading the same object files into IDA the expected symbols can be seen okay.

Update #2: CFF Explorer and Lord PE shows that the Debug directory is reported as being empty even though the debug release is approximately 7 times the size of the symbol stripped release version.

Update #3: I loaded my test file into GDB and typed the following command:
maint print symbols my_symbols.txt
This should write a dump of the debugging symbol data into the filename my_symbols.txt.

The file contains no data at all would suggest that the GCC compiler switch [-g] isn't
producing debugging symbols for some reason. I'm not quite sure what else I can
try, any ideas?

Round and round I go... Okay, typing maint print msymbols my_symbols.txt
will produce a dump of current partial symbol definitons to the my_symbols.txt file.
So the symbol data is there afterall.

Here's a little snippet from the resulting file:


My thinking at this time is that this debug data must be stored in the .stab and stabstr
sections of the executable as I remember reading a reference made to the stabs-in-
COFF format when GDB reads symbol table data.

Is this likely to be the source of the problem as I had first intitially suggested? i.e., the
stab-in-COFF symbol table format is not supported by the likes of IDA or OllyDbg?
What to do?

Update #4: I've just been looking through some of the GDBs support commands and I found
that I can view all the function names by typing info functions. I'm not sure with this is symbol info or not can any clarify this for me please?


Thank you,
5aLIVE.

PS. Nice job on the new look of the forum.

Okay, I've since learned that I've been wasting my time using the GCC compiler as it doesn't support CodeView of PDB symbol formats (GCC uses the STABS format).

So I turned my attention over to using CL (Microsoft's command line optimising compiler).

I created a batch file to take handle the compiling and linking of the code. I've tried using the /Z7 and /ZI switches to produce CodeView and PDB symbols respectively. This seems to work fine with no errors being reported.

However, I am still unable to see the symbols in either Olly or IDA. I also tried loading the PDB file into IDA via File->Load file->PDB file... No symbols are added to the disassembly listing.

What could the problem be?

Try linking with:

Hi disavowed, thank you for replying.
I'm using CL (v12.00.8168) that comes with MSVC6, the linker accepts the /DEBUG switch but it doesn't recognise the /PDB switch.

I've used /Fd[my_symbols.pdb] to create my file.

Here is the format of my make file in its current form:


Aha! I just found my mistake. Corrections to lines 2 and 6 above gives symbols recognised by both IDA and OllyDbg

1. set CFLAGS=/DWIN32 /I.. /I..\foo1 /I..\foo2 /nologo
6. set LINKFLAGS=/MTd /ZI /Fdmy_symbols.pdb /nologo

Okay one question still remains, and that is how do I go about using mixed source mode debugging in Olly? Selecting View->Source or View->Source files shows empty windows at this point.

Looking in the debug directory of the debug release file using Lord PE I see that the Type is listed as CODEVIEW (2) I think I may need to change the /Z switch to either Z7 or \Zi I'm not sure.

Update #1: I tried using /Zi and /Z7 switching when linking. This doesn't change anything, I'm still unable to view the source in Olly. Lord PE shows the debug directory as CodeView regardless of which /Z switch I used so it would appear to have no effect.

I searched this forum some more and I found reply from Blabberer with a list of things to check through.
Here is the link ("http://www.woodmann.com/forum/showthread.php?10425-Source-File&p=68282&viewfull=1#post68282")

I've satisfied all the relevant entires in the check list (no changes made), I can't see any reason why I can 't view the source.

Update #2: I am now able to view the source code in Olly I did this by creating a project using the Visual C++ IDE and then setting the active configuration to debug.

I'd still like to be able to achieve the same result by running a batch file at the command line if this is possible.

Can anyone help me with this please? Thank you.

Well, disavowed (thank you) gave me the answer I was looking for although I didn't realise it at the time.

This thread ("http://www.woodmann.com/forum/showthread.php?8421") provided the clue I needed to get the symbols working properly in OllyDbg.

PS. Does anyone know what happened to Blabberer? His knowledge and help is greatly missed.

He still visits the forum from time to time, maybe this questioning will summon him !

well i am flattered to know i'm being missed and flattered more to know that i'm being summoned too

thanks a lot

and hope i could get bit more active