Debugging ld.so (or other lib) calls from SaBRe

File names and paths may vary depending on the environment. The following has been tested under Debian Bullseye with glibc 2.30 for x86_64.

1. Install debugging symbols for libc:

# apt install libc6-dbg

2. Get libc sources:

# apt install glibc-source

and unpack them:

# cd /usr/src/glibc && tar xf glibc-2.30.tar.xz

3. Launch SaBRe under GDB and look for ld.so in process mappings once it's been loaded:

$ gdb --args ./loader/run plugins/vstrace/libvstrace.so -- /bin/ls
[...]
(gdb) b loader.c:171 
(gdb) r
(gdb) info proc map
          Start Addr           End Addr       Size     Offset objfile
      0x7fffef979000     0x7fffef97b000     0x2000        0x0 
      0x7fffef97b000     0x7fffef97c000     0x1000        0x0 
      0x7fffef97c000     0x7fffef99e000    0x22000     0x1000 /lib/x86_64-linux-gnu/ld-2.25.so
      0x7fffef99e000     0x7fffefb9d000   0x1ff000    0x23000 /lib/x86_64-linux-gnu/ld-2.25.so
      0x7fffefb9d000     0x7fffefb9f000     0x2000    0x22000 /lib/x86_64-linux-gnu/ld-2.25.so
[...]

What we want is the start address of the mapping right before the first ld, i.e. 0x7fffef97b000. This address is the actual start of the ld file. Its first 4096 bytes are anonymous (empty objfile column) because of the use of mremap in the rewriting process.

4. Get the offset of the text section:

$ objdump -hw /lib/x86_64-linux-gnu/ld-2.25.so | grep text | awk '{print $6}'
00000aa0

5. Instruct GDB where to find symbols and source files:

(gdb) add-symbol-file /lib/x86_64-linux-gnu/ld-2.25.so 0x7fffef97b000 + 0xaa0
(gdb) dir /usr/src/glibc-2.25/elf