1

I have a couple C programs that I basically want to disassemble. I was using objdump, but I realized that is static disassembly. Is there anyway to get the full assembly-level trace of the program of the instructions executed in order? I am running on x86-64.

apk190000
  • 65
  • 7
  • 5
    That's the purpose of a debugger. – Thomas Jager Aug 06 '20 at 20:38
  • or a simulator. – old_timer Aug 06 '20 at 20:40
  • 2
    as soon as you hit a conditional branch (that relies on something outside the program) then your execution order disassembly ends – old_timer Aug 06 '20 at 20:41
  • 1
    Wait, you don't want a call stack backtrace, you want every instruction in execution order? Your tags and title are using terminology that matches GDB's `bt` command. But what you actually want is an execution trace, not just the stack. Please [edit] your question to remove the "stack" stuff if that's not what you want. – Peter Cordes Aug 06 '20 at 20:42
  • For a full dynamic-order trace, tools like Intel SDE or other dynamic instrumentation tools, or a debugger, or possibly `perf` with intel-pt to record this with HW support for less overhead, if you have a CPU that supports that. – Peter Cordes Aug 06 '20 at 20:44
  • the tools can only do so much for you, debuggers can affect how the program runs, hiding the real bug. Or are otherwise misleading. Modifying the program to help the tools can hide the bug or move it. At the end of the day you often have to read the code and find the bug visually. You have not specified the architecture, also understanding that for variable length instruction sets like x86 you cant rely on the disassembler to provide a correct disassembly. – old_timer Aug 06 '20 at 20:45
  • 1
    I edited my question to remove the stack stuff. Yes, I basically just want the assembly execution instructions in order. If I have to simulate them or use a debugger, is there a way to dump that information to a file? – apk190000 Aug 06 '20 at 20:48
  • I have used 'gdb where' a lot, on production core dumps in a cron script that emailed me the result, and it is good on code test runs, too. https://condor.depaul.edu/glancast/373class/docs/gdb.html – David G. Pickett Aug 06 '20 at 20:48
  • [Gdb process record/replay execution log](https://stackoverflow.com/q/5515216) mentions GDB's `record save filename` command – Peter Cordes Aug 06 '20 at 20:49
  • 1
    [How to run record instruction-history and function-call-history in GDB?](https://stackoverflow.com/q/22507169) has some details about GDB using hardware support like intel-pt, instead of slowly single-stepping each instruction. – Peter Cordes Aug 06 '20 at 20:51
  • Multithreaded apps could be problematic.....:) – Martin James Aug 06 '20 at 21:05
  • Many apps run for years. Trace file may get large.... – Martin James Aug 06 '20 at 21:07
  • You may want to take a look at PIN (https://software.intel.com/content/www/us/en/develop/articles/pin-a-dynamic-binary-instrumentation-tool.html) or DynamoRIO (https://dynamorio.org/). I believe either tool can dump instructions during an execution. You may need to write the tool do perform the exact instrumentation – thurizas Aug 06 '20 at 21:55
  • Yes, I am specifically looking for a program that just takes in my executable and spits out the full unrolled execution trace in a file. I haven't had much lucky trying gdb or perf with intel-pt. I am trying PIN now, but it just seems to be running forever. If there's not a straightforward way to get the execution trace, I'll have to stick with objdump. – apk190000 Aug 06 '20 at 22:15
  • Traces are huge and slow to generate (especially just single-stepping with a debugger); most programs include loops. Test on a very simple statically-linked program that just exits. – Peter Cordes Aug 06 '20 at 22:51

1 Answers1

1

Is there a way to retrieve the full stack trace/execution trace of a C program at the assembly level?

The call stack might not even exist. Some C implementations could (in some simple cases) inline every function call and work in registers (but Rice's theorem shows that this is not always possible). That might happen with a recent GCC doing whole-program link-time optimizations (e.g. invoked with gcc -O3 -flto -fwhole-program for both compilation and linking steps)

However, if you use Linux/x86-64 and if you want to retrieve at runtime the call stack, consider using Ian Taylor's libbacktrace. It is part of some recent GCC compilers.

Is there anyway to get the full assembly-level trace of the program of the instructions executed in order?

Alternatively, use and/or patch some processor emulator like Qemu.

Basile Starynkevitch
  • 223,805
  • 18
  • 296
  • 547