I have a situation where a coredump (generated on a remote system) is not matching symbols in the .o file. I am suspecting this is due to ASLR. Unfortunately, I'm not sure how ASLR is supposed to work with coredumps, so I can't verify.
My logic is that because coredump dumps actual memory, the ASLR offsets must be incorporated into the corefile itself (so now, all address reference to function foo in the corefile would actually hold foo.vaddr + aslr_offset). gdb would have to know what the aslr offset is in order to translate that address back to foo. I'm not finding the where the aslr offset is stored in the corefile though. Does anyone know if such a mechanism even exists, and if it does, how it is supposed to work?
It does exist, as you can trivially verify by creating a local
coreand loading it into GDB.You can examine the
filetosegmentmapping in theNT_FILEnote. It should look like this:I am not sure that's the mechanism GDB actually uses though.