Difference Between a Stripped Binary and a Non Stripped Binary in Linux

Difference between a stripped binary and a non stripped binary in Linux

Although you have found your answer from the Google. Just putting that , non-stripped binaries have debugging information built into it. So if you compile an executable with gcc's -g flag, it contains debugging information. Whereas Strip binaries generally remove this debugging information from the exe which is not necessary for execution so as to reduce the size of the exe.

why is binary compiled with gcc not stripped by default

AFAIK Once the binary is stripped you wont be able to get the stripped information back until or unless you regenerate the binary. stripping is useful when you have memory constraints to look after. This might be the reason strip is not enabled by default in GCC.

gcc -g vs not -g and strip vs not strip, performance and memory usage?

The ELF loader loads segments, not sections; the mapping from sections to segments is determined by the linker script used for building the executable.

The default linker script does not map debug sections to any segment, so this is omitted.

Symbol information comes in two flavours: static symbols are processed out-of-band and never stored as section data; dynamic symbol tables are generated by the linker and added to a special segment that is loaded along with the executable, as it needs to be accessible to the dynamic linker. The strip command only removes the static symbols, which are never referenced in a segment anyway.

So, you can use full debug information through the entire process, and this will not affect the size of the executable image in RAM, as it is not loaded. This also means that the information is not included in core dumps, so this does not give you any benefit here either.

The objcopy utility has a special option to copy only the debug information, so you can generate a second ELF file containing this information and use stripped binaries; when analyzing the core dump, you can then load both files into the debugger:

objcopy --only-keep-debug myprogram myprogram.debug
strip myprogram

Why a stripped binary file can still have library call information in the disassembled file?

ELF file has 2 symbol tables: .symtab and .dynsym. The latter is for dynamic symbols needed for dynamic linking (relocation).
In your case, printf is in .dynsym and it may also be present in .symtab; by default strip would remove .symtab but not .dynsym which is needed for relocation.

You may try

strip -R .dynsym your_binary

to remove the dynsym section manually and you will find it fails to run due to relocation failure.

What is the difference between gcc -s and a strip command?

gcc being a compiler/linker, its -s option is something done while linking. It's also not configurable - it has a set of information which it removes, no more no less.

strip is something which can be run on an object file which is already compiled. It also has a variety of command-line options which you can use to configure which information will be removed. For example, -g strips only the debug information which gcc -g adds.

Note that strip is not a bash command, though you may be running it from a bash shell. It is a command totally separate from bash, part of the GNU binary utilities suite.

gcc -O2 is smaller then gcc -O2 -g followed by strip --strip-all

The difference is from the debug code.

For an 1.7 MB executable you are probably using a library or two. Usually they have something like:

#ifdef _DEBUG
    // some debug code
#endif

Also common practice for big projects, so some of it may be your code as well.

strip removes only the symbols. The debug code stays.

Return Oriented Programming Stripped Binaries

https://security.stackexchange.com/questions/20497/stack-overflows-defeating-canaries-aslr-dep-nx
maybe this? also I think this question is more suitable for reverse-engineering exchange or security exchange

Difference Between a Stripped Binary and a Non Stripped Binary in Linux