Essential Linux Tools for Binary Analysis, Debugging, and Performance Profiling

Overview

This guide collects essential Linux command‑line utilities for inspecting compiled binaries, debugging running programs, profiling performance, and obtaining system information.

Compile‑time tools

nm – Symbol table

-C Demangle C++ symbols

-A Show source file for each symbol

-a List all symbols, including debug symbols

-l Display source line numbers (requires debug info)

-n Sort by address

-u Show only undefined symbols

strings – Extract printable strings

Useful for locating hard‑coded keys, secrets, or version strings.

-a Scan the entire file, not just initialized sections

-f Prefix each string with the file name

-n min‑len Print strings at least min‑len characters long (default 4)

# strings /lib/tls/libc.so.6 | grep GLIBC
GLIBC_2.0
GLIBC_2.1
GLIBC_2.1.1
…

strip – Remove symbols

Reduces executable size after debugging; also makes reverse engineering harder.

readelf – ELF inspection

Displays detailed information about ELF files.

-a All information

-h File header

-l Program headers and segment layout

-S Section details

-s Symbol table

-r Relocation entries

-u Unwind information

-d Dynamic section

objdump – Disassembly

objdump -S <em>exe</em>

Attempts to reconstruct source when the binary was compiled with -g.

addr2line – Address to source line

Given a crash address, reports the corresponding file and line (requires debug symbols). # addr2line -e <em>exe</em> <em>addr</em> -a Show address before function name

-b Specify binary format

-C Demangle C++ symbols

-e Specify executable

-f Show function name

-s Show basename only

-i Expand inline functions

-j Offset relative to a section

-p One‑line per address

Runtime tools

gdb – Interactive debugger

Full‑featured source‑level debugging.

ldd – List shared‑library dependencies

# ldd /bin/ls

Shows required libraries and the actual files loaded.

strace – Trace system calls

-p pid Attach to a running process

-c Summary of call counts

-T Display time spent in each call

-t / -tt / -ttt Timestamp formats

-f / -F Follow forked children

-o file Write output to a file

-e expr Filter traced calls (e.g., -e open)

ltrace – Trace library calls

Options are analogous to strace.

time – Measure execution time

# time ps aux | grep 'hi'

Reports real, user, and sys time (tracks only the parent process).

gprof – Profile user‑mode functions

Compile with -pg, run the program to generate gmon.out, then analyse: # gprof exec gmon.out > profile.txt The program must exit normally for accurate data.

valgrind – Detect memory errors

Install from the official site and run:

# valgrind --tool=memcheck --leak-check=full ./test

Detects heap overruns and leaks (does not check stack or static objects).

Example program (angle brackets escaped):

#include <stdlib.h>
void f(void) {
  int *x = malloc(10 * sizeof(int));
  x[10] = 0; // overflow
}
int main(void) {
  f();
  return 0;
}

mtrace – glibc memory tracing

Enable by setting MALLOC_TRACE and calling mtrace() in the program.

#include <stdio.h>
#include <stdlib.h>
int main(void) {
  setenv("MALLOC_TRACE", "./memleak.log", 1);
  mtrace();
  int *p = malloc(1000);
  return 0;
}

Run the program, then invoke:

# mtrace ./test ./memleak.log

oprofile – CPU usage profiling

Typical workflow:

opcontrol --init Load the oprofile kernel module

opcontrol --start Begin sampling

opcontrol --dump Write collected data to disk

opreport -l Display results per function

# opreport

Proc filesystem

A virtual filesystem exposing kernel and process information. Frequently used entries:

/proc/cpuinfo CPU details

/proc/meminfo Memory usage

/proc/uptime System uptime

/proc/ pid /status Process status

/proc/ pid /fd Open file descriptors

/proc/ pid /exe Executable path

System logs

Common log files under /var/log/:

messages General system messages

auth.log Authentication events

daemon.log Daemon activity

boot.log Boot sequence

cron Scheduled jobs

lastlog Last login records