Recently, I had to use GDB for some debugging and profiling on a binary that was stripped. Impossible, you say! Actually, not so much. It's just a bit harder.

For the purposes of my project, I wanted to know how many instructions are being executed. Doing this with GDB is both a bit tricky and fun. Essentially, you have to use the start , stepi , and a loop. start is actually important because unlike run , it automatically breaks on main() .

This sounds nice and easy but what happens when the binary is stripped? Since no symbols are available, start isn't going to work. To get around this, there are a couple of tricks we can use. One options is to use objdump -h . The output will tell us the starting address (i.e. entry point) of the .text section. Another option is to use GDB's info files command. This will explicitly give us the entry point address which we can use as a breaking point (i.e. b *[entry_point_address]; run; ).

As a disclaimer, I know that there are a number of other options for counting instructions such as perf, pin, valgrind's callgrind, and many others, which all could have been used to do this.