8

Background: We have a third-party vendor software for our Linux distribution that we are currently testing on lubuntu. We have the installation files and an install.sh shell script that installs the necessary binaries for the software in the correct directories.

We would like to determine which static libraries are being used internally by this software (so we can tell if they are outdated and introduce vulnerabilities in our environment).

What we have done so far: we looked at ldd but it only lists shared or dynamic libraries. Same with objdump. We used strings to look at the strings hidden in some of these binaries to see signs of library version numbers and such. But this is a very time-consuming and inefficient process for large binaries.

Question: How can we discover and list static libraries used in a software under the Linux environment?

learnerX
  • 444

1 Answers1

1

How can we discover and list static libraries used in a Linux program?

ldd <exe filename> shows dynamically linked libraries

nm <exe filename> shows the symbols in the file.

To see which symbols come from static libraries requires running nm against those libraries to get a list of the symbols (functions, etc.) in them, then comparing them to what your list of symbols from nm <exe filename>.

You compare lists with the comm command. See man comm for details.

This was taken from this forum here.

Source Get list of static libraries used in an executable, answer by DrAl

DavidPostill
  • 162,382