Why doesn't frida-trace find functions in Ubuntu/GCC binaries that it finds on MacOS/Clang compiles?

[petertorelli]

Here is a simple program:

int
fx(int a)
{
    a += 20;
    return a;
}

int
main(int argc, char *argv[])
{
    return fx(fx(10));
}

I compile this on macOS (bigSur) with Clang, and trace it:

0 ✓ [11:21:19 Fri Aug 27] ~/nobackup/frida/02
% gcc -g -O0 test.c 
0 ✓ [11:21:24 Fri Aug 27] ~/nobackup/frida/02
% frida-trace ./a.out -i 'a.out!*'
Instrumenting...                                                        
fx: Auto-generated handler at "/Users/pt/nobackup/frida/02/__handlers__/a.out/fx.js"
main: Auto-generated handler at "/Users/pt/nobackup/frida/02/__handlers__/a.out/main.js"
Started tracing 2 functions. Press Ctrl+C to stop.                      
           /* TID 0x103 */
   100 ms  main()
   100 ms     | fx()
   100 ms     | fx()
Process terminated
1 ✗ [11:21:31 Fri Aug 27] ~/nobackup/frida/02

Perfect. It created the __handler__ JavaScript and everything.

However, I do the same thing on Ubuntu with gcc, and Frida doesn't find the functions:

pt@serval:~/frida$ gcc -g -O0 test.c 
pt@serval:~/frida$ frida-trace ./a.out -i 'a.out!*'
Started tracing 0 functions. Press Ctrl+C to stop.                      
Process terminated

...but they are in the symbol table with objdump -t, and I can find them by walking the modules in the Frida JavaScript API.

What is the magic compiler switch I am missing? I tried visibility and export symbols with no luck.

[Olasergiolas]

I was also confused when I tried to do a simple Frida experiment and found this weird behavior. Let's hope someone can shed some light on this 😕.

[viva777]

Try double quotes (") instead of single quotes (')