Search code examples
xcodegccobfuscationsymbols

Symbol hiding in static libraries built with Xcode

I'm trying to figure out whether I can build a static library that hides all of its internal objects and functions, etc, except for the interfaces I want to export. I'm experimenting with Xcode (gcc 4.2).

I've used the __attribute__((visibility("hidden"))) attribute on some C++ classes per this documentation. I've also defined little helper C functions as being file-local (static), etc.

However, when I run strings on the resulting .a library file, even when compiled in Release configuration, I still see the names of my ostensibly-hidden classes, with their method names, and even the names of file-local functions strewn around in there as well.

I've added the -fvisibility=hidden and even -fno-rtti to the gcc flags. While this reduces some of the strings, the class names, method names, and static functions names are all still in there in plain or mangled-but-readable form.

Is there a reliable way to get the compiler to build this stuff without having the string names of all the internal stuff emitted into the binary? It shouldn't be necessary to have for any external clients linking in.

(To clarify: I'm asking about obfuscation of internal naming, versus literal export binding needs. I'm disconcerted that all the internal workings are visible via the strings command, regardless of whether these symbols are formally exported or not.)

Thanks.

Solution

  • Hiding internal names requires a few simple Xcode build settings, and it is not generally necessary to modify source or change the type of the built product.

    1. Eliminate any internal symbols required between modules by performing a single-object prelink. Set the Xcode build setting named "Perform Single-Object Prelink" to Yes (GENERATE_MASTER_OBJECT_FILE=YES). This causes ld to be run with the -r flag.
    2. Make sure that the setting "Strip Style" is set to "Non-global symbols" (STRIP_STYLE=non-global), this passes -x to ld.
    3. Stripping is only actually performed on static libraries if post-processing is enabled (and this is not the default). Set Xcode build setting "Deployment Postprocessing" to yes. (DEPLOYMENT_POSTPROCESSING=YES). Also make sure that "Use separate strip" is set to Yes (not always the default) (SEPARATE_STRIP=YES).
    4. If, in addition to local symbols, if you need to remove some of the global symbols you can supply the -unexported_symbols_list file command (where file is the path to a text file of symbols to remove, one per line) or the -unexported_symbol symbol command (where symbol is a single symbol name to remove) to the single-object prelink step using the Xcode build setting "Single-Object Prelink Flags" (i.e. PRELINK_FLAGS). Don't forget to use the decorated symbol name; for example the symbol for a C function will be the function name prefixed with the _ character.
      (Alternately, this can also be done using additional options to the strip command, under the Xcode build setting "Additional strip flags", e.g. -R file option which has the same effect as ld's unexported_symbols_list option).