How to find function start in stripped binary?

In a nutshell, stripping a binary means removing sections containing symbol and debug information from the file. These sections lie at the end of the binary, separate from the code. Removing this information has no bearing on the code itself, so the locations of functions in the file (their file offsets) will be the same after stripping the binary. Function addresses (their location in virtual memory), on the other hand, may either be hardcoded or position independent; it depends on how the binary was compiled (this is also unaffected by stripping symbol info).

Finding the boundaries of functions in stripped binaries is an undecidable problem, but workarounds and heuristics exist, such as a signature-based approach to function detection. Here are some examples:

1. IDA FLIRT essentially uses byte patterns to create function signatures
2. Ghidra's FunctionID feature takes mnemonic and operand type into account when hashing instructions to match functions to their well-known name
   • this is according to Willi Ballenthin's analysis
   • hashing implementation
3. JEB's disassembler creates function signatures by hashing the assembly (not binary code) of the function with a custom hashing algorithm.
4. BinaryNinja's Signature Library

Here is an interesting article on the subject: Architecture Agnostic Function Detection in Binaries