发表新帖
发表新帖

Core dump note section

前端 未结
关注
3 1023
逝去的感伤
逝去的感伤 2020-12-31 23:49

Following my question about manually generating a core dump file, I decided to dive into it and get my hands dirty.

I am able to build the basic core dump structure

相关标签:
3条回答
  • 长发绾君心
    2021-01-01 00:34

    Was having same troubles some time ago with my project of converting CRIU images into core dumps. It is fully written in python(even elf structures are in ctypes), so it could be used as a guide. See https://github.com/efiop/criu-coredump .I.e. how everything is structured could be seen here https://github.com/efiop/criu-coredump/blob/master/criu_coredump/core_dump.py .

    0 讨论(0)
  • 傲寒
    2021-01-01 00:47

    Can someone give me directions on how is structured the Notes section?

    The notes section is a concatenation of variable-sized note records. Each note record begins with ElfW(Nhdr) structure, followed by (variable sized) name (of length .n_namesz, padded so total size of name on disk is divisible by 4) and data (of length .n_descsz, similarly padded).

    0 讨论(0)
  • 无人及你
    2021-01-01 00:51

    After some tests I figured things out, answering for anyone looking for this information :

    Can someone confirm I am going the right way structuring my Elf file this way ?

    Yes.

    As GDB is accepting the file, this seems to be the right way of doing. Results shown by readelf -a show the correct structure, good so far.

    I am not sure about where should lay the data (note & program sections) into my file : is there a mandatory order, or is this my program headers offset that define where the data is ?

    Offsets given to Phdr.p_offset should point where the data lays in the Elf file. They start at the very beginning of the file.

    For example :

    The p_offset for the PT_NOTE program header should be set at sizeof(ElfW(Ehdr)) + ehdr.e_phnum*sizeof(ElfW(Phdr)). ehdr.e_phnum being the number of program header present in the Elf file.

    For the PT_LOAD program header, this is a bit longer, cause we will also have to add length of all the note sections. For a "standard" core dump with a note segment containg NT_PRSTATUS, NT_PRPSINFO and NT_AUXV sections, offset for the PT_LOAD data (Phdr.p_offset) will be :

    sizeof(ElfW(Ehdr)) + ehdr.e_phnum*sizeof(ElfW(Phdr))
+ sizeof(ElfW(Nhdr)) + sizeof(name_of_section) + sizeof(struct prstatus)
+ sizeof(ElfW(Nhdr)) + sizeof(name_of_section) + sizeof(struct prpsinfo)
+ sizeof(ElfW(Nhdr)) + sizeof(name_of_section) + sizeof(struct auxv_t)
    0 讨论(0)
 看不清?
提交回复
热议问题