gdb - Core dump note section -

-

following question manually generating core dump file, decided dive , hands dirty.

i able build basic core dump structure , dead program's memory core dump within big load section. when debugging in gdb, variables back, no problem that. here comes tricky part, how gdb retrieve information program when crashed.

i know note section of core dump contains information (cpu registers among others). here objdump -h gives "real" core dump :

core.28339:     file format elf32-i386  sections: idx name          size      vma       lma       file off  algn   0 note0         000001e8  00000000  00000000  000000f4  2**0                   contents, readonly   1 .reg/28339    00000044  00000000  00000000  00000150  2**2                   contents   2 .reg          00000044  00000000  00000000  00000150  2**2               contents   3 .auxv         000000a0  00000000  00000000  0000023c  2**2               contents   4 load1a        00001000  08010000  00000000  00001000  2**12               contents, alloc, load, readonly, code   .. other load sections ...

i figured out readelf .reg sections contain data mapped structures :

notes @ offset 0x000000f4 length 0x000001e8:   owner     data size   description   core      0x00000090  nt_prstatus (prstatus structure)   core      0x0000007c  nt_prpsinfo (prpsinfo structure)   core      0x000000a0  nt_auxv (auxiliary vector)

can give me directions on how structured notes section ? tried writing directly structures file, did not work , missing here. looked @ google coredumper code , took bits of it, writing note section not simple , detailed information contains , format welcomed.

edit #1 : following 1st comment

i figured out elf file should structured follows :

  • elf header elfw(ehdr)
  • program headers (ehdr.e_phnum times elfw(phdr)), here used 1 pt_note , 1 pt_load headers
  • note sections :
    • section's header (elfw(nhdr))
    • section's name (.n_namesz long)
    • section's data (.n_descsz long)
  • program section containing program's memory

then have put 3 note records, 1 prstatus, 1 prpsinfo , 1 auxiliary vector.

this seems right way readelf gives me similar output got above real core dump.

edit #2 : after getting correct structure

i struggling different structures composing note records.

here when running eu-readelf --notes on core dump :

note segment of 540 bytes @ offset 0x74:   owner          data size  type   core                 336  prstatus   core                 136  prpsinfo   core                   8  auxv     null

here when running same command on real core dump :

note segment of 488 bytes @ offset 0xf4:   owner          data size  type   core                 144  prstatus     info.si_signo: 11, info.si_code: 0, info.si_errno: 0, cursig: 11     sigpend: <>     sighold: <>     pid: 28339, ppid: 41446, pgrp: 28339, sid: 41446     utime: 0.000000, stime: 0.000000, cutime: 0.000000, cstime: 0.000000     orig_eax: -1, fpvalid: 0     ebx:             -1  ecx:              0  edx:              0     esi:              0  edi:              0  ebp:     0xffb9fcbc     eax:             -1  eip:     0x08014b26  eflags:  0x00010286     esp:     0xffb9fcb4     ds: 0x002b  es: 0x002b  fs: 0x0000  gs: 0x0000  cs: 0x0023  ss: 0x002b   core                 124  prpsinfo     state: 0, sname: r, zomb: 0, nice: 0, flag: 0x00400400     uid: 9432, gid: 6246, pid: 28339, ppid: 41446, pgrp: 28339, sid: 41446     fname: pikeos_app, psargs: ./pikeos_app    core                 160  auxv     sysinfo: 0xf7768420     sysinfo_ehdr: 0xf7768000     hwcap: 0xbfebfbff  <fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe>     pagesz: 4096     clktck: 100     phdr: 0x8010034     phent: 32     phnum: 2     base: 0     flags: 0     entry: 0x80100be     uid: 9432     euid: 9432     gid: 6246     egid: 6246     secure: 0     random: 0xffb9ffab     execfn: 0xffba1feb     platform: 0xffb9ffbb     null

does have clue or explanations why note records not read ? thought might due incorrect offsets, why records correctly listed ?

thanks !

can give me directions on how structured notes section?

the notes section concatenation of variable-sized note records. each note record begins elfw(nhdr) structure, followed (variable sized) name (of length .n_namesz, padded total size of name on disk divisible 4) , data (of length .n_descsz, padded).


Comments

Post a Comment

Popular posts from this blog

c++ - Creating new partition disk winapi -

-
i'am trying create new partition , mount volume new, thought createfile let me this, code : lpctstr lpfilename=l"\\\\.\\device\\harddisk0\\partition3"; handle handl=createfile( lpfilename, generic_read | generic_write, file_share_read | file_share_write, null, create_always, file_attribute_normal, null ); if (handl==invalid_handle_value) { qdebug()<<"handl invalid"<<" error"<<getlasterror();} bool success = definedosdevice(ddd_raw_target_path,l"i:",l"\\device\\harddisk0\\partition3"); if(!success) qdebug()<<" definedosdevice failed "<<getlasterror(); bflag = getvolumenameforvolumemountpoint( l"i:\\", // input volume mount point or directory /** u in dir
Read more

Android Prevent Bluetooth Pairing Dialog -

-
i'm developing internal application uses bluetooth printing. want bluetooth pairing occur without user input. have managed working trapping android.bluetooth.device.action.pairing_request broadcast. in broadcast receiver call setpin method, , pairing works ok, bluetoothpairingdialog displayed second or two, disappears - see link below. https://github.com/android/platform_packages_apps_settings/blob/master/src/com/android/settings/bluetooth/bluetoothpairingdialog.java since broadcast non-ordered, can't call abortbroadcast() , , wondering if there other way prevent pairing dialog appearing. can hook window manager in way? i haven't been able come way without modifying sdk. if you're oem, it's easy (i'm on 4.3): in packages/apps/settings/androidmanifest.xml, comment intent filter pairing dialog: <activity android:name=".bluetooth.bluetoothpairingdialog" android:label="@string/bluetooth_pairing_request"
Read more

VBA function to include CDATA -

-
i have following function include cdata: function cdatasection() dim objdom domdocument dim objkmlrootelement ikmldomelement dim objkmlelement ikmldomelement dim cdata ikmldomcdatasection set objdom = new domdocument set objkmlrootelement = objdom.createelement("balloonstyle") objdom.appendchild objkmlrootelement set objkmlelement = objdom.createelement("text") objkmlrootelement.appendchild objkmlelement set cdata = objdom.createcdatasection("text") cdata.data = "<![cdata[<b>latitude = $[latitude]</b>?]]>;" end function when run above, getting error "user defined data type not found" function. yes ripster says find library reference. vba window tools>references for list of relevant references see... http://msdn.microsoft.com/en-us/library/windows/desktop/ms763701%28v=vs.85%29.aspx however, if have hard time tracking down reference, replace dim sta
Read more