17 FILE_RCSID("@(#)$Id: readelf.c,v 1.17 2000/08/05 19:00:12 christos Exp $")
21 static void dophn_core __P((int, int, int, off_t, int, size_t));
23 static void dophn_exec __P((int, int, int, off_t, int, size_t));
24 static void doshn __P((int, int, int, off_t, int, size_t));
26 static uint16_t getu16 __P((int, int));
27 static uint32_t getu32 __P((int, uint32_t));
28 static uint64_t getu64 __P((int, uint64_t));
43 retval.c[0] = tmpval.c[1];
44 retval.c[1] = tmpval.c[0];
64 retval.c[0] = tmpval.c[3];
65 retval.c[1] = tmpval.c[2];
66 retval.c[2] = tmpval.c[1];
67 retval.c[3] = tmpval.c[0];
87 retval.c[0] = tmpval.c[7];
88 retval.c[1] = tmpval.c[6];
89 retval.c[2] = tmpval.c[5];
90 retval.c[3] = tmpval.c[4];
91 retval.c[4] = tmpval.c[3];
92 retval.c[5] = tmpval.c[2];
93 retval.c[6] = tmpval.c[1];
94 retval.c[7] = tmpval.c[0];
101 #define sh_addr (class == ELFCLASS32 \
104 #define shs_type (class == ELFCLASS32 \
105 ? getu32(swap, sh32.sh_type) \
106 : getu32(swap, sh64.sh_type))
107 #define ph_addr (class == ELFCLASS32 \
110 #define ph_type (class == ELFCLASS32 \
111 ? getu32(swap, ph32.p_type) \
112 : getu32(swap, ph64.p_type))
113 #define ph_offset (class == ELFCLASS32 \
114 ? getu32(swap, ph32.p_offset) \
115 : getu64(swap, ph64.p_offset))
116 #define nh_size (class == ELFCLASS32 \
119 #define nh_type (class == ELFCLASS32 \
120 ? getu32(swap, nh32->n_type) \
121 : getu32(swap, nh64->n_type))
122 #define nh_namesz (class == ELFCLASS32 \
123 ? getu32(swap, nh32->n_namesz) \
124 : getu32(swap, nh64->n_namesz))
125 #define nh_descsz (class == ELFCLASS32 \
126 ? getu32(swap, nh32->n_descsz) \
127 : getu32(swap, nh64->n_descsz))
128 #define prpsoffsets(i) (class == ELFCLASS32 \
133 doshn(class, swap, fd, off, num, size)
144 if (lseek(fd, off, SEEK_SET) == -1)
145 error("lseek failed (%s).\n", strerror(errno));
147 for ( ; num; num--) {
148 if (read(fd, sh_addr, size) == -1)
149 error("read failed (%s).\n", strerror(errno));
150 if (shs_type == SHT_SYMTAB /* || shs_type == SHT_DYNSYM */) {
151 (void) printf (", not stripped");
155 (void) printf (", stripped");
159 * Look through the program headers of an executable image, searching
160 * for a PT_INTERP section; if one is found, it's dynamically linked,
161 * otherwise it's statically linked.
164 dophn_exec(class, swap, fd, off, num, size)
174 char *linking_style = "statically";
175 char *shared_libraries = "";
177 if (lseek(fd, off, SEEK_SET) == -1)
178 error("lseek failed (%s).\n", strerror(errno));
180 for ( ; num; num--) {
181 if (read(fd, ph_addr, size) == -1)
182 error("read failed (%s).\n", strerror(errno));
186 linking_style = "dynamically";
189 shared_libraries = " (uses shared libs)";
193 printf(", %s linked%s", linking_style, shared_libraries);
197 size_t prpsoffsets32[] = {
199 28, /* Linux 2.0.36 */
200 32, /* Linux (I forget which kernel version) */
204 size_t prpsoffsets64[] = {
205 120, /* SunOS 5.x, 64-bit */
208 #define NOFFSETS32 (sizeof prpsoffsets32 / sizeof prpsoffsets32[0])
209 #define NOFFSETS64 (sizeof prpsoffsets64 / sizeof prpsoffsets64[0])
211 #define NOFFSETS (class == ELFCLASS32 ? NOFFSETS32 : NOFFSETS64)
214 * Look through the program headers of an executable image, searching
215 * for a PT_NOTE section of type NT_PRPSINFO, with a name "CORE" or
216 * "FreeBSD"; if one is found, try looking in various places in its
217 * contents for a 16-character string containing only printable
218 * characters - if found, that string should be the name of the program
219 * that dropped core. Note: right after that 16-character string is,
220 * at least in SunOS 5.x (and possibly other SVR4-flavored systems) and
221 * Linux, a longer string (80 characters, in 5.x, probably other
222 * SVR4-flavored systems, and Linux) containing the start of the
223 * command line for that program.
225 * The signal number probably appears in a section of type NT_PRSTATUS,
226 * but that's also rather OS-dependent, in ways that are harder to
227 * dissect with heuristics, so I'm not bothering with the signal number.
228 * (I suppose the signal number could be of interest in situations where
229 * you don't have the binary of the program that dropped core; if you
230 * *do* have that binary, the debugger will probably tell you what
234 dophn_core(class, swap, fd, off, num, size)
246 size_t offset, nameoffset, noffset, reloffset;
254 * Loop through all the program headers.
256 for ( ; num; num--) {
257 if (lseek(fd, off, SEEK_SET) == -1)
258 error("lseek failed (%s).\n", strerror(errno));
259 if (read(fd, ph_addr, size) == -1)
260 error("read failed (%s).\n", strerror(errno));
262 if (ph_type != PT_NOTE)
266 * This is a PT_NOTE section; loop through all the notes
269 if (lseek(fd, (off_t) ph_offset, SEEK_SET) == -1)
270 error("lseek failed (%s).\n", strerror(errno));
271 bufsize = read(fd, nbuf, BUFSIZ);
273 error(": " "read failed (%s).\n", strerror(errno));
276 if (offset >= bufsize)
278 if (class == ELFCLASS32)
279 nh32 = (Elf32_Nhdr *)&nbuf[offset];
281 nh64 = (Elf64_Nhdr *)&nbuf[offset];
285 * Check whether this note has the name "CORE" or
288 if (offset + nh_namesz >= bufsize) {
290 * We're past the end of the buffer.
297 offset = ((offset + 3)/4)*4;
300 * Sigh. The 2.0.36 kernel in Debian 2.1, at
301 * least, doesn't correctly implement name
302 * sections, in core dumps, as specified by
303 * the "Program Linking" section of "UNIX(R) System
304 * V Release 4 Programmer's Guide: ANSI C and
305 * Programming Support Tools", because my copy
306 * clearly says "The first 'namesz' bytes in 'name'
307 * contain a *null-terminated* [emphasis mine]
308 * character representation of the entry's owner
309 * or originator", but the 2.0.36 kernel code
310 * doesn't include the terminating null in the
313 if ((nh_namesz == 4 &&
314 strncmp(&nbuf[nameoffset], "CORE", 4) == 0) ||
316 strcmp(&nbuf[nameoffset], "CORE") == 0))
318 else if ((nh_namesz == 8 &&
319 strcmp(&nbuf[nameoffset], "FreeBSD") == 0))
323 if (nh_type == NT_PRPSINFO) {
325 * Extract the program name. We assume
326 * it to be 16 characters (that's what it
327 * is in SunOS 5.x and Linux).
329 * Unfortunately, it's at a different offset
330 * in varous OSes, so try multiple offsets.
331 * If the characters aren't all printable,
334 for (i = 0; i < NOFFSETS; i++) {
335 reloffset = prpsoffsets(i);
336 noffset = offset + reloffset;
338 j++, noffset++, reloffset++) {
340 * Make sure we're not past
341 * the end of the buffer; if
342 * we are, just give up.
344 if (noffset >= bufsize)
348 * Make sure we're not past
349 * the end of the contents;
350 * if we are, this obviously
351 * isn't the right offset.
353 if (reloffset >= nh_descsz)
375 #define isquote(c) (strchr("'\"`", (c)) != NULL)
385 printf(", from '%.16s'",
386 &nbuf[offset + prpsoffsets(i)]);
395 offset = ((offset + 3)/4)*4;
402 tryelf(fd, buf, nbytes)
409 char c[sizeof (int32)];
415 * ELF executables have multiple section headers in arbitrary
416 * file locations and thus file(1) cannot determine it from easily.
417 * Instead we traverse thru all section headers until a symbol table
418 * one is found or else the binary is stripped.
420 if (buf[EI_MAG0] != ELFMAG0
421 || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1)
422 || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3)
428 if (class == ELFCLASS32) {
430 if (nbytes <= sizeof (Elf32_Ehdr))
435 (void) memcpy(&elfhdr, buf, sizeof elfhdr);
436 swap = (u.c[sizeof(int32) - 1] + 1) != elfhdr.e_ident[5];
438 if (getu16(swap, elfhdr.e_type) == ET_CORE)
440 dophn_core(class, swap,
442 getu32(swap, elfhdr.e_phoff),
443 getu16(swap, elfhdr.e_phnum),
444 getu16(swap, elfhdr.e_phentsize));
449 if (getu16(swap, elfhdr.e_type) == ET_EXEC) {
450 dophn_exec(class, swap,
452 getu32(swap, elfhdr.e_phoff),
453 getu16(swap, elfhdr.e_phnum),
454 getu16(swap, elfhdr.e_phentsize));
458 getu32(swap, elfhdr.e_shoff),
459 getu16(swap, elfhdr.e_shnum),
460 getu16(swap, elfhdr.e_shentsize));
465 if (class == ELFCLASS64) {
467 if (nbytes <= sizeof (Elf64_Ehdr))
472 (void) memcpy(&elfhdr, buf, sizeof elfhdr);
473 swap = (u.c[sizeof(int32) - 1] + 1) != elfhdr.e_ident[5];
475 if (getu16(swap, elfhdr.e_type) == ET_CORE)
477 dophn_core(class, swap,
479 #ifdef USE_ARRAY_FOR_64BIT_TYPES
480 getu32(swap, elfhdr.e_phoff[1]),
482 getu64(swap, elfhdr.e_phoff),
484 getu16(swap, elfhdr.e_phnum),
485 getu16(swap, elfhdr.e_phentsize));
491 if (getu16(swap, elfhdr.e_type) == ET_EXEC) {
492 dophn_exec(class, swap,
494 #ifdef USE_ARRAY_FOR_64BIT_TYPES
495 getu32(swap, elfhdr.e_phoff[1]),
497 getu64(swap, elfhdr.e_phoff),
499 getu16(swap, elfhdr.e_phnum),
500 getu16(swap, elfhdr.e_phentsize));
504 #ifdef USE_ARRAY_FOR_64BIT_TYPES
505 getu32(swap, elfhdr.e_shoff[1]),
507 getu64(swap, elfhdr.e_shoff),
509 getu16(swap, elfhdr.e_shnum),
510 getu16(swap, elfhdr.e_shentsize));
projects / FreeBSD / FreeBSD.git / blob