2 * Copyright (c) Christos Zoulas 2003.
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice immediately at the beginning of the file, without modification,
10 * this list of conditions, and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
16 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
19 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
21 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
22 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
23 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
24 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 FILE_RCSID("@(#)$File: readelf.c,v 1.103 2014/05/02 02:25:10 christos Exp $")
45 private int dophn_core(struct magic_set *, int, int, int, off_t, int, size_t,
48 private int dophn_exec(struct magic_set *, int, int, int, off_t, int, size_t,
50 private int doshn(struct magic_set *, int, int, int, off_t, int, size_t,
51 off_t, int *, int, int);
52 private size_t donote(struct magic_set *, void *, size_t, size_t, int,
55 #define ELF_ALIGN(a) ((((a) + align - 1) / align) * align)
57 #define isquote(c) (strchr("'\"`", (c)) != NULL)
59 private uint16_t getu16(int, uint16_t);
60 private uint32_t getu32(int, uint32_t);
61 private uint64_t getu64(int, uint64_t);
64 #define MAX_SHNUM 1024
67 toomany(struct magic_set *ms, const char *name, uint16_t num)
69 if (file_printf(ms, ", too many %s header sections (%u)", name, num
76 getu16(int swap, uint16_t value)
86 retval.c[0] = tmpval.c[1];
87 retval.c[1] = tmpval.c[0];
95 getu32(int swap, uint32_t value)
105 retval.c[0] = tmpval.c[3];
106 retval.c[1] = tmpval.c[2];
107 retval.c[2] = tmpval.c[1];
108 retval.c[3] = tmpval.c[0];
116 getu64(int swap, uint64_t value)
126 retval.c[0] = tmpval.c[7];
127 retval.c[1] = tmpval.c[6];
128 retval.c[2] = tmpval.c[5];
129 retval.c[3] = tmpval.c[4];
130 retval.c[4] = tmpval.c[3];
131 retval.c[5] = tmpval.c[2];
132 retval.c[6] = tmpval.c[1];
133 retval.c[7] = tmpval.c[0];
140 #define elf_getu16(swap, value) getu16(swap, value)
141 #define elf_getu32(swap, value) getu32(swap, value)
142 #define elf_getu64(swap, value) getu64(swap, value)
144 #define xsh_addr (clazz == ELFCLASS32 \
147 #define xsh_sizeof (clazz == ELFCLASS32 \
150 #define xsh_size (size_t)(clazz == ELFCLASS32 \
151 ? elf_getu32(swap, sh32.sh_size) \
152 : elf_getu64(swap, sh64.sh_size))
153 #define xsh_offset (off_t)(clazz == ELFCLASS32 \
154 ? elf_getu32(swap, sh32.sh_offset) \
155 : elf_getu64(swap, sh64.sh_offset))
156 #define xsh_type (clazz == ELFCLASS32 \
157 ? elf_getu32(swap, sh32.sh_type) \
158 : elf_getu32(swap, sh64.sh_type))
159 #define xsh_name (clazz == ELFCLASS32 \
160 ? elf_getu32(swap, sh32.sh_name) \
161 : elf_getu32(swap, sh64.sh_name))
162 #define xph_addr (clazz == ELFCLASS32 \
165 #define xph_sizeof (clazz == ELFCLASS32 \
168 #define xph_type (clazz == ELFCLASS32 \
169 ? elf_getu32(swap, ph32.p_type) \
170 : elf_getu32(swap, ph64.p_type))
171 #define xph_offset (off_t)(clazz == ELFCLASS32 \
172 ? elf_getu32(swap, ph32.p_offset) \
173 : elf_getu64(swap, ph64.p_offset))
174 #define xph_align (size_t)((clazz == ELFCLASS32 \
175 ? (off_t) (ph32.p_align ? \
176 elf_getu32(swap, ph32.p_align) : 4) \
177 : (off_t) (ph64.p_align ? \
178 elf_getu64(swap, ph64.p_align) : 4)))
179 #define xph_filesz (size_t)((clazz == ELFCLASS32 \
180 ? elf_getu32(swap, ph32.p_filesz) \
181 : elf_getu64(swap, ph64.p_filesz)))
182 #define xnh_addr (clazz == ELFCLASS32 \
185 #define xph_memsz (size_t)((clazz == ELFCLASS32 \
186 ? elf_getu32(swap, ph32.p_memsz) \
187 : elf_getu64(swap, ph64.p_memsz)))
188 #define xnh_sizeof (clazz == ELFCLASS32 \
191 #define xnh_type (clazz == ELFCLASS32 \
192 ? elf_getu32(swap, nh32.n_type) \
193 : elf_getu32(swap, nh64.n_type))
194 #define xnh_namesz (clazz == ELFCLASS32 \
195 ? elf_getu32(swap, nh32.n_namesz) \
196 : elf_getu32(swap, nh64.n_namesz))
197 #define xnh_descsz (clazz == ELFCLASS32 \
198 ? elf_getu32(swap, nh32.n_descsz) \
199 : elf_getu32(swap, nh64.n_descsz))
200 #define prpsoffsets(i) (clazz == ELFCLASS32 \
203 #define xcap_addr (clazz == ELFCLASS32 \
206 #define xcap_sizeof (clazz == ELFCLASS32 \
209 #define xcap_tag (clazz == ELFCLASS32 \
210 ? elf_getu32(swap, cap32.c_tag) \
211 : elf_getu64(swap, cap64.c_tag))
212 #define xcap_val (clazz == ELFCLASS32 \
213 ? elf_getu32(swap, cap32.c_un.c_val) \
214 : elf_getu64(swap, cap64.c_un.c_val))
218 * Try larger offsets first to avoid false matches
219 * from earlier data that happen to look like strings.
221 static const size_t prpsoffsets32[] = {
223 104, /* SunOS 5.x (command line) */
224 88, /* SunOS 5.x (short name) */
225 #endif /* USE_NT_PSINFO */
227 100, /* SunOS 5.x (command line) */
228 84, /* SunOS 5.x (short name) */
230 44, /* Linux (command line) */
231 28, /* Linux 2.0.36 (short name) */
236 static const size_t prpsoffsets64[] = {
238 152, /* SunOS 5.x (command line) */
239 136, /* SunOS 5.x (short name) */
240 #endif /* USE_NT_PSINFO */
242 136, /* SunOS 5.x, 64-bit (command line) */
243 120, /* SunOS 5.x, 64-bit (short name) */
245 56, /* Linux (command line) */
246 40, /* Linux (tested on core from 2.4.x, short name) */
248 16, /* FreeBSD, 64-bit */
251 #define NOFFSETS32 (sizeof prpsoffsets32 / sizeof prpsoffsets32[0])
252 #define NOFFSETS64 (sizeof prpsoffsets64 / sizeof prpsoffsets64[0])
254 #define NOFFSETS (clazz == ELFCLASS32 ? NOFFSETS32 : NOFFSETS64)
257 * Look through the program headers of an executable image, searching
258 * for a PT_NOTE section of type NT_PRPSINFO, with a name "CORE" or
259 * "FreeBSD"; if one is found, try looking in various places in its
260 * contents for a 16-character string containing only printable
261 * characters - if found, that string should be the name of the program
262 * that dropped core. Note: right after that 16-character string is,
263 * at least in SunOS 5.x (and possibly other SVR4-flavored systems) and
264 * Linux, a longer string (80 characters, in 5.x, probably other
265 * SVR4-flavored systems, and Linux) containing the start of the
266 * command line for that program.
268 * SunOS 5.x core files contain two PT_NOTE sections, with the types
269 * NT_PRPSINFO (old) and NT_PSINFO (new). These structs contain the
270 * same info about the command name and command line, so it probably
271 * isn't worthwhile to look for NT_PSINFO, but the offsets are provided
272 * above (see USE_NT_PSINFO), in case we ever decide to do so. The
273 * NT_PRPSINFO and NT_PSINFO sections are always in order and adjacent;
274 * the SunOS 5.x file command relies on this (and prefers the latter).
276 * The signal number probably appears in a section of type NT_PRSTATUS,
277 * but that's also rather OS-dependent, in ways that are harder to
278 * dissect with heuristics, so I'm not bothering with the signal number.
279 * (I suppose the signal number could be of interest in situations where
280 * you don't have the binary of the program that dropped core; if you
281 * *do* have that binary, the debugger will probably tell you what
285 #define OS_STYLE_SVR4 0
286 #define OS_STYLE_FREEBSD 1
287 #define OS_STYLE_NETBSD 2
289 private const char os_style_names[][8] = {
295 #define FLAGS_DID_CORE 0x01
296 #define FLAGS_DID_NOTE 0x02
297 #define FLAGS_DID_BUILD_ID 0x04
298 #define FLAGS_DID_CORE_STYLE 0x08
299 #define FLAGS_IS_CORE 0x10
302 dophn_core(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
303 int num, size_t size, off_t fsize, int *flags)
308 unsigned char nbuf[BUFSIZ];
311 if (size != xph_sizeof) {
312 if (file_printf(ms, ", corrupted program header size") == -1)
318 * Loop through all the program headers.
320 for ( ; num; num--) {
321 if (pread(fd, xph_addr, xph_sizeof, off) == -1) {
327 if (xph_offset > fsize) {
328 /* Perhaps warn here */
332 if (xph_type != PT_NOTE)
336 * This is a PT_NOTE section; loop through all the notes
339 len = xph_filesz < sizeof(nbuf) ? xph_filesz : sizeof(nbuf);
340 if ((bufsize = pread(fd, nbuf, len, xph_offset)) == -1) {
346 if (offset >= (size_t)bufsize)
348 offset = donote(ms, nbuf, offset, (size_t)bufsize,
349 clazz, swap, 4, flags);
360 do_note_netbsd_version(struct magic_set *ms, int swap, void *v)
363 (void)memcpy(&desc, v, sizeof(desc));
364 desc = elf_getu32(swap, desc);
366 if (file_printf(ms, ", for NetBSD") == -1)
369 * The version number used to be stuck as 199905, and was thus
370 * basically content-free. Newer versions of NetBSD have fixed
371 * this and now use the encoding of __NetBSD_Version__:
377 * r = release ["",A-Z,Z[A-Z] but numeric]
380 if (desc > 100000000U) {
381 uint32_t ver_patch = (desc / 100) % 100;
382 uint32_t ver_rel = (desc / 10000) % 100;
383 uint32_t ver_min = (desc / 1000000) % 100;
384 uint32_t ver_maj = desc / 100000000;
386 if (file_printf(ms, " %u.%u", ver_maj, ver_min) == -1)
388 if (ver_rel == 0 && ver_patch != 0) {
389 if (file_printf(ms, ".%u", ver_patch) == -1)
391 } else if (ver_rel != 0) {
392 while (ver_rel > 26) {
393 if (file_printf(ms, "Z") == -1)
397 if (file_printf(ms, "%c", 'A' + ver_rel - 1)
405 do_note_freebsd_version(struct magic_set *ms, int swap, void *v)
409 (void)memcpy(&desc, v, sizeof(desc));
410 desc = elf_getu32(swap, desc);
411 if (file_printf(ms, ", for FreeBSD") == -1)
415 * Contents is __FreeBSD_version, whose relation to OS
416 * versions is defined by a huge table in the Porter's
417 * Handbook. This is the general scheme:
420 * Mmp000 (before 4.10)
421 * Mmi0p0 (before 5.0)
424 * Development branches:
425 * Mmpxxx (before 4.6)
426 * Mmp1xx (before 4.10)
427 * Mmi1xx (before 5.0)
433 * i = minor version increment (491000 -> 4.10)
437 * The first release of FreeBSD to use ELF by default
440 if (desc == 460002) {
441 if (file_printf(ms, " 4.6.2") == -1)
443 } else if (desc < 460100) {
444 if (file_printf(ms, " %d.%d", desc / 100000,
445 desc / 10000 % 10) == -1)
447 if (desc / 1000 % 10 > 0)
448 if (file_printf(ms, ".%d", desc / 1000 % 10) == -1)
450 if ((desc % 1000 > 0) || (desc % 100000 == 0))
451 if (file_printf(ms, " (%d)", desc) == -1)
453 } else if (desc < 500000) {
454 if (file_printf(ms, " %d.%d", desc / 100000,
455 desc / 10000 % 10 + desc / 1000 % 10) == -1)
457 if (desc / 100 % 10 > 0) {
458 if (file_printf(ms, " (%d)", desc) == -1)
460 } else if (desc / 10 % 10 > 0) {
461 if (file_printf(ms, ".%d", desc / 10 % 10) == -1)
465 if (file_printf(ms, " %d.%d", desc / 100000,
466 desc / 1000 % 100) == -1)
468 if ((desc / 100 % 10 > 0) ||
469 (desc % 100000 / 100 == 0)) {
470 if (file_printf(ms, " (%d)", desc) == -1)
472 } else if (desc / 10 % 10 > 0) {
473 if (file_printf(ms, ".%d", desc / 10 % 10) == -1)
480 donote(struct magic_set *ms, void *vbuf, size_t offset, size_t size,
481 int clazz, int swap, size_t align, int *flags)
489 uint32_t namesz, descsz;
490 unsigned char *nbuf = CAST(unsigned char *, vbuf);
492 if (xnh_sizeof + offset > size) {
494 * We're out of note headers.
496 return xnh_sizeof + offset;
499 (void)memcpy(xnh_addr, &nbuf[offset], xnh_sizeof);
500 offset += xnh_sizeof;
504 if ((namesz == 0) && (descsz == 0)) {
506 * We're out of note headers.
508 return (offset >= size) ? offset : size;
511 if (namesz & 0x80000000) {
512 (void)file_printf(ms, ", bad note name size 0x%lx",
513 (unsigned long)namesz);
517 if (descsz & 0x80000000) {
518 (void)file_printf(ms, ", bad note description size 0x%lx",
519 (unsigned long)descsz);
525 doff = ELF_ALIGN(offset + namesz);
527 if (offset + namesz > size) {
529 * We're past the end of the buffer.
534 offset = ELF_ALIGN(doff + descsz);
535 if (doff + descsz > size) {
537 * We're past the end of the buffer.
539 return (offset >= size) ? offset : size;
542 if ((*flags & (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID)) ==
543 (FLAGS_DID_NOTE|FLAGS_DID_BUILD_ID))
546 if (namesz == 5 && strcmp((char *)&nbuf[noff], "SuSE") == 0 &&
547 xnh_type == NT_GNU_VERSION && descsz == 2) {
548 file_printf(ms, ", for SuSE %d.%d", nbuf[doff], nbuf[doff + 1]);
550 if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
551 xnh_type == NT_GNU_VERSION && descsz == 16) {
553 (void)memcpy(desc, &nbuf[doff], sizeof(desc));
555 if (file_printf(ms, ", for GNU/") == -1)
557 switch (elf_getu32(swap, desc[0])) {
559 if (file_printf(ms, "Linux") == -1)
563 if (file_printf(ms, "Hurd") == -1)
567 if (file_printf(ms, "Solaris") == -1)
570 case GNU_OS_KFREEBSD:
571 if (file_printf(ms, "kFreeBSD") == -1)
575 if (file_printf(ms, "kNetBSD") == -1)
579 if (file_printf(ms, "<unknown>") == -1)
582 if (file_printf(ms, " %d.%d.%d", elf_getu32(swap, desc[1]),
583 elf_getu32(swap, desc[2]), elf_getu32(swap, desc[3])) == -1)
585 *flags |= FLAGS_DID_NOTE;
589 if (namesz == 4 && strcmp((char *)&nbuf[noff], "GNU") == 0 &&
590 xnh_type == NT_GNU_BUILD_ID && (descsz == 16 || descsz == 20)) {
593 if (file_printf(ms, ", BuildID[%s]=", descsz == 16 ? "md5/uuid" :
596 (void)memcpy(desc, &nbuf[doff], descsz);
597 for (i = 0; i < descsz; i++)
598 if (file_printf(ms, "%02x", desc[i]) == -1)
600 *flags |= FLAGS_DID_BUILD_ID;
603 if (namesz == 4 && strcmp((char *)&nbuf[noff], "PaX") == 0 &&
604 xnh_type == NT_NETBSD_PAX && descsz == 4) {
605 static const char *pax[] = {
617 (void)memcpy(&desc, &nbuf[doff], sizeof(desc));
618 desc = elf_getu32(swap, desc);
620 if (desc && file_printf(ms, ", PaX: ") == -1)
623 for (i = 0; i < __arraycount(pax); i++) {
624 if (((1 << i) & desc) == 0)
626 if (file_printf(ms, "%s%s", did++ ? "," : "",
632 if (namesz == 7 && strcmp((char *)&nbuf[noff], "NetBSD") == 0) {
634 case NT_NETBSD_VERSION:
636 do_note_netbsd_version(ms, swap, &nbuf[doff]);
637 *flags |= FLAGS_DID_NOTE;
641 case NT_NETBSD_MARCH:
642 if (file_printf(ms, ", compiled for: %.*s", (int)descsz,
643 (const char *)&nbuf[doff]) == -1)
646 case NT_NETBSD_CMODEL:
647 if (file_printf(ms, ", compiler model: %.*s",
648 (int)descsz, (const char *)&nbuf[doff]) == -1)
652 if (file_printf(ms, ", note=%u", xnh_type) == -1)
659 if (namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0) {
660 if (xnh_type == NT_FREEBSD_VERSION && descsz == 4) {
661 do_note_freebsd_version(ms, swap, &nbuf[doff]);
662 *flags |= FLAGS_DID_NOTE;
667 if (namesz == 8 && strcmp((char *)&nbuf[noff], "OpenBSD") == 0 &&
668 xnh_type == NT_OPENBSD_VERSION && descsz == 4) {
669 if (file_printf(ms, ", for OpenBSD") == -1)
671 /* Content of note is always 0 */
672 *flags |= FLAGS_DID_NOTE;
676 if (namesz == 10 && strcmp((char *)&nbuf[noff], "DragonFly") == 0 &&
677 xnh_type == NT_DRAGONFLY_VERSION && descsz == 4) {
679 if (file_printf(ms, ", for DragonFly") == -1)
681 (void)memcpy(&desc, &nbuf[doff], sizeof(desc));
682 desc = elf_getu32(swap, desc);
683 if (file_printf(ms, " %d.%d.%d", desc / 100000,
684 desc / 10000 % 10, desc % 10000) == -1)
686 *flags |= FLAGS_DID_NOTE;
692 * Sigh. The 2.0.36 kernel in Debian 2.1, at
693 * least, doesn't correctly implement name
694 * sections, in core dumps, as specified by
695 * the "Program Linking" section of "UNIX(R) System
696 * V Release 4 Programmer's Guide: ANSI C and
697 * Programming Support Tools", because my copy
698 * clearly says "The first 'namesz' bytes in 'name'
699 * contain a *null-terminated* [emphasis mine]
700 * character representation of the entry's owner
701 * or originator", but the 2.0.36 kernel code
702 * doesn't include the terminating null in the
705 if ((namesz == 4 && strncmp((char *)&nbuf[noff], "CORE", 4) == 0) ||
706 (namesz == 5 && strcmp((char *)&nbuf[noff], "CORE") == 0)) {
707 os_style = OS_STYLE_SVR4;
710 if ((namesz == 8 && strcmp((char *)&nbuf[noff], "FreeBSD") == 0)) {
711 os_style = OS_STYLE_FREEBSD;
714 if ((namesz >= 11 && strncmp((char *)&nbuf[noff], "NetBSD-CORE", 11)
716 os_style = OS_STYLE_NETBSD;
720 if ((*flags & FLAGS_DID_CORE) != 0)
723 if (os_style != -1 && (*flags & FLAGS_DID_CORE_STYLE) == 0) {
724 if (file_printf(ms, ", %s-style", os_style_names[os_style])
727 *flags |= FLAGS_DID_CORE_STYLE;
731 case OS_STYLE_NETBSD:
732 if (xnh_type == NT_NETBSD_CORE_PROCINFO) {
735 * Extract the program name. It is at
736 * offset 0x7c, and is up to 32-bytes,
737 * including the terminating NUL.
739 if (file_printf(ms, ", from '%.31s'",
740 &nbuf[doff + 0x7c]) == -1)
744 * Extract the signal number. It is at
747 (void)memcpy(&signo, &nbuf[doff + 0x08],
749 if (file_printf(ms, " (signal %u)",
750 elf_getu32(swap, signo)) == -1)
752 *flags |= FLAGS_DID_CORE;
758 if (xnh_type == NT_PRPSINFO && *flags & FLAGS_IS_CORE) {
762 * Extract the program name. We assume
763 * it to be 16 characters (that's what it
764 * is in SunOS 5.x and Linux).
766 * Unfortunately, it's at a different offset
767 * in various OSes, so try multiple offsets.
768 * If the characters aren't all printable,
771 for (i = 0; i < NOFFSETS; i++) {
772 unsigned char *cname, *cp;
773 size_t reloffset = prpsoffsets(i);
774 size_t noffset = doff + reloffset;
776 for (j = 0; j < 16; j++, noffset++,
779 * Make sure we're not past
780 * the end of the buffer; if
781 * we are, just give up.
787 * Make sure we're not past
788 * the end of the contents;
789 * if we are, this obviously
790 * isn't the right offset.
792 if (reloffset >= descsz)
814 if (!isprint(c) || isquote(c))
823 * Try next offsets, in case this match is
824 * in the middle of a string.
826 for (k = i + 1 ; k < NOFFSETS ; k++) {
829 if (prpsoffsets(k) >= prpsoffsets(i))
831 for (no = doff + prpsoffsets(k);
832 no < doff + prpsoffsets(i); no++)
834 && isprint(nbuf[no]);
839 cname = (unsigned char *)
840 &nbuf[doff + prpsoffsets(i)];
841 for (cp = cname; *cp && isprint(*cp); cp++)
844 * Linux apparently appends a space at the end
845 * of the command line: remove it.
847 while (cp > cname && isspace(cp[-1]))
849 if (file_printf(ms, ", from '%.*s'",
850 (int)(cp - cname), cname) == -1)
852 *flags |= FLAGS_DID_CORE;
865 /* SunOS 5.x hardware capability descriptions */
866 typedef struct cap_desc {
871 static const cap_desc_t cap_desc_sparc[] = {
872 { AV_SPARC_MUL32, "MUL32" },
873 { AV_SPARC_DIV32, "DIV32" },
874 { AV_SPARC_FSMULD, "FSMULD" },
875 { AV_SPARC_V8PLUS, "V8PLUS" },
876 { AV_SPARC_POPC, "POPC" },
877 { AV_SPARC_VIS, "VIS" },
878 { AV_SPARC_VIS2, "VIS2" },
879 { AV_SPARC_ASI_BLK_INIT, "ASI_BLK_INIT" },
880 { AV_SPARC_FMAF, "FMAF" },
881 { AV_SPARC_FJFMAU, "FJFMAU" },
882 { AV_SPARC_IMA, "IMA" },
886 static const cap_desc_t cap_desc_386[] = {
887 { AV_386_FPU, "FPU" },
888 { AV_386_TSC, "TSC" },
889 { AV_386_CX8, "CX8" },
890 { AV_386_SEP, "SEP" },
891 { AV_386_AMD_SYSC, "AMD_SYSC" },
892 { AV_386_CMOV, "CMOV" },
893 { AV_386_MMX, "MMX" },
894 { AV_386_AMD_MMX, "AMD_MMX" },
895 { AV_386_AMD_3DNow, "AMD_3DNow" },
896 { AV_386_AMD_3DNowx, "AMD_3DNowx" },
897 { AV_386_FXSR, "FXSR" },
898 { AV_386_SSE, "SSE" },
899 { AV_386_SSE2, "SSE2" },
900 { AV_386_PAUSE, "PAUSE" },
901 { AV_386_SSE3, "SSE3" },
902 { AV_386_MON, "MON" },
903 { AV_386_CX16, "CX16" },
904 { AV_386_AHF, "AHF" },
905 { AV_386_TSCP, "TSCP" },
906 { AV_386_AMD_SSE4A, "AMD_SSE4A" },
907 { AV_386_POPCNT, "POPCNT" },
908 { AV_386_AMD_LZCNT, "AMD_LZCNT" },
909 { AV_386_SSSE3, "SSSE3" },
910 { AV_386_SSE4_1, "SSE4.1" },
911 { AV_386_SSE4_2, "SSE4.2" },
916 doshn(struct magic_set *ms, int clazz, int swap, int fd, off_t off, int num,
917 size_t size, off_t fsize, int *flags, int mach, int strtab)
924 off_t noff, coff, name_off;
925 uint64_t cap_hw1 = 0; /* SunOS 5.x hardware capabilites */
926 uint64_t cap_sf1 = 0; /* SunOS 5.x software capabilites */
929 if (size != xsh_sizeof) {
930 if (file_printf(ms, ", corrupted section header size") == -1)
935 /* Read offset of name section to be able to read section names later */
936 if (pread(fd, xsh_addr, xsh_sizeof, off + size * strtab) == -1) {
940 name_off = xsh_offset;
942 for ( ; num; num--) {
943 /* Read the name of this section. */
944 if (pread(fd, name, sizeof(name), name_off + xsh_name) == -1) {
948 name[sizeof(name) - 1] = '\0';
949 if (strcmp(name, ".debug_info") == 0)
952 if (pread(fd, xsh_addr, xsh_sizeof, off) == -1) {
958 /* Things we can determine before we seek */
967 if (xsh_offset > fsize) {
968 /* Perhaps warn here */
974 /* Things we can determine when we seek */
977 if ((nbuf = malloc(xsh_size)) == NULL) {
978 file_error(ms, errno, "Cannot allocate memory"
982 if (pread(fd, nbuf, xsh_size, xsh_offset) == -1) {
990 if (noff >= (off_t)xsh_size)
992 noff = donote(ms, nbuf, (size_t)noff,
993 xsh_size, clazz, swap, 4, flags);
1013 if (lseek(fd, xsh_offset, SEEK_SET) == (off_t)-1) {
1021 char cbuf[/*CONSTCOND*/
1022 MAX(sizeof cap32, sizeof cap64)];
1023 if ((coff += xcap_sizeof) > (off_t)xsh_size)
1025 if (read(fd, cbuf, (size_t)xcap_sizeof) !=
1026 (ssize_t)xcap_sizeof) {
1030 if (cbuf[0] == 'A') {
1034 memcpy(&len, p, sizeof(len));
1036 len = getu32(swap, len);
1037 if (memcmp("gnu", p, 3) != 0) {
1039 ", unknown capability %.3s", p)
1046 memcpy(&len, p, sizeof(len));
1048 len = getu32(swap, len);
1050 if (file_printf(ms, ", unknown gnu"
1051 " capability tag %d", tag)
1060 (void)memcpy(xcap_addr, cbuf, xcap_sizeof);
1065 cap_hw1 |= xcap_val;
1068 cap_sf1 |= xcap_val;
1072 ", with unknown capability "
1073 "0x%" INT64_T_FORMAT "x = 0x%"
1075 (unsigned long long)xcap_tag,
1076 (unsigned long long)xcap_val) == -1)
1090 if (file_printf(ms, ", %sstripped", stripped ? "" : "not ") == -1)
1093 const cap_desc_t *cdp;
1096 case EM_SPARC32PLUS:
1098 cdp = cap_desc_sparc;
1109 if (file_printf(ms, ", uses") == -1)
1112 while (cdp->cd_name) {
1113 if (cap_hw1 & cdp->cd_mask) {
1115 " %s", cdp->cd_name) == -1)
1117 cap_hw1 &= ~cdp->cd_mask;
1123 " unknown hardware capability 0x%"
1125 (unsigned long long)cap_hw1) == -1)
1129 " hardware capability 0x%" INT64_T_FORMAT "x",
1130 (unsigned long long)cap_hw1) == -1)
1135 if (cap_sf1 & SF1_SUNW_FPUSED) {
1137 (cap_sf1 & SF1_SUNW_FPKNWN)
1138 ? ", uses frame pointer"
1139 : ", not known to use frame pointer") == -1)
1142 cap_sf1 &= ~SF1_SUNW_MASK;
1145 ", with unknown software capability 0x%"
1147 (unsigned long long)cap_sf1) == -1)
1154 * Look through the program headers of an executable image, searching
1155 * for a PT_INTERP section; if one is found, it's dynamically linked,
1156 * otherwise it's statically linked.
1159 dophn_exec(struct magic_set *ms, int clazz, int swap, int fd, off_t off,
1160 int num, size_t size, off_t fsize, int *flags, int sh_num)
1164 const char *linking_style = "statically";
1165 const char *shared_libraries = "";
1166 unsigned char nbuf[BUFSIZ];
1168 size_t offset, align, len;
1170 if (size != xph_sizeof) {
1171 if (file_printf(ms, ", corrupted program header size") == -1)
1176 for ( ; num; num--) {
1177 if (pread(fd, xph_addr, xph_sizeof, off) == -1) {
1184 /* Things we can determine before we seek */
1187 linking_style = "dynamically";
1190 shared_libraries = " (uses shared libs)";
1193 if (xph_offset > fsize) {
1194 /* Maybe warn here? */
1200 /* Things we can determine when we seek */
1203 if ((align = xph_align) & 0x80000000UL) {
1205 ", invalid note alignment 0x%lx",
1206 (unsigned long)align) == -1)
1213 * This is a PT_NOTE section; loop through all the notes
1216 len = xph_filesz < sizeof(nbuf) ? xph_filesz
1218 bufsize = pread(fd, nbuf, len, xph_offset);
1219 if (bufsize == -1) {
1225 if (offset >= (size_t)bufsize)
1227 offset = donote(ms, nbuf, offset,
1228 (size_t)bufsize, clazz, swap, align,
1238 if (file_printf(ms, ", %s linked%s", linking_style, shared_libraries)
1246 file_tryelf(struct magic_set *ms, int fd, const unsigned char *buf,
1251 char c[sizeof (int32_t)];
1258 Elf32_Ehdr elf32hdr;
1259 Elf64_Ehdr elf64hdr;
1260 uint16_t type, phnum, shnum;
1262 if (ms->flags & (MAGIC_MIME|MAGIC_APPLE))
1265 * ELF executables have multiple section headers in arbitrary
1266 * file locations and thus file(1) cannot determine it from easily.
1267 * Instead we traverse thru all section headers until a symbol table
1268 * one is found or else the binary is stripped.
1269 * Return immediately if it's not ELF (so we avoid pipe2file unless needed).
1271 if (buf[EI_MAG0] != ELFMAG0
1272 || (buf[EI_MAG1] != ELFMAG1 && buf[EI_MAG1] != OLFMAG1)
1273 || buf[EI_MAG2] != ELFMAG2 || buf[EI_MAG3] != ELFMAG3)
1277 * If we cannot seek, it must be a pipe, socket or fifo.
1279 if((lseek(fd, (off_t)0, SEEK_SET) == (off_t)-1) && (errno == ESPIPE))
1280 fd = file_pipe2file(ms, fd, buf, nbytes);
1282 if (fstat(fd, &st) == -1) {
1288 clazz = buf[EI_CLASS];
1293 #define elf_getu(a, b) elf_getu32(a, b)
1295 #define elfhdr elf32hdr
1296 #include "elfclass.h"
1299 #define elf_getu(a, b) elf_getu64(a, b)
1301 #define elfhdr elf64hdr
1302 #include "elfclass.h"
1304 if (file_printf(ms, ", unknown class %d", clazz) == -1)
projects / FreeBSD / releng / 10.1.git / blob