Date: Wed, 28 Apr 2004 17:59:21 +0200 From: "P. de Boer" <pieter@thelostparadise.com> To: freebsd-hackers@freebsd.org Subject: Extracting symbol info out of processes at runtime Message-ID: <1083167960.653.23.camel@edinburgh.thedarkside.tix>
next in thread | raw e-mail | index | archive | help
Hello -hackers, This is going to be a bit lengthy, but bear with me please, it's an interesting topic if I may say so :) For a little private project I'm working at, I need to find the address of a function which is inside a shared library of a running process, OR the base address the library is running at (in that case, I can simply do a base_address+known_offset_of_function). The executable nor libraries have their symbols stripped. To find the address of a certain function, I tried the ptrace program from http://www.linuxgazette.com/issue85/sandeep.html (which tries to find a link_map at GOT+4 by finding GOT in the dynamic section found in the program header), but that didn't seem to work out too well: strcpy() was found, but the symbol I was looking for wasn't. I am a bit unsure why, but perhaps it was because the symbol is probably only local to the library, if that's even possible. Because I lacked ELF clue and couldn't figure out what was going on, I started to write an elf-info program, which uses ptrace() to extract the ELF header, the program header table and the section header table from a running process. However, when I dump the section header table, all I get is garbage. man 5 elf states that the e_shoff field of the ELF header defines the offset of the section header table. When I dump the memory of 0x08048000+e_shoff in gdb, I'm getting different data than I'm seeing in the file on disk at offset e_shoff. So, apparantly the section header table isn't stored there at runtime, despite what the field e_shoff may say. Is there anyone here who might shed a light on this? Where has it gone? I started this e-mail stating I wanted to find the address of a symbol or the base address of a shared library. I don't know yet if I really need to have the section header table for this, or rather go to the dynamic section found in the program header. I was going to find that out writing my elf-info program, but that wasn't really a success as you see. If anyone can elaborate on that issue as well, I would be most thankful. PS: The sources to the program can be found at http://thelostparadise.com/troep/elfinfo.c -- With regards, Pieter de Boer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1083167960.653.23.camel>