Parsing custom note from core file using libdwfl APIs
Luca Boccassi
bluca@debian.org
Wed Mar 24 18:58:20 GMT 2021
Hi,
I am trying to use libdwfl parse a core file and extract a custom note
added at link time via a script to the executable that crashes.
I am having issues, as it seems the API to iterate over the PT_NOTE
entries only returns the ones added by the kernel (ie: 6 CORE and 1
LINUX notes).
The note is clearly present in the core, just after the build-id note,
it is visible when opening the core with an hex editor.
The note is also visible in memory after the build-id note when
stepping through the dwfl_segment_report_module() function via gdb, in
the bit where it parses the build-id note. I can see my note just after
it.
I have tried several variations of the following (much shortened for
brevity) snippet, called after dwfl_core_file_report(dwfl, elfl, NULL),
without any luck:
size_t n_program_headers;
elf_getphdrnum(elf, &n_program_headers);
for (size_t i = 0; i < n_program_headers; ++i) {
GElf_Phdr mem;
GElf_Phdr *header = gelf_getphdr(elf, i, &mem);
if (header == NULL || header->p_type != PT_NOTE)
continue;
Elf_Data *data = elf_getdata_rawchunk(elf,
header->p_offset,
header->p_filesz,
header->p_align == 8 ? ELF_T_NHDR8 : ELF_T_NHDR);
GElf_Nhdr note_header;
size_t offset = 0;
size_t name_offset, desc_offset;
while (offset < data->d_size && (offset = gelf_getnote(data, offset, ¬e_header, &name_offset, &desc_offset)) > 0) {
if (note_header.n_namesz == 0)
continue;
const char *nname = (const char *)data->d_buf + name_offset;
const char *desc = (const char *)data->d_buf + desc_offset;
if (memcmp(nname, "TBD", 3) == 0)
printf("FOUND");
}
}
Any idea what I am doing wrong or what I am missing?
The note is added via the following linker script:
SECTIONS
{
.note.package ALIGN(8): {
BYTE(0x04) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Owner including NUL */
BYTE(0x4a) BYTE(0x00) BYTE(0x00) BYTE(0x00) /* Length of Value including NUL */
BYTE(0x00) BYTE(0x33) BYTE(0xdd) BYTE(0x7a) /* Note ID */
BYTE(0x54) BYTE(0x42) BYTE(0x44) BYTE(0x00) /* Owner: 'TBD\x00' */
BYTE(0x7b) BYTE(0x22) BYTE(0x70) BYTE(0x61) /* Value: '{"packageType":"deb","package":"fsverity-utils","packageVersion":"1.3-1"}\x00\x00\x00' */
BYTE(0x63) BYTE(0x6b) BYTE(0x61) BYTE(0x67)
BYTE(0x65) BYTE(0x54) BYTE(0x79) BYTE(0x70)
BYTE(0x65) BYTE(0x22) BYTE(0x3a) BYTE(0x22)
BYTE(0x64) BYTE(0x65) BYTE(0x62) BYTE(0x22)
BYTE(0x2c) BYTE(0x22) BYTE(0x70) BYTE(0x61)
BYTE(0x63) BYTE(0x6b) BYTE(0x61) BYTE(0x67)
BYTE(0x65) BYTE(0x22) BYTE(0x3a) BYTE(0x22)
BYTE(0x66) BYTE(0x73) BYTE(0x76) BYTE(0x65)
BYTE(0x72) BYTE(0x69) BYTE(0x74) BYTE(0x79)
BYTE(0x2d) BYTE(0x75) BYTE(0x74) BYTE(0x69)
BYTE(0x6c) BYTE(0x73) BYTE(0x22) BYTE(0x2c)
BYTE(0x22) BYTE(0x70) BYTE(0x61) BYTE(0x63)
BYTE(0x6b) BYTE(0x61) BYTE(0x67) BYTE(0x65)
BYTE(0x56) BYTE(0x65) BYTE(0x72) BYTE(0x73)
BYTE(0x69) BYTE(0x6f) BYTE(0x6e) BYTE(0x22)
BYTE(0x3a) BYTE(0x22) BYTE(0x31) BYTE(0x2e)
BYTE(0x33) BYTE(0x2d) BYTE(0x31) BYTE(0x22)
BYTE(0x7d) BYTE(0x00) BYTE(0x00) BYTE(0x00)
}
}
INSERT AFTER .note.gnu.build-id;
--
Kind regards,
Luca Boccassi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://sourceware.org/pipermail/elfutils-devel/attachments/20210324/7f08e487/attachment.sig>
More information about the Elfutils-devel
mailing list