From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 27220 invoked by alias); 10 Feb 2010 07:06:13 -0000 Received: (qmail 27209 invoked by uid 22791); 10 Feb 2010 07:06:11 -0000 X-SWARE-Spam-Status: No, hits=-2.0 required=5.0 tests=BAYES_00,SARE_MSGID_LONG40,SPF_PASS X-Spam-Check-By: sourceware.org Received: from mail-fx0-f215.google.com (HELO mail-fx0-f215.google.com) (209.85.220.215) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Wed, 10 Feb 2010 07:06:07 +0000 Received: by fxm7 with SMTP id 7so1050096fxm.8 for ; Tue, 09 Feb 2010 23:06:04 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.7.4 with SMTP id b4mr4323303fab.102.1265785564316; Tue, 09 Feb 2010 23:06:04 -0800 (PST) In-Reply-To: <20100209220815.GA14898@caradoc.them.org> References: <7b8592a1002091400y5b901e90s8cb26f75c057ffab@mail.gmail.com> <20100209220815.GA14898@caradoc.them.org> Date: Wed, 10 Feb 2010 07:06:00 -0000 Message-ID: <7b8592a1002092306ta508f3cn419a1e446b6d6ac3@mail.gmail.com> Subject: Re: reconstructing process memory map from core From: ineya ineya To: ineya ineya , gdb@sourceware.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-IsSubscribed: yes Mailing-List: contact gdb-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: gdb-owner@sourceware.org X-SW-Source: 2010-02/txt/msg00057.txt.bz2 >> I thought all that is needed is to have: >> - list of external function - in .dynsym I guess >> - .got from runtime > > Neither of these are useful for determining shared library load > addresses. =A0.dynsym is not useful at all; it is read-only so we can > recover it from the executable. Well, in .got I can see where the function was at runtime, from read-only sections I can find out which libraries are needed. So I would only need to find the library which defines this function. Then get its relative address, compute the relative position from start of this shared library - by subtracting "Entry point address" of this shared library. And finally subtract the result from value in .got, and the result should be start of shared library in memory. Or not? In .got of binaryA I have: 0x2ac0fd88 - for function TraceLog::logExc from libraryA I know: Entry point address: 0x2a20 .symtab 214: 00004d88 0 FUNC GLOBAL DEFAULT 9 _ZN8TraceLog6logExcEPKcS1 so relative from start: 0x4d88 - 0x2a20 =3D 0x2368 subtract this from what .got 0x2ac0fd88 - 0x2368 =3D 0x2ac0da20 Looking at "info shared" to see where GDB loaded the binary shows: 0x2ac0da20 0x2ac12480 Yes libraryA So I assume, there is a catch somewhere, where this approach would fail, I just can't see it yet.