2011-06-14 19:53:47 +02:00
|
|
|
|
--- magic/Magdir/elf
|
|
|
|
|
+++ magic/Magdir/elf 2006-11-22 14:57:15.000000000 +0000
|
|
|
|
|
@@ -102,7 +102,7 @@
|
|
|
|
|
>>18 leshort 47 Renesas H8/300H,
|
|
|
|
|
>>18 leshort 48 Renesas H8S,
|
|
|
|
|
>>18 leshort 49 Renesas H8/500,
|
|
|
|
|
->>18 leshort 50 IA-64,
|
|
|
|
|
+>>18 leshort 50 IA-64 (Intel 64 bit architecture),
|
|
|
|
|
>>18 leshort 51 Stanford MIPS-X,
|
|
|
|
|
>>18 leshort 52 Motorola Coldfire,
|
|
|
|
|
>>18 leshort 53 Motorola M68HC12,
|
|
|
|
|
@@ -247,7 +247,7 @@
|
|
|
|
|
>>18 beshort 47 Renesas H8/300H,
|
|
|
|
|
>>18 beshort 48 Renesas H8S,
|
|
|
|
|
>>18 beshort 49 Renesas H8/500,
|
|
|
|
|
->>18 beshort 50 IA-64,
|
|
|
|
|
+>>18 beshort 50 IA-64 (Intel 64 bit architecture),
|
|
|
|
|
>>18 beshort 51 Stanford MIPS-X,
|
|
|
|
|
>>18 beshort 52 Motorola Coldfire,
|
|
|
|
|
>>18 beshort 53 Motorola M68HC12,
|
|
|
|
|
--- magic/Magdir/linux
|
|
|
|
|
+++ magic/Magdir/linux 2009-05-05 12:25:21.000000000 +0000
|
|
|
|
|
@@ -94,21 +94,43 @@
|
|
|
|
|
# and Nicol<6F>s Lichtmaier <nick@debian.org>
|
|
|
|
|
# All known start with: b8 c0 07 8e d8 b8 00 90 8e c0 b9 00 01 29 f6 29
|
|
|
|
|
# Linux kernel boot images (i386 arch) (Wolfram Kleff)
|
|
|
|
|
-514 string HdrS Linux kernel
|
|
|
|
|
->510 leshort 0xAA55 x86 boot executable
|
|
|
|
|
->>518 leshort >0x1ff
|
|
|
|
|
->>>529 byte 0 zImage,
|
|
|
|
|
->>>529 byte 1 bzImage,
|
|
|
|
|
->>>(526.s+0x200) string >\0 version %s,
|
|
|
|
|
->>498 leshort 1 RO-rootFS,
|
|
|
|
|
->>498 leshort 0 RW-rootFS,
|
|
|
|
|
->>508 leshort >0 root_dev 0x%X,
|
|
|
|
|
->>502 leshort >0 swap_dev 0x%X,
|
|
|
|
|
->>504 leshort >0 RAMdisksize %u KB,
|
|
|
|
|
->>506 leshort 0xFFFF Normal VGA
|
|
|
|
|
->>506 leshort 0xFFFE Extended VGA
|
|
|
|
|
->>506 leshort 0xFFFD Prompt for Videomode
|
|
|
|
|
->>506 leshort >0 Video mode %d
|
|
|
|
|
+514 string HdrS Linux
|
|
|
|
|
+>510 leshort 0xAA55 \b/x86 Kernel
|
|
|
|
|
+>510 leshort <0xAA55 Kernel
|
|
|
|
|
+>510 leshort >0xAA55 Kernel
|
|
|
|
|
+>518 leshort 0x0105 \b, Setup Version 0x105, zImage
|
|
|
|
|
+>518 leshort >0x0105 \b, Setup Version %#hx
|
|
|
|
|
+>>529 byte 0 \b, zImage
|
|
|
|
|
+>>529 byte 1 \b, bzImage
|
|
|
|
|
+>>>(526.s+0x205) byte 32
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %5.5s
|
|
|
|
|
+>>>(526.s+0x206) byte 32
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %6.6s
|
|
|
|
|
+>>>(526.s+0x207) byte 32
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %7.7s
|
|
|
|
|
+>>>(526.s+0x205) byte 45
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %5.5s
|
|
|
|
|
+>>>(526.s+0x206) byte 45
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %6.6s
|
|
|
|
|
+>>>(526.s+0x207) byte 45
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %7.7s
|
|
|
|
|
+>>>(526.s+0x208) byte 45
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %8.8s
|
|
|
|
|
+>>>(526.s+0x209) byte 45
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %9.9s
|
|
|
|
|
+>>>(526.s+0x20a) byte 45
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %10.10s
|
|
|
|
|
+>>>(526.s+0x20b) byte 45
|
|
|
|
|
+>>>>(526.s+0x200) string >\0 \b, Version %11.11s
|
|
|
|
|
+>>498 leshort 1 \b, RO-rootFS
|
|
|
|
|
+>>498 leshort 0 \b, RW-rootFS
|
|
|
|
|
+>>508 leshort >0 \b, root_dev 0x%X
|
|
|
|
|
+>>502 leshort >0 \b, swap_dev 0x%X
|
|
|
|
|
+>>504 leshort >0 \b, RAMdisksize %u KB
|
|
|
|
|
+>>506 leshort 0xFFFF \b, Normal VGA
|
|
|
|
|
+>>506 leshort 0xFFFE \b, Extended VGA
|
|
|
|
|
+>>506 leshort 0xFFFD \b, Prompt for Videomode
|
|
|
|
|
+>>506 leshort >0 \b, Video mode %d
|
|
|
|
|
# This also matches new kernels, which were caught above by "HdrS".
|
|
|
|
|
0 belong 0xb8c0078e Linux kernel
|
|
|
|
|
>0x1e3 string Loading version 1.3.79 or older
|
|
|
|
|
--- magic/Magdir/msad
|
|
|
|
|
+++ magic/Magdir/msad 2006-03-27 11:29:19.000000000 +0000
|
|
|
|
|
@@ -0,0 +1,5 @@
|
|
|
|
|
+#------------------------------------------------------------------------------
|
|
|
|
|
+# msad: file(1) magic for msad
|
|
|
|
|
+# Microsoft visual C
|
|
|
|
|
+# This must precede the heuristic for raw G3 data
|
|
|
|
|
+4 string Standard\ Jet\ DB Microsoft Access Database
|
|
|
|
|
--- magic/Magdir/msdos
|
2011-08-23 16:56:34 +02:00
|
|
|
|
+++ magic/Magdir/msdos 2011-06-14 14:36:26.000000000 +0000
|
2011-06-14 19:53:47 +02:00
|
|
|
|
@@ -98,9 +98,9 @@
|
|
|
|
|
>>>(0x3c.l+22) leshort&0x0200 >0 (stripped to external PDB)
|
|
|
|
|
>>>(0x3c.l+22) leshort&0x1000 >0 system file
|
|
|
|
|
>>>(0x3c.l+24) leshort 0x010b
|
|
|
|
|
->>>>(0x3c.l+232) lelong >0 Mono/.Net assembly
|
|
|
|
|
+>>>>(0x3c.l+232) lelong >0 \b, Mono/.Net assembly
|
|
|
|
|
>>>(0x3c.l+24) leshort 0x020b
|
|
|
|
|
->>>>(0x3c.l+248) lelong >0 Mono/.Net assembly
|
|
|
|
|
+>>>>(0x3c.l+248) lelong >0 \b, Mono/.Net assembly
|
|
|
|
|
|
|
|
|
|
# hooray, there's a DOS extender using the PE format, with a valid PE
|
|
|
|
|
# executable inside (which just prints a message and exits if run in win)
|
2006-12-19 00:15:53 +01:00
|
|
|
|
--- magic/Makefile.am
|
2011-08-23 16:56:34 +02:00
|
|
|
|
+++ magic/Makefile.am 2011-08-23 14:50:29.287926799 +0000
|
2010-02-05 17:16:36 +01:00
|
|
|
|
@@ -5,7 +5,7 @@ MAGIC_FRAGMENT_BASE = Magdir
|
|
|
|
|
MAGIC_DIR = $(top_srcdir)/magic
|
|
|
|
|
MAGIC_FRAGMENT_DIR = $(MAGIC_DIR)/$(MAGIC_FRAGMENT_BASE)
|
2008-04-14 19:32:36 +02:00
|
|
|
|
|
|
|
|
|
-pkgdata_DATA = magic.mgc
|
|
|
|
|
+pkgdata_DATA = magic.mgc magic
|
|
|
|
|
|
2010-02-05 17:16:36 +01:00
|
|
|
|
EXTRA_DIST = \
|
|
|
|
|
$(MAGIC_DIR)/Header \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
@@ -19,7 +19,6 @@ $(MAGIC_FRAGMENT_DIR)/amanda \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/amigaos \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/animation \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/apl \
|
|
|
|
|
-$(MAGIC_FRAGMENT_DIR)/apple \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/applix \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/archive \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/asterix \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
@@ -69,7 +68,6 @@ $(MAGIC_FRAGMENT_DIR)/epoc \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/erlang \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/esri \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/fcs \
|
|
|
|
|
-$(MAGIC_FRAGMENT_DIR)/filesystems \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/flash \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/fonts \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/fortran \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
@@ -102,19 +100,19 @@ $(MAGIC_FRAGMENT_DIR)/ispell \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/isz \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/java \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/jpeg \
|
|
|
|
|
+$(MAGIC_FRAGMENT_DIR)/linux \
|
|
|
|
|
+$(MAGIC_FRAGMENT_DIR)/filesystems \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/karma \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/kde \
|
2009-05-06 18:38:39 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/kml \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/lecter \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/lex \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/lif \
|
|
|
|
|
-$(MAGIC_FRAGMENT_DIR)/linux \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/lisp \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/llvm \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/lua \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/luks \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/mach \
|
|
|
|
|
-$(MAGIC_FRAGMENT_DIR)/macintosh \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/magic \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/mail.news \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/maple \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
@@ -131,10 +129,10 @@ $(MAGIC_FRAGMENT_DIR)/misctools \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/mkid \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/mlssa \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/mmdf \
|
|
|
|
|
-$(MAGIC_FRAGMENT_DIR)/modem \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/motorola \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/mozilla \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/msdos \
|
|
|
|
|
+$(MAGIC_FRAGMENT_DIR)/modem \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/msooxml \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/msvc \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/mup \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
@@ -173,6 +171,8 @@ $(MAGIC_FRAGMENT_DIR)/pyramid \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/python \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/revision \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/riff \
|
|
|
|
|
+$(MAGIC_FRAGMENT_DIR)/apple \
|
|
|
|
|
+$(MAGIC_FRAGMENT_DIR)/macintosh \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/rinex \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/rpm \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/rtf \
|
2011-06-14 19:53:47 +02:00
|
|
|
|
@@ -238,8 +238,20 @@ $(MAGIC_FRAGMENT_DIR)/xwindows \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/zilog \
|
|
|
|
|
$(MAGIC_FRAGMENT_DIR)/zyxel
|
|
|
|
|
|
|
|
|
|
+RAW = magic
|
|
|
|
|
MAGIC = magic.mgc
|
2010-02-05 17:16:36 +01:00
|
|
|
|
-CLEANFILES = ${MAGIC} $(MAGIC_FRAGMENT_DIR)/Localstuff
|
|
|
|
|
+CLEANFILES = ${MAGIC} $(MAGIC_DIR)/Localstuff ${RAW}
|
2008-04-14 19:32:36 +02:00
|
|
|
|
+
|
2010-02-05 17:16:36 +01:00
|
|
|
|
+${RAW}: $(MAGIC_DIR)/Header $(MAGIC_DIR)/Localstuff $(EXTRA_DIST)
|
2008-04-14 19:32:36 +02:00
|
|
|
|
+ cat /dev/null > $@
|
|
|
|
|
+ for frag in $(EXTRA_DIST); do \
|
2010-02-05 17:16:36 +01:00
|
|
|
|
+ if test -f $(srcdir)/$$frag; then \
|
|
|
|
|
+ f=$(srcdir)/$$frag; \
|
|
|
|
|
+ else \
|
|
|
|
|
+ f=$$frag; \
|
|
|
|
|
+ fi; \
|
|
|
|
|
+ cat $$f; \
|
2008-04-14 19:32:36 +02:00
|
|
|
|
+ done >> $@
|
|
|
|
|
|
|
|
|
|
# FIXME: Build file natively as well so that it can be used to compile
|
2011-08-23 16:56:34 +02:00
|
|
|
|
# the target's magic file; for now we bail if the local version does not match
|
|
|
|
|
@@ -251,19 +263,22 @@ FILE_COMPILE = $(top_builddir)/src/file
|
2009-05-06 18:38:39 +02:00
|
|
|
|
FILE_COMPILE_DEP = $(FILE_COMPILE)
|
2008-04-14 19:32:36 +02:00
|
|
|
|
endif
|
|
|
|
|
|
2009-05-06 18:38:39 +02:00
|
|
|
|
-${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP)
|
2011-06-14 19:53:47 +02:00
|
|
|
|
- @rm -fr magic
|
2010-02-05 17:16:36 +01:00
|
|
|
|
- @mkdir magic && cp -p $(EXTRA_DIST) magic
|
2011-08-23 16:56:34 +02:00
|
|
|
|
- @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \
|
|
|
|
|
- echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \
|
|
|
|
|
- else \
|
|
|
|
|
- v=$$(file --version | sed -e s/file-// -e q); \
|
|
|
|
|
- if [ "$$v" != "${PACKAGE_VERSION}" ]; then \
|
|
|
|
|
- echo "Cannot use the installed version of file ($$v) to"; \
|
|
|
|
|
- echo "cross-compile file ${PACKAGE_VERSION}"; \
|
|
|
|
|
- echo "Please install file ${PACKAGE_VERSION} locally first"; \
|
|
|
|
|
- exit 1; \
|
|
|
|
|
- fi; \
|
|
|
|
|
- fi)
|
2010-02-05 17:16:36 +01:00
|
|
|
|
- $(FILE_COMPILE) -C -m magic
|
|
|
|
|
- @rm -fr magic
|
2009-05-06 18:38:39 +02:00
|
|
|
|
+${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP) $(RAW)
|
2008-04-14 19:32:36 +02:00
|
|
|
|
+ $(FILE_COMPILE) -C -m $(RAW)
|
2011-08-23 16:56:34 +02:00
|
|
|
|
+
|
|
|
|
|
+#${MAGIC}: $(EXTRA_DIST) $(FILE_COMPILE_DEP)
|
|
|
|
|
+# @rm -fr magic
|
|
|
|
|
+# @mkdir magic && cp -p $(EXTRA_DIST) magic
|
|
|
|
|
+# @(if expr "${FILE_COMPILE}" : '.*/.*' > /dev/null; then \
|
|
|
|
|
+# echo "Using ${FILE_COMPILE} to generate ${MAGIC}" > /dev/null; \
|
|
|
|
|
+# else \
|
|
|
|
|
+# v=$$(file --version | sed -e s/file-// -e q); \
|
|
|
|
|
+# if [ "$$v" != "${PACKAGE_VERSION}" ]; then \
|
|
|
|
|
+# echo "Cannot use the installed version of file ($$v) to"; \
|
|
|
|
|
+# echo "cross-compile file ${PACKAGE_VERSION}"; \
|
|
|
|
|
+# echo "Please install file ${PACKAGE_VERSION} locally first"; \
|
|
|
|
|
+# exit 1; \
|
|
|
|
|
+# fi; \
|
|
|
|
|
+# fi)
|
|
|
|
|
+# $(FILE_COMPILE) -C -m magic
|
|
|
|
|
+# @rm -fr magic
|
2006-12-19 00:15:53 +01:00
|
|
|
|
--- src/Makefile.am
|
2011-06-14 19:53:47 +02:00
|
|
|
|
+++ src/Makefile.am 2008-04-14 15:14:56.000000000 +0000
|
2006-12-19 00:15:53 +01:00
|
|
|
|
@@ -1,4 +1,4 @@
|
2008-04-14 19:32:36 +02:00
|
|
|
|
-MAGIC = $(pkgdatadir)/magic
|
|
|
|
|
+MAGIC = $(sysconfdir)/magic:$(pkgdatadir)/magic
|
2006-12-19 00:15:53 +01:00
|
|
|
|
lib_LTLIBRARIES = libmagic.la
|
|
|
|
|
include_HEADERS = magic.h
|
2009-05-06 18:38:39 +02:00
|
|
|
|
|
2006-12-19 00:15:53 +01:00
|
|
|
|
--- src/dcore.c
|
2011-06-14 19:53:47 +02:00
|
|
|
|
+++ src/dcore.c 2006-03-27 11:29:19.000000000 +0000
|
2006-12-19 00:15:53 +01:00
|
|
|
|
@@ -0,0 +1,207 @@
|
|
|
|
|
+/*
|
|
|
|
|
+ * Show goo about ELF core files
|
|
|
|
|
+ * Jeremy Fitzhardinge <jeremy@zip.com.au> 1996
|
|
|
|
|
+ */
|
|
|
|
|
+#include <unistd.h>
|
|
|
|
|
+#include <fcntl.h>
|
|
|
|
|
+#include <stdlib.h>
|
|
|
|
|
+#include <stdio.h>
|
|
|
|
|
+#include <sys/types.h>
|
|
|
|
|
+#include <string.h>
|
|
|
|
|
+#if defined __GLIBC__ && __GLIBC__ >= 2
|
|
|
|
|
+#include <elf.h>
|
|
|
|
|
+#include <sys/procfs.h>
|
|
|
|
|
+# ifndef NT_PRFPREG
|
|
|
|
|
+# define NT_PRFPREG 2
|
|
|
|
|
+# endif
|
|
|
|
|
+# ifndef NT_TASKSTRUCT
|
|
|
|
|
+# define NT_TASKSTRUCT 4
|
|
|
|
|
+# endif
|
|
|
|
|
+#else
|
|
|
|
|
+#include <linux/elf.h>
|
|
|
|
|
+#include <linux/elfcore.h>
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
+static void fperror(const char *str)
|
|
|
|
|
+{
|
|
|
|
|
+ perror(str);
|
|
|
|
|
+ exit(1);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+static size_t myread(int fd, void *buf, size_t sz)
|
|
|
|
|
+{
|
|
|
|
|
+ size_t ret;
|
|
|
|
|
+
|
|
|
|
|
+ if ((ret = read(fd, buf, sz)) != sz)
|
|
|
|
|
+ fperror("read failed");
|
|
|
|
|
+ return ret;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+static void print_prstatus(const prstatus_t *pr)
|
|
|
|
|
+{
|
|
|
|
|
+ unsigned i;
|
|
|
|
|
+ static const char *regs[] = { "ebx", "ecx", "edx", "esi", "edi", "ebp",
|
|
|
|
|
+ "eax", "ds", "es", "fs", "gs",
|
|
|
|
|
+ "orig_eax", "eip", "cs",
|
|
|
|
|
+ "efl", "uesp", "ss"};
|
|
|
|
|
+
|
|
|
|
|
+ printf(" pid=%d ppid=%d pgrp=%d sid=%d\n",
|
|
|
|
|
+ pr->pr_pid, pr->pr_ppid, pr->pr_pgrp, pr->pr_sid);
|
|
|
|
|
+ for(i = 0; i < NGREG; i++)
|
|
|
|
|
+ {
|
|
|
|
|
+ unsigned long val = pr->pr_reg[i];
|
|
|
|
|
+ printf(" %-2u %-5s=%08lx %lu\n", i, regs[i], val, val);
|
|
|
|
|
+ }
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+static void print_prpsinfo(const prpsinfo_t *ps)
|
|
|
|
|
+{
|
|
|
|
|
+ printf(" uid=%d gid=%d\n", ps->pr_uid, ps->pr_gid);
|
|
|
|
|
+ printf(" comm=%s\n", ps->pr_fname);
|
|
|
|
|
+ printf(" psargs=%s\n", ps->pr_psargs);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+#define roundup(x, y) ((((x)+((y)-1))/(y))*(y))
|
|
|
|
|
+
|
|
|
|
|
+static void do_note(int fd, Elf32_Phdr *phdr)
|
|
|
|
|
+{
|
|
|
|
|
+ off_t here = lseek(fd, 0, SEEK_CUR);
|
|
|
|
|
+ int size = phdr->p_filesz;
|
|
|
|
|
+ char *raw = alloca(size), *end;
|
|
|
|
|
+ end = raw+size;
|
|
|
|
|
+
|
|
|
|
|
+ lseek(fd, phdr->p_offset, SEEK_SET);
|
|
|
|
|
+ myread(fd, raw, size);
|
|
|
|
|
+
|
|
|
|
|
+ while(raw < end)
|
|
|
|
|
+ {
|
|
|
|
|
+ Elf32_Nhdr *note = (Elf32_Nhdr *)raw;
|
|
|
|
|
+ const char *str;
|
|
|
|
|
+ const char *name, *desc;
|
|
|
|
|
+
|
|
|
|
|
+ raw += sizeof(*note);
|
|
|
|
|
+ name = raw;
|
|
|
|
|
+ raw += roundup(note->n_namesz, sizeof(long));
|
|
|
|
|
+ desc = raw;
|
|
|
|
|
+ raw += roundup(note->n_descsz, sizeof(long));
|
|
|
|
|
+
|
|
|
|
|
+ printf(" name=%.*s", (int)note->n_namesz, name);
|
|
|
|
|
+
|
|
|
|
|
+ if(strncmp(name, "CORE", note->n_namesz) != 0)
|
|
|
|
|
+ {
|
|
|
|
|
+ printf("\n");
|
|
|
|
|
+ continue;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ switch(note->n_type)
|
|
|
|
|
+ {
|
|
|
|
|
+#define X(x) case x: str = #x; break;
|
|
|
|
|
+ X(NT_PRSTATUS);
|
|
|
|
|
+ X(NT_PRFPREG);
|
|
|
|
|
+ X(NT_PRPSINFO);
|
|
|
|
|
+ X(NT_TASKSTRUCT);
|
|
|
|
|
+#undef X
|
|
|
|
|
+ default:
|
|
|
|
|
+ str = "???";
|
|
|
|
|
+ }
|
|
|
|
|
+ printf(" n_type=%s n_descsz=%ld\n",
|
|
|
|
|
+ str, note->n_descsz);
|
|
|
|
|
+ switch(note->n_type)
|
|
|
|
|
+ {
|
|
|
|
|
+ case NT_PRSTATUS:
|
|
|
|
|
+ print_prstatus((prstatus_t *)desc);
|
|
|
|
|
+ break;
|
|
|
|
|
+ case NT_PRPSINFO:
|
|
|
|
|
+ print_prpsinfo((prpsinfo_t *)desc);
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+ }
|
|
|
|
|
+ lseek(fd, here, SEEK_SET);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+int main(int argc, char *argv[])
|
|
|
|
|
+{
|
|
|
|
|
+ int fd;
|
|
|
|
|
+ Elf32_Ehdr elf;
|
|
|
|
|
+ int i;
|
|
|
|
|
+
|
|
|
|
|
+ if (argc != 2)
|
|
|
|
|
+ {
|
|
|
|
|
+ fprintf(stderr, "Usage: %s corefile\n", argv[0]);
|
|
|
|
|
+ exit(1);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if ((fd = open(argv[1], O_RDONLY)) == -1)
|
|
|
|
|
+ fperror("open of core");
|
|
|
|
|
+
|
|
|
|
|
+ myread(fd, &elf, sizeof(elf));
|
|
|
|
|
+
|
|
|
|
|
+ if (memcmp(ELFMAG, elf.e_ident, SELFMAG) != 0)
|
|
|
|
|
+ printf("bad magic\n");
|
|
|
|
|
+
|
|
|
|
|
+ if (elf.e_ident[EI_CLASS] != ELFCLASS32)
|
|
|
|
|
+ printf("wrong class\n");
|
|
|
|
|
+
|
|
|
|
|
+ if (elf.e_ident[EI_DATA] != ELFDATA2LSB)
|
|
|
|
|
+ printf("wrong endianess\n");
|
|
|
|
|
+
|
|
|
|
|
+ if (elf.e_ident[EI_VERSION] != EV_CURRENT)
|
|
|
|
|
+ printf("wrong version\n");
|
|
|
|
|
+
|
|
|
|
|
+ {
|
|
|
|
|
+ const char *str;
|
|
|
|
|
+ switch(elf.e_type)
|
|
|
|
|
+ {
|
|
|
|
|
+#define C(x) case ET_##x: str = #x; break;
|
|
|
|
|
+ C(NONE);
|
|
|
|
|
+ C(REL);
|
|
|
|
|
+ C(EXEC);
|
|
|
|
|
+ C(DYN);
|
|
|
|
|
+ C(CORE);
|
|
|
|
|
+#undef C
|
|
|
|
|
+ default: str = "???"; break;
|
|
|
|
|
+ }
|
|
|
|
|
+ printf("elf file type ET_%s\n", str);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ if (elf.e_machine != EM_386 && elf.e_machine != EM_486)
|
|
|
|
|
+ printf("not i386 or i486\n");
|
|
|
|
|
+
|
|
|
|
|
+ if (elf.e_ehsize != sizeof(elf))
|
|
|
|
|
+ printf("wrong header size\n");
|
|
|
|
|
+
|
|
|
|
|
+ if (elf.e_phentsize != sizeof(Elf32_Phdr))
|
|
|
|
|
+ printf("wrong phdr size\n");
|
|
|
|
|
+
|
|
|
|
|
+ if (lseek(fd, elf.e_phoff, SEEK_SET) != (off_t)elf.e_phoff)
|
|
|
|
|
+ fperror("lseek to phdr failed\n");
|
|
|
|
|
+
|
|
|
|
|
+ for(i = 0; i < elf.e_phnum; i++)
|
|
|
|
|
+ {
|
|
|
|
|
+ Elf32_Phdr phdr;
|
|
|
|
|
+ const char *str;
|
|
|
|
|
+
|
|
|
|
|
+ myread(fd, &phdr, sizeof(phdr));
|
|
|
|
|
+ switch(phdr.p_type)
|
|
|
|
|
+ {
|
|
|
|
|
+#define C(x) case PT_##x: str = #x; break;
|
|
|
|
|
+ C(NULL);
|
|
|
|
|
+ C(LOAD);
|
|
|
|
|
+ C(DYNAMIC);
|
|
|
|
|
+ C(INTERP);
|
|
|
|
|
+ C(NOTE);
|
|
|
|
|
+ C(SHLIB);
|
|
|
|
|
+ C(PHDR);
|
|
|
|
|
+#undef C
|
|
|
|
|
+ default:
|
|
|
|
|
+ str = "???"; break;
|
|
|
|
|
+ }
|
|
|
|
|
+ printf("type PT_%s off=%ld vaddr=%lx filesz=%ld flags=%lx\n",
|
|
|
|
|
+ str, phdr.p_offset, phdr.p_vaddr, phdr.p_filesz,
|
|
|
|
|
+ (unsigned long)phdr.p_flags);
|
|
|
|
|
+ if (phdr.p_type == PT_NOTE)
|
|
|
|
|
+ do_note(fd, &phdr);
|
|
|
|
|
+ }
|
|
|
|
|
+ exit(0);
|
|
|
|
|
+}
|
|
|
|
|
+
|