elf core dump - reading NT_PRPSINFO

elf core dump - reading NT_PRPSINFO

[Fredrick]

Hi,

$ readelf -n core

Notes at offset 0x00000274 with length 0x000004c0:
   Owner		Data size	Description
   CORE		0x00000090	NT_PRSTATUS (prstatus structure)
   CORE		0x0000007c	NT_PRPSINFO (prpsinfo structure)
   CORE		0x000000a0	NT_AUXV (auxiliary vector)
   CORE		0x0000006c	NT_FPREGSET (floating point registers)
   LINUX		0x00000200	NT_PRXFPREG (user_xfpregs structure)
   LINUX		0x00000030	Unknown note type: (0x00000200)


Does anyone know how to read this NT_PRPSINFO ?
Is hexdump the only way to decode this?
Are there any tools to dump this data ?

Thanks,
Fredrick

elf core dump - reading NT_PRPSINFO

[Mulyadi Santosa]

Hi :)

On Fri, Jan 20, 2012 at 13:57, Fredrick <fjohnber@zoho.com> wrote:
> Hi,
>
> $ readelf -n core

is that "core" a core dump?

> Does anyone know how to read this NT_PRPSINFO ?
> Is hexdump the only way to decode this?
> Are there any tools to dump this data ?

if it is indeed core dump, I think simply pass it to gdb, e.g:
gdb <program elf binary> <the above core name>
and start playing with it e.g dumping stack trace.

NB: IMHO NT_PRPSINFO is just a section that describes the VMAs of the
crashed program. Quite likely an ELF documentation will mention about
it. Try googling...
-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com

elf core dump - reading NT_PRPSINFO

[Fredrick]

Sorry for not clearly specifying.

Yes "core" is a core dump file.

I see that fs/binfmt_elf.c does put information about the process
that cored in a ".note" elf section as NT_PRPSINFO.

Is there a standard tool to dump this information?
Tried googling, could nt find anything :(.

-Fredrick

On 01/21/2012 09:45 AM, Mulyadi Santosa wrote:
> Hi :)
>
> On Fri, Jan 20, 2012 at 13:57, Fredrick<fjohnber@zoho.com>  wrote:
>> Hi,
>>
>> $ readelf -n core
>
> is that "core" a core dump?
>
>> Does anyone know how to read this NT_PRPSINFO ?
>> Is hexdump the only way to decode this?
>> Are there any tools to dump this data ?
>
> if it is indeed core dump, I think simply pass it to gdb, e.g:
> gdb<program elf binary>  <the above core name>
> and start playing with it e.g dumping stack trace.
>
> NB: IMHO NT_PRPSINFO is just a section that describes the VMAs of the
> crashed program. Quite likely an ELF documentation will mention about
> it. Try googling...

elf core dump - reading NT_PRPSINFO

[Mulyadi Santosa]

Hi...

On Tue, Jan 24, 2012 at 01:06, Fredrick <fjohnber@zoho.com> wrote:
> Sorry for not clearly specifying.
>
> Yes "core" is a core dump file.
>
> I see that fs/binfmt_elf.c does put information about the process
> that cored in a ".note" elf section as NT_PRPSINFO.
>
> Is there a standard tool to dump this information?
> Tried googling, could nt find anything :(.

have you tried elfdump? sorry can't help much about it...

-- 
regards,

Mulyadi Santosa
Freelance Linux trainer and consultant

blog: the-hydra.blogspot.com
training: mulyaditraining.blogspot.com