3

I am looking for manually generating an ELF Core Dump file.

I have a RAM dump from my program, and can also retrieve register informations and so on.

With this data, I would like to build an ELF core dump file, similar as those generated by Linux kernel when a program crashes, the goal would be to analyse this core dump with a GDB specifically made for my platform.

I have been looking for core dumps specifications or detailed format, but did not find what I wanted :

  • What sections does my core dump file does require ?
  • How are they organized into the ELF container ?
  • How do I go from having a binary RAM dump (+ registers values) to a core dump like file.

This must preferably be done in C, I thought I could use the libelf library to help me build the file, but I did not found relevant information about what to put in that file, and in which format, so any clue, link or advice is welcomed.

Note : This is not about raising exceptions and have the job done by the kernel for me, I can do that, but I really need to gather myself the RAM and register data manually into an elf core dump.

Thanks !

ks1322
  • 33,961
  • 14
  • 109
  • 164
d6bels
  • 1,432
  • 2
  • 18
  • 30
  • Other informations about this subject, especially about the Note section can be found at http://stackoverflow.com/questions/17972945/core-dump-note-section – d6bels Aug 01 '13 at 11:42

1 Answers1

6

I am looking for manually generating an ELF Core Dump file.

Just use Google elf userspace coredumper, it does exactly that.

I want to build my core dump, not implement it directly into my software

There is no existing program (that I know of) that can do that. Chances are, you'll have to write one from scratch, or adapt some other program.

There are two programs that can write a core dump from userspace -- the above userspace coredumper, and GDB (via gcore command). I expect that adapting Google coredumper would be much easier than adapting GDB.

Should you decide to write one from scratch, you can still read the Google coredumper source to figure out what it is you must write to the core.

Employed Russian
  • 199,314
  • 34
  • 295
  • 362
  • Thanks, this helps, but still I would like to build my core dump after the program has crash. This is for an autopsy purpose. I have some mechanisms dumping RAM and register when the program crashes. It is only after that, ie post-mortem, that I want to build my core dump, not implement it directly into my software. – d6bels Jul 26 '13 at 07:37
  • Thanks, I guess I will be writing my own then ! – d6bels Jul 29 '13 at 07:11