Dan Karron@UCBVAX.BERKELEY.EDU (02/08/91)
You can anon ftp Symboltin.tar from my anonymous account. This is a program that reads the symbol table of itself or another program and then 'knows' something about the structures, typedefs, unions and other user defined c types and something about the addresses of these things. The code if far from finished, but it's main goal is to dump an arbitrary c structure in a form that can be recompiled and have the values in the structure at dump time. Sort of a printf statment that knows what you hand it, and it formats its output into recompilable C. It knows all static addresses, and if someone wants, I can finish the stack map so it can know for itself a map of its own stack addresses. Don't expect that to have any meaning external to the program, as the stack is too volatile viewed from another async process for any addresses in it to have much meaning. This program uses the mips/third-eye symbol table, and I have cracked it so I would not need to build a parallel compiler/parser for c structures. There was no documentation except for a few include files and the help of Dave Anderson at sgi. This program can be considered to constitute sample code that is worth much more than any documentation. It even works. In that same spirit, there is no documentation for this program, yet. I expect to change it too much to pin my self down at this point. If you want to know more, please write me and my feeble attempts to explain will become documentation. What does it do: SYNOPSIS: Symboltin [-p PID|-r PROGRAM_TO_RUN ] executable_compiled_with-g address symbol -p PID : PID of a running program that can be expected to remain active while this program attaches to it. Symboltin can only read values from another program or itself at this time. -r PROGRAM_TO_RUN: A program which will be launched by Symboltin and then Symboltin will attach to the child forked process address space. Killing Symboltin will kill the child program. executable_compiled_with-g : A target program. In order for it to have a symbol table, it must be compiled with the -g or -g{1,2,3} flag. address: If your argument is formated like a 0x1000000 hex number, it will attempt to look up the value at that address. If you don't specify a PID, it will look at itself for the value. If you specify a PID, it will look in that process'es memory space and return that value formated for the object that templates that address. This includes structs, but does not include any pointers into the heap at this time. I will eventually get it to undstand pointers to the Text area, for translating proc addresses to symbols in another PID. With simple mods it can do proc address->symbol for its own process space via the run time proc facility from mips. Eventually, I will get it to understand address/symbol pairs, so if you want to lookup the value of MyStructTag at 0x100000ff, you will get a complete recitation in C of the values there templated by MyStructTag. If your argument is a non numeric character string, it will look up that symbol that matches that string and return a declarator for that symbol. That is the c statment that declares that object. Other args: -D Dump the ANSI declarators for all the symbols in the binary -h Dump the Header files and supress those declarators in the headers -q Dump a skeleton C program recovered from the binary. -S Dump all the statics and their values in C I plan to complete the C structure to Lisp translater very shortly. Since the c structure is COMPLETELY digested by the c compiler symbol table and Symboltin, there is no need to build a parallel compiler/parser to translate a c structure declarator into a lisp spec. Or for that matter, any other mips language. If this makes no sense to you, or you are wondering why on earth I did this, just write me. I don't know how to explain how usefull this can be. +-----------------------------------------------------------------------------+ | karron@nyu.edu (E-mail alias that will always find me) | | Fax: 212 263 7190 * Dan Karron, Research Associate | | . . . . . . . . . . . . . . * New York University Medical Center | | 560 First Avenue \*\ Pager <1> (212) 397 9330 | | New York, New York 10016 \**\ <2> 10896 <3> <your-number-here> | | (212) 263 5210 \***\_________________________________________ | | Main machine: karron.med.nyu.edu (128.122.135.3) IRIS 85GT | +-----------------------------------------------------------------------------+ NOTE PHONE NUMBER CHANGE: The Med Ctr has changed from 340 to 263 exchange.