[Dwarf-Discuss] security implications of DWARF info
Wed Nov 24 22:56:55 GMT 2010
On 11/24/2010 07:34 AM, James Oakley wrote:
> You and I disagree about security through obscurity, but this list is
> not the place for that discussion.
> > However, I'm not familiar with libraries for
> > writing/generating/modifying DWARF files. I checked the FAQ today;
> > the entries are empty.
> libdwarf (http://reality.sgiweb.org/davea/dwarf.html) is a library for
> reading and modifying DWARF information. There's outdated
> documentation for the consumer part of the library at
> There's a pdf with some documentation about the producer part of the
> library somewhere as well, but I can't find the link at the moment.
> There may be better/more current documentation.
The latest libdwarf/dwarfdump source distribution always has the latest
doc, in .mm and .pdf forms.
Libdwarf is not a library like typical DOM xml access libraries. DOM
access typically allows
reading xml into a tree in memory and modifying the tree in-situ and
writing it back out.
Libdwarf was conceived (in ~1991) as a tool for compiler-writers and
debuggers (as separate tasks). So the consumer
and producer code are totally separate headers and functions (but
one archive or shared-library). It is not easy to unify the
as libdwarf is written. There is the beginnings of a read/write tool
(dwarfgen) in recent libdwarf releases,
but it is just a beginning, a hint.
The only other read/write tool using libdwarf that I recall seeing is
intended to gather the type data from numerous kernel .o files and
condense it into a single .o
with no type duplications (Written by Cliff Wickman when we were both
at SGI, open sourced
by SGI in 2005).
A version of dwarfextract is in the testsuite release (on same dwarf.h
web page, but separate
Thank God men cannot as yet fly and lay waste the sky as well as the earth! -- Henry David Thoreau
More information about the Dwarf-discuss