Reputation: 5500
Extract Structure definitions from executable
I need to extract structure definitions from an executable. How can I do that? I read we can do it using ELF, but not sure how to do this. Any help here?
Upvotes: 2
Views: 2720
Answers (2)
Reputation: 213385
I read we can do it using ELF, but not sure how to do this.
What you probably read is that if a binary contains debug info, then the types of variables, structures, and great many other kinds of info can be extracted from that binary.
This isn't specific to ELF: many other executable formats (such as COFF) allow for embedding of debugging info as well.
Further, the format of that debugging info is different between different platforms. Some of the common UNIX ones are DWARF and STABS (with DWARF being more recent and much more powerful).
If you have an ELF binary, and you suspect that it may contain DWARF debug info, you can decode it using readelf -wi a.out (be prepared for there to be a lot of info, if any is present at all). objdump -g can be used to decode STABS (recent objdump versions can decode DWARF as well).
Or, as suggested by tristan, you can load the executable into GDB and use info types and ptype commands.
If the binary doesn't contain debug info, then DrPrItay's answer is correct: you can't easily recover structure definitions from it. However, you still can recover them by using reverse-engineering techniques. For example, many struct definitions used by the Wine project (example) were obtained by such techniques.
Upvotes: 4
Reputation: 838
As much as I know, you can't. c / c++ programs are not like java, structs dont gain a symbol. Their just definitions for your compiler about how to align and pack variables within stack frames or some other memory (struct data members). For example unlike java you dont have what resembles class loading when loading shared objects's (no header file included within your c program ) you can only load global variables and functions. Defining a struct is much as creating some data type, it's definition should be only present for compilation, you dont get a symbol within the symtable for int or char then why should you for some struct? It simply makes no sense. Symbols aee soley meant for objects that your compiler doesn't recognize during compilation - link time/load time/run time
Upvotes: -1
Related Questions
- Obtain source using debugging symbols
- How to extract symbol name from ELF file for a given offset
- extract source code from ELF with debug symbols
- Can someone help to know how to extract structure information from DW_TAG_structure_type from .debug_info file?
- How to extract function names from a library / binary
- Trace32 command to read symbol contents from ELF file
- Extract detailed symbol information (struct members) from elf file compiled with ARM-GCC
- extract debug symbol info from elf binary
- Determining symbol addresses using binutils/readelf
- How can I know what type of debug info is in an ELF object file?