Reading the symbol table of the currently running executable
David Goodenough
dg at lakart.UUCP
Sat Sep 2 03:14:25 AEST 1989
bcn at cs.washington.edu (Clifford Neuman) asks:
> Does anyone know how to read the symbol table of a program from within
> that program itself? More precisely, from within a procedure in a
> library which was used in linking the executable. The simplest way is
> to read the symbol table from the executable. Unfortunately, I might
> not know the name of the executable. I can solve my problem in any of
> several ways, and I would appreciate suggested solutions to any of
> these problems.
This is fairly grotesque, but it might just work:
int cpid;
char pidbuf[10];
sprintf(pidbuf, "%d", getpid());
if ((cpid = vfork()) == -1)
{
bitch and complain - the fork failed
}
else if (cpid == 0)
{
/* child thread */
sleep(1) /* snooze a while to make sure parent is
* in the wait */
execl("/usr/ucb/gcore", "gcore", pidbuf, 0);
bitch and complain - the execl failed
}
else
wait(0); /* wait for child to do it's bit */
/* now you have a core image in file core.pidbuf. Take nm to it,
* open it and do nlist on it, whatever */
It does assume you have gcore, which living in /usr/ucb may be a beserkley
enhancement. Still, it is possible to achieve the equivalent by opening
/dev/mem (you can set this to run effective uid 0 right :-) ), seeking
and reading, it's just a bit of an art to know where to go, and how much
to grab.
--
dg at lakart.UUCP - David Goodenough +---+
IHS | +-+-+
....... !harvard!xait!lakart!dg +-+-+ |
AKA: dg%lakart.uucp at xait.xerox.com +---+
More information about the Comp.unix.wizards
mailing list