TechQA.

How to find structure member memory address from dwarf debug information?

424 views Asked by At

I'm trying to find structure member memory address(Non Virtual Memory, embedded) from dwarf.

And there's two things i don't understand.

First, In below dwarf Info1 DW_AT_location value = [3, 192, 63, 2, 128].

According to dwarf standards, [192, 63, 2, 128] is a address which encoded unsigned LEB128 and little endian.

But when i check this structure variable memory adress using other third party software, memory address is 0x80023fc0.

It means [192, 63, 2, 128] is not encoded unsigned LEB128, but it just little endian decimal.

Please explain why it happens.(i parse dwarf information using python elftools module)

DIE DW_TAG_variable, size=37, has_children=False
    |DW_AT_name        :  AttributeValue(name='DW_AT_name', form='DW_FORM_string', value=b'apCalVariant_Appl_LCS', raw_value=b'apCalVariant_Appl_LCS', offset=26734224)
    |DW_AT_decl_file   :  AttributeValue(name='DW_AT_decl_file', form='DW_FORM_udata', value=38, raw_value=38, offset=26734246)
    |DW_AT_decl_line   :  AttributeValue(name='DW_AT_decl_line', form='DW_FORM_udata', value=8, raw_value=8, offset=26734247)
    |DW_AT_decl_column :  AttributeValue(name='DW_AT_decl_column', form='DW_FORM_udata', value=24, raw_value=24, offset=26734248)
    |DW_AT_type        :  AttributeValue(name='DW_AT_type', form='DW_FORM_ref_addr', value=6023079, raw_value=6023079, offset=26734249)
    |DW_AT_external    :  AttributeValue(name='DW_AT_external', form='DW_FORM_flag', value=True, raw_value=1, offset=26734253)
    |DW_AT_location    :  AttributeValue(name='DW_AT_location', form='DW_FORM_block', value=[3, 192, 63, 2, 128], raw_value=[3, 192, 63, 2, 128], offset=26734254)

Second, In below dwarf Information there are two structure members with DW_AT_data_member_location = [35, 196, 1], [35, 144, 2].

This structure members is member of first question structure variable. (1) k_u16_LCS_VarStrTq_1En2Nm(address : 0x80024084), (2) k_s16_LCS_LacDeActvLatestCtrlLine_LCHold_1En3m(address : 0x800240D0).

I don't understand what DW_AT_data_member_location value is stands for.

k_u16_LCS_VarStrTq_1En2Nm address is structure start address(0x80023fc0) + 196(0xC4).

But k_s16_LCS_LacDeActvLatestCtrlLine_LCHold_1En3m address is not structure start address(0x80023fc0) + 144(0x90) = 0x80024050.

DIE DW_TAG_member, size=36, has_children=False
    |DW_AT_name        :  AttributeValue(name='DW_AT_name', form='DW_FORM_string', value=b'k_u16_LCS_VarStrTq_1En2Nm', raw_value=b'k_u16_LCS_VarStrTq_1En2Nm', offset=5215310)
    |DW_AT_type        :  AttributeValue(name='DW_AT_type', form='DW_FORM_ref4', value=312, raw_value=312, offset=5215336)
    |DW_AT_byte_size   :  AttributeValue(name='DW_AT_byte_size', form='DW_FORM_udata', value=2, raw_value=2, offset=5215340)
    |DW_AT_data_member_location:  AttributeValue(name='DW_AT_data_member_location', form='DW_FORM_block', value=[35, 196, 1], raw_value=[35, 196, 1], offset=5215341)

DIE DW_TAG_member, size=57, has_children=False
    |DW_AT_name        :  AttributeValue(name='DW_AT_name', form='DW_FORM_string', value=b'k_s16_LCS_LacDeActvLatestCtrlLine_LCHold_1En3m', raw_value=b'k_s16_LCS_LacDeActvLatestCtrlLine_LCHold_1En3m', offset=5216696)
    |DW_AT_type        :  AttributeValue(name='DW_AT_type', form='DW_FORM_ref4', value=283, raw_value=283, offset=5216743)
    |DW_AT_byte_size   :  AttributeValue(name='DW_AT_byte_size', form='DW_FORM_udata', value=2, raw_value=2, offset=5216747)
    |DW_AT_data_member_location:  AttributeValue(name='DW_AT_data_member_location', form='DW_FORM_block', value=[35, 144, 2], raw_value=[35, 144, 2], offset=5216748)

Please explain what DW_AT_data_member_location means and how can i calculate structure member addresss using it.

In advanced, Thank you for all you guys.

python memory elf dwarf pyelftools
Original Q&A
1

There are 1 answers

0
Seva Alekseyev On

The value of DW_AT_location of form DW_FORM_block is a DWARF expression. So are DW_AT_data_member_location values. Read up on DWARF expressions.

Related Questions in PYTHON

Related Questions in MEMORY

Related Questions in ELF

Related Questions in DWARF

Related Questions in PYELFTOOLS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions