Solved

Creative use of core dump

Posted on 1998-11-16
10
267 Views
Last Modified: 2010-04-15
We ha a quota sytem on the unix machines at our school, but after getting an 8 mb core dump today I noticed that the core dump didn't affect my quota. I was thinking of making a two part program to be able to temporarily store large files on my user, not because I need it but because it would be fun to se if it's possible
Part 1 reads a file into the memory and forces a core dump
Part 2 extracts the file from the core dump
Does anyone have any pointers how to achieve this?
I've programmed c alot, but I don't know much about core dumps.
0
Comment
Question by:skyflash
10 Comments
 
LVL 10

Expert Comment

by:rbr
ID: 1254310
Strange idea but I'm quite interested too if somebody had a solution.
0
 
LVL 86

Expert Comment

by:jkr
ID: 1254311
Well, usually core dumps are read by a debugger using a certain command line switch (can't check wich one at the moment as i'm sitting at a NT box ;-)
But as the sources for e.g. gdb are available, it should be no problem to isolate the routines that read the core dump (or even better, document the format) - just see 'http://www.fsf.org/order/ftp.html' for a list of ftp servers and download gdb-4.1.6.tar.gz or gdb-4.1.7.tar.gz
0
 
LVL 1

Expert Comment

by:Staplehead
ID: 1254312
not to be a putz, but i'm assuming that you did the "obvious" (?) check to see that it's not just seeing that the file name is "core" and the permissions are set in a given way?

Larry
0
 
LVL 1

Author Comment

by:skyflash
ID: 1254313
Well sure I could take a look at the gdb source as well as I could take a look at some operating system sources (eg. linux) which generates a core dump but it would be rather time consuming documenting the core dump format. I mean these sources does probably do a lot more with the core dump than I need to do. There has to be some core dump specification out there already.

And regarding Larry's comment, I have tried to create a file with the name "core" and (as I expected) it affected my quota so it's not the name but how the file is created/stored that affect the quota.
0
 
LVL 1

Expert Comment

by:Staplehead
ID: 1254314
skyflash,

you've checked whether there's anything "magic" about the name, but not the permissions...

Try renaming "core" and check whether your used quota changes.  List it with "ls -l" and then create a file, maybe named "notcore" (!); use chmod, chown, and chgrp to set its permissions the same as core. finally, rename one of your files to "core", setting permissions, etc....

Larry
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 1

Author Comment

by:skyflash
ID: 1254315
I haven't found anything "magical" about name or permissions :(
But I found the specification below, I guess I only need to extract c_dsize bytes directly after the struct. I will probably get some other stuff in data too, but hopefully that part will look identically everytime I run my program so I can remove it easily

The core file consists of a core structure, followed by the data pages and then the stack pages of the process image.
struct core {
  int  c_magic;  /* Corefile magic number */
  int  c_len;    /* Sizeof (struct core) */
  struct regs c_regs;/* General purpose registers */
  struct exec c_aouthdr;/* A.out header */
  int  c_signo;  /* Killing signal, if any */
  int  c_tsize;  /* Text size (bytes) */
  int  c_dsize;  /* Data size (bytes) */
  int  c_ssize;  /* Stack size (bytes) */
  char c_cmdname[CORE_NAMELEN+1]; /* Command name */
  struct fpu c_fpu;/* external FPU state */
  int  c_ucode;  /* Exception no. from u_code */
};
0
 
LVL 1

Expert Comment

by:canacar
ID: 1254316
Well, how about this ...

since the core sump contains the memory image,
create a large array
fill with your data
put a signature before it (a sequence of bytes that will signify
the start of data) make sure that the sequence is not anywhere
inside the program (so you cannot hard-code the signature into
the program but have to create it on the fly.)

write rest of data
then cause a core dump

search for sýgnature on the coredump ...

note: if a dynamically allocated array wont work, you can try allocating a global array (int data[8M]) ...


0
 
LVL 1

Author Comment

by:skyflash
ID: 1254317
Yeah, that sounds reasonable. I'll add expected nymber of bytes to the signature also because it might be some trashdata in the end also
0
 
LVL 3

Accepted Solution

by:
elfie earned 200 total points
ID: 1254318
Do you want your program to make a core file?

Just program this

char *ptr = NULL;
ptr[-1] = 0;

This is the code we use to generate a 'core dump'

0
 
LVL 1

Author Comment

by:skyflash
ID: 1254319
I guess the points should have been divided between several people but that's not possible so I accept the answer to get rid of the question now.

Btw I think its nicer to just send a SIGSEGV signal instead of making the assignment ptr[-1]=0. Of course, I need more code to do it :(

0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use nested-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand how to create, access, and change arrays in the C programming language.

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now