• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 279
  • Last Modified:

Creative use of core dump

We ha a quota sytem on the unix machines at our school, but after getting an 8 mb core dump today I noticed that the core dump didn't affect my quota. I was thinking of making a two part program to be able to temporarily store large files on my user, not because I need it but because it would be fun to se if it's possible
Part 1 reads a file into the memory and forces a core dump
Part 2 extracts the file from the core dump
Does anyone have any pointers how to achieve this?
I've programmed c alot, but I don't know much about core dumps.
0
skyflash
Asked:
skyflash
1 Solution
 
rbrCommented:
Strange idea but I'm quite interested too if somebody had a solution.
0
 
jkrCommented:
Well, usually core dumps are read by a debugger using a certain command line switch (can't check wich one at the moment as i'm sitting at a NT box ;-)
But as the sources for e.g. gdb are available, it should be no problem to isolate the routines that read the core dump (or even better, document the format) - just see 'http://www.fsf.org/order/ftp.html' for a list of ftp servers and download gdb-4.1.6.tar.gz or gdb-4.1.7.tar.gz
0
 
StapleheadCommented:
not to be a putz, but i'm assuming that you did the "obvious" (?) check to see that it's not just seeing that the file name is "core" and the permissions are set in a given way?

Larry
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

 
skyflashAuthor Commented:
Well sure I could take a look at the gdb source as well as I could take a look at some operating system sources (eg. linux) which generates a core dump but it would be rather time consuming documenting the core dump format. I mean these sources does probably do a lot more with the core dump than I need to do. There has to be some core dump specification out there already.

And regarding Larry's comment, I have tried to create a file with the name "core" and (as I expected) it affected my quota so it's not the name but how the file is created/stored that affect the quota.
0
 
StapleheadCommented:
skyflash,

you've checked whether there's anything "magic" about the name, but not the permissions...

Try renaming "core" and check whether your used quota changes.  List it with "ls -l" and then create a file, maybe named "notcore" (!); use chmod, chown, and chgrp to set its permissions the same as core. finally, rename one of your files to "core", setting permissions, etc....

Larry
0
 
skyflashAuthor Commented:
I haven't found anything "magical" about name or permissions :(
But I found the specification below, I guess I only need to extract c_dsize bytes directly after the struct. I will probably get some other stuff in data too, but hopefully that part will look identically everytime I run my program so I can remove it easily

The core file consists of a core structure, followed by the data pages and then the stack pages of the process image.
struct core {
  int  c_magic;  /* Corefile magic number */
  int  c_len;    /* Sizeof (struct core) */
  struct regs c_regs;/* General purpose registers */
  struct exec c_aouthdr;/* A.out header */
  int  c_signo;  /* Killing signal, if any */
  int  c_tsize;  /* Text size (bytes) */
  int  c_dsize;  /* Data size (bytes) */
  int  c_ssize;  /* Stack size (bytes) */
  char c_cmdname[CORE_NAMELEN+1]; /* Command name */
  struct fpu c_fpu;/* external FPU state */
  int  c_ucode;  /* Exception no. from u_code */
};
0
 
canacarCommented:
Well, how about this ...

since the core sump contains the memory image,
create a large array
fill with your data
put a signature before it (a sequence of bytes that will signify
the start of data) make sure that the sequence is not anywhere
inside the program (so you cannot hard-code the signature into
the program but have to create it on the fly.)

write rest of data
then cause a core dump

search for sýgnature on the coredump ...

note: if a dynamically allocated array wont work, you can try allocating a global array (int data[8M]) ...


0
 
skyflashAuthor Commented:
Yeah, that sounds reasonable. I'll add expected nymber of bytes to the signature also because it might be some trashdata in the end also
0
 
elfieCommented:
Do you want your program to make a core file?

Just program this

char *ptr = NULL;
ptr[-1] = 0;

This is the code we use to generate a 'core dump'

0
 
skyflashAuthor Commented:
I guess the points should have been divided between several people but that's not possible so I accept the answer to get rid of the question now.

Btw I think its nicer to just send a SIGSEGV signal instead of making the assignment ptr[-1]=0. Of course, I need more code to do it :(

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now