skyflash
asked on
Creative use of core dump
We ha a quota sytem on the unix machines at our school, but after getting an 8 mb core dump today I noticed that the core dump didn't affect my quota. I was thinking of making a two part program to be able to temporarily store large files on my user, not because I need it but because it would be fun to se if it's possible
Part 1 reads a file into the memory and forces a core dump
Part 2 extracts the file from the core dump
Does anyone have any pointers how to achieve this?
I've programmed c alot, but I don't know much about core dumps.
Part 1 reads a file into the memory and forces a core dump
Part 2 extracts the file from the core dump
Does anyone have any pointers how to achieve this?
I've programmed c alot, but I don't know much about core dumps.
Strange idea but I'm quite interested too if somebody had a solution.
Well, usually core dumps are read by a debugger using a certain command line switch (can't check wich one at the moment as i'm sitting at a NT box ;-)
But as the sources for e.g. gdb are available, it should be no problem to isolate the routines that read the core dump (or even better, document the format) - just see 'http://www.fsf.org/order/ftp.html' for a list of ftp servers and download gdb-4.1.6.tar.gz or gdb-4.1.7.tar.gz
But as the sources for e.g. gdb are available, it should be no problem to isolate the routines that read the core dump (or even better, document the format) - just see 'http://www.fsf.org/order/ftp.html' for a list of ftp servers and download gdb-4.1.6.tar.gz or gdb-4.1.7.tar.gz
not to be a putz, but i'm assuming that you did the "obvious" (?) check to see that it's not just seeing that the file name is "core" and the permissions are set in a given way?
Larry
Larry
ASKER
Well sure I could take a look at the gdb source as well as I could take a look at some operating system sources (eg. linux) which generates a core dump but it would be rather time consuming documenting the core dump format. I mean these sources does probably do a lot more with the core dump than I need to do. There has to be some core dump specification out there already.
And regarding Larry's comment, I have tried to create a file with the name "core" and (as I expected) it affected my quota so it's not the name but how the file is created/stored that affect the quota.
And regarding Larry's comment, I have tried to create a file with the name "core" and (as I expected) it affected my quota so it's not the name but how the file is created/stored that affect the quota.
skyflash,
you've checked whether there's anything "magic" about the name, but not the permissions...
Try renaming "core" and check whether your used quota changes. List it with "ls -l" and then create a file, maybe named "notcore" (!); use chmod, chown, and chgrp to set its permissions the same as core. finally, rename one of your files to "core", setting permissions, etc....
Larry
you've checked whether there's anything "magic" about the name, but not the permissions...
Try renaming "core" and check whether your used quota changes. List it with "ls -l" and then create a file, maybe named "notcore" (!); use chmod, chown, and chgrp to set its permissions the same as core. finally, rename one of your files to "core", setting permissions, etc....
Larry
ASKER
I haven't found anything "magical" about name or permissions :(
But I found the specification below, I guess I only need to extract c_dsize bytes directly after the struct. I will probably get some other stuff in data too, but hopefully that part will look identically everytime I run my program so I can remove it easily
The core file consists of a core structure, followed by the data pages and then the stack pages of the process image.
struct core {
int c_magic; /* Corefile magic number */
int c_len; /* Sizeof (struct core) */
struct regs c_regs;/* General purpose registers */
struct exec c_aouthdr;/* A.out header */
int c_signo; /* Killing signal, if any */
int c_tsize; /* Text size (bytes) */
int c_dsize; /* Data size (bytes) */
int c_ssize; /* Stack size (bytes) */
char c_cmdname[CORE_NAMELEN+1];
struct fpu c_fpu;/* external FPU state */
int c_ucode; /* Exception no. from u_code */
};
But I found the specification below, I guess I only need to extract c_dsize bytes directly after the struct. I will probably get some other stuff in data too, but hopefully that part will look identically everytime I run my program so I can remove it easily
The core file consists of a core structure, followed by the data pages and then the stack pages of the process image.
struct core {
int c_magic; /* Corefile magic number */
int c_len; /* Sizeof (struct core) */
struct regs c_regs;/* General purpose registers */
struct exec c_aouthdr;/* A.out header */
int c_signo; /* Killing signal, if any */
int c_tsize; /* Text size (bytes) */
int c_dsize; /* Data size (bytes) */
int c_ssize; /* Stack size (bytes) */
char c_cmdname[CORE_NAMELEN+1];
struct fpu c_fpu;/* external FPU state */
int c_ucode; /* Exception no. from u_code */
};
Well, how about this ...
since the core sump contains the memory image,
create a large array
fill with your data
put a signature before it (a sequence of bytes that will signify
the start of data) make sure that the sequence is not anywhere
inside the program (so you cannot hard-code the signature into
the program but have to create it on the fly.)
write rest of data
then cause a core dump
search for sýgnature on the coredump ...
note: if a dynamically allocated array wont work, you can try allocating a global array (int data[8M]) ...
since the core sump contains the memory image,
create a large array
fill with your data
put a signature before it (a sequence of bytes that will signify
the start of data) make sure that the sequence is not anywhere
inside the program (so you cannot hard-code the signature into
the program but have to create it on the fly.)
write rest of data
then cause a core dump
search for sýgnature on the coredump ...
note: if a dynamically allocated array wont work, you can try allocating a global array (int data[8M]) ...
ASKER
Yeah, that sounds reasonable. I'll add expected nymber of bytes to the signature also because it might be some trashdata in the end also
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I guess the points should have been divided between several people but that's not possible so I accept the answer to get rid of the question now.
Btw I think its nicer to just send a SIGSEGV signal instead of making the assignment ptr[-1]=0. Of course, I need more code to do it :(
Btw I think its nicer to just send a SIGSEGV signal instead of making the assignment ptr[-1]=0. Of course, I need more code to do it :(