Wireshark-bugs: [Wireshark-bugs] [Bug 8818] New: MIME: Add support for ELF files

Date: Tue, 18 Jun 2013 12:48:51 +0000
Bug ID 8818
Summary MIME: Add support for ELF files
Classification Unclassified
Product Wireshark
Version SVN
Hardware All
OS All
Status UNCONFIRMED
Severity Enhancement
Priority Low
Component Dissection engine (libwireshark)
Assignee [email protected]
Reporter [email protected]

Created attachment 11009 [details]
Example ELF file

Build Information:
TShark 1.11.0 (SVN Rev Unknown from unknown)

Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.32.3, with libpcap, with libz 1.2.3.4, with POSIX
capabilities (Linux), with libnl 2, with SMI 0.4.8, with c-ares 1.7.5, with Lua
5.2, without Python, with GnuTLS 2.12.14, with Gcrypt 1.5.0, with MIT Kerberos,
with GeoIP.

Running on Linux 3.9.4, with locale en_IE.UTF-8, with libpcap version
1.5.0-PRE-GIT_2013_05_15, with libz 1.2.3.4.
        Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz

Built using gcc 4.8.1.

--
Hi,
I would like to present new dissector: elf_file. It based on ELF specification
(and DWARF, etc.). It add feature to open and dissect Linux executable, for
example Wireshark binary, *.so libs, *.o objects, coredumps, etc.

This work is mostly completed, but there are other tasks what it will be nice
to have:
1. Dissect .text section for symbol functions and assembler.
2. Dissect ".plt" section/s. Maybe others too (any interesting section?)
So I would like to do not close this bug while ELF dissector will be as full as
possible. However first patch can be reviewed and applied.


Current dissector features:
1. Dissect sections: .dynsyn, .symtab, .eh_frame_hdr, .eh_frame, string tables.
2. Info about overlapping and backholes (unused part of file)


You are receiving this mail because:
  • You are watching all bug changes.