Bug ID |
8818
|
Summary |
MIME: Add support for ELF files
|
Classification |
Unclassified
|
Product |
Wireshark
|
Version |
SVN
|
Hardware |
All
|
OS |
All
|
Status |
UNCONFIRMED
|
Severity |
Enhancement
|
Priority |
Low
|
Component |
Dissection engine (libwireshark)
|
Assignee |
[email protected]
|
Reporter |
[email protected]
|
Created attachment 11009 [details]
Example ELF file
Build Information:
TShark 1.11.0 (SVN Rev Unknown from unknown)
Copyright 1998-2013 Gerald Combs <[email protected]> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with GLib 2.32.3, with libpcap, with libz 1.2.3.4, with POSIX
capabilities (Linux), with libnl 2, with SMI 0.4.8, with c-ares 1.7.5, with Lua
5.2, without Python, with GnuTLS 2.12.14, with Gcrypt 1.5.0, with MIT Kerberos,
with GeoIP.
Running on Linux 3.9.4, with locale en_IE.UTF-8, with libpcap version
1.5.0-PRE-GIT_2013_05_15, with libz 1.2.3.4.
Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
Built using gcc 4.8.1.
--
Hi,
I would like to present new dissector: elf_file. It based on ELF specification
(and DWARF, etc.). It add feature to open and dissect Linux executable, for
example Wireshark binary, *.so libs, *.o objects, coredumps, etc.
This work is mostly completed, but there are other tasks what it will be nice
to have:
1. Dissect .text section for symbol functions and assembler.
2. Dissect ".plt" section/s. Maybe others too (any interesting section?)
So I would like to do not close this bug while ELF dissector will be as full as
possible. However first patch can be reviewed and applied.
Current dissector features:
1. Dissect sections: .dynsyn, .symtab, .eh_frame_hdr, .eh_frame, string tables.
2. Info about overlapping and backholes (unused part of file)
You are receiving this mail because:
- You are watching all bug changes.