In [1]:
#-------------------------------------------------------------------------------
# elftools example: dwarf_lineprogram_filenames.py
#
# In the .debug_line section, the Dwarf line program generates a matrix
# of address-source references. This example demonstrates accessing the state
# of each line program entry to retrieve the underlying filenames.
#
# William Woodruff (william@yossarian.net)
# This code is in the public domain
#-------------------------------------------------------------------------------
from __future__ import print_function
from collections import defaultdict
import os
import sys
import posixpath

# If pyelftools is not installed, the example can also run from the root or
# examples/ dir of the source distribution.
# sys.path[0:0] = ['.', '..']

from elftools.elf.elffile import ELFFile


def process_file(filename):
    print('Processing file:', filename)
    with open(filename, 'rb') as f:
        elffile = ELFFile(f)

        if not elffile.has_dwarf_info():
            print('  file has no DWARF info')
            return

        dwarfinfo = elffile.get_dwarf_info()
        
        with open('lineprogram.s', 'w') as outFile:
            
            cc = 0
            for CU in dwarfinfo.iter_CUs():
                print('  Found a compile unit at offset %s, length %s' % (
                    CU.cu_offset, CU['unit_length']))

                # Every compilation unit in the DWARF information may or may not
                # have a corresponding line program in .debug_line.
                line_program = dwarfinfo.line_program_for_CU(CU)
                if line_program is None:
                    print('  DWARF info is missing a line program for this CU')
                    continue

                
                
                # Print a reverse mapping of filename -> #entries
#                 filename_map= line_entry_mapping(line_program)
#                 if(len(list(filename_map.items())))>1:
#                     print(list(filename_map.items()))

                CU_DIR_PATH = None
                CU_FILENAME = None
                for attr in CU.get_top_DIE().attributes.values():
                    if attr.name == 'DW_AT_name':
                        CU_FILENAME = attr.value.decode("utf-8")
                    if attr.name == 'DW_AT_comp_dir':
                        CU_DIR_PATH = attr.value.decode("utf-8")

                
                for le in line_program.get_entries():
                    cc+=1
                    
                    
                    if le.state is not None:
#                         if le.state.address == 0xba44:
                            src_filename = lpe_filename (line_program, le.state.file)

                            outFile.write(str(hex(le.state.address))+"    cc "+str(cc)+"  "+str(le.state.line)+"  "+    str(le.state.column)+"   "+os.path.join(CU_DIR_PATH,CU_FILENAME)+"   "+ src_filename   +"\n")
#                             if le.state.address <= 0xba44 or le.state.address>0xb944:
                            if le.state.address == 0x3b11:#0xba48:
                                print(le.state)
                                lpe_filename (line_program, le.state.file, True)
#                             print(cc,le)
#                             print(src_filename)

    #                         if src_filename==CU_FILENAME:
    # #                         print(le)
    # #                         print( str(le.state.address)+"    "+str(le.state.line)+"  "+    str(le.state.column)+"\n")
    #                             outFile.write(str(hex(le.state.address))+"    "+str(le.state.line)+"  "+    str(le.state.column)+"   "+os.path.join(CU_DIR_PATH,CU_FILENAME)+"   "+ src_filename   +"\n")
    #                         else:
    #                             outFile.write(str(hex(le.state.address))+"    "+str(le.state.line)+"  "+    str(le.state.column)+"   "+os.path.join(CU_DIR_PATH,CU_FILENAME)+"   "+ src_filename   +"\n")
                            
def line_entry_mapping(line_program):
    filename_map = defaultdict(int)

    # The line program, when decoded, returns a list of line program
    # entries. Each entry contains a state, which we'll use to build
    # a reverse mapping of filename -> #entries.
    lp_entries = line_program.get_entries()
    for lpe in lp_entries:
        # We skip LPEs that don't have an associated file.
        # This can happen if instructions in the compiled binary
        # don't correspond directly to any original source file.
        if not lpe.state or lpe.state.file == 0:
            continue
        filename = lpe_filename (line_program, lpe.state.file)
        filename_map[filename] += 1

#     for filename, lpe_count in filename_map.items():
#         print("    filename=%s -> %d entries" % (filename, lpe_count))
    return filename_map

def lpe_filename( line_program, file_index,debug= False):

    lp_header = line_program.header
    file_entries = lp_header["file_entry"]
    if debug:
        print(file_entries,'\n\n')
        print(lp_header)
    # File and directory indices are 1-indexed.
    file_entry = file_entries[file_index ]
    dir_index = file_entry["dir_index"]
#     print(file_entry , dir_index)

    # A dir_index of 0 indicates that no absolute directory was recorded during
    # compilation; return just the basename.
    if dir_index == 0:
        return file_entry.name.decode()

    directory = lp_header["include_directory"][dir_index ]
    return posixpath.join(directory, file_entry.name).decode()



# filePath = '/home/nahid/reverse/binaries/c_many/stacktest'
filePath =  './../../binaries/gnuit/src/gitfm'
process_file(filePath)


Processing file: ./../../binaries/gnuit/src/gitfm
  Found a compile unit at offset 0, length 10410
  Found a compile unit at offset 10414, length 7795
  Found a compile unit at offset 18213, length 931
  Found a compile unit at offset 19148, length 3815
  Found a compile unit at offset 22967, length 1824
  Found a compile unit at offset 24795, length 15615
  Found a compile unit at offset 40414, length 3379
  Found a compile unit at offset 43797, length 1585
  Found a compile unit at offset 45386, length 4279
  Found a compile unit at offset 49669, length 1102
  Found a compile unit at offset 50775, length 249
  Found a compile unit at offset 51028, length 1910
  Found a compile unit at offset 52942, length 710
  Found a compile unit at offset 53656, length 1720
  Found a compile unit at offset 55380, length 1383
  Found a compile unit at offset 56767, length 5736
  Found a compile unit at offset 62507, length 684
  Found a compile unit at offset 63195, length 4327
  Found a compile un