TheLibEdFmt
The ERESI debug format library is the component dedicated for debug formats parsing. A debug format is a data representation of the source code, thus is an important source of information. There is an issue when developing support for debug formats as each of them has a different organization, requires a different parser, and even contain different information. This library simplifies the handling of such formats and provides a uniform representation which contains common and important information. A unique code can then be used for accessing debug infos. However, a binary analysis tool should not rely on debug information are it is non-available most of the time. This library opens the door to automatic debug format reconstruction in a unified representation. We currently support conversions from stabs and dwarf2 formats to the ERESI debug format but also store results of our automatic analysis in there for future consultation.
The main features of the ERESI debug format library are :
- Create an uniform format representation for each supported debug format.
- Export types in the ERESI engine indicated by debug information.
- Annotate global variables of the analyzed program using their type information in the ERESI engine.
- Gives function prototypes to Etrace.
This list shows major modification in libedfmt since the fist version:
- March 20 2007 - Initial version of libedfmt for stabs and dwarf2.
We have some issue with stabs on Solaris SPARC. SUN implemented its own part of stabs specification. Dwarf2 support has been tested on the IA32 architecture only for now.
| Debug format | Linux INTEL | FreeBSD INTEL | Solaris INTEL | Linux SPARC | FreeBSD SPARC | Solaris SPARC |
|---|---|---|---|---|---|---|
| Stabs | Yes | Yes | Yes | No | No | No |
| Stabs+ | No | No | No | No | No | No |
| Dwarf | No | No | No | No | No | No |
| Dwarf 2 | Yes | Yes | Yes | No | No | No |
| Dwarf 3 | No | No | No | No | No | No |
Unavailable features are the subject of contributions, if someone else has not taken over the implementation of the feature on the bts.
The ERESI debug format library depends on other components from the ERESI framework :
- libelfsh: the binary manipulation library, to retrieve debug format sections.
- libaspect: the types specification library, which contains ERESI type engine low level interface.
The ERESI debug format library is featured in one article:
- Next Generation Debuggers for Reverse Engineering A debugging format is an important source of information as it permits to retrieve a description of each element that composes a binary. There are many different formats to fulfil the same goal, this diversity is an obstacle for an useful implementation and most reverse engineers do not bother implementing the support for them. Libedfmt parses every formats to create a uniform representation. This uniform representation is created on 3 steps. First we analyze a specific format and create an interface that make possible to read it. Then we transform this format using the uniform API. During this transformation, we keep only important information that we can find in all debugging format. A part of this information can be extracted with analysis tools but a debugging format provides you all types and names for functions and variables. The last step is about cleaning allocated memory so we have enough space to fetch the rest of the information.