crackhdr, machbytype, machbyname, newmap, setmap, findseg, unusemap,
loadmap, attachproc, get1, get2, get4, get8, geta, put1, put2, put4, put8, puta
beswab, beswal, beswav, leswab, leswal, leswav – machine-independent access to executable files
int crackhdr(int fd, Fhdr *fp)
void machbytype(int type)
int machbyname(char *name)
Map *newmap(Map *map, int n)
int setmap(Map *map, int fd, uvlong base, uvlong end,
vlong foffset, char *name)
int findseg(Map *map, char *name)
void unusemap(Map *map, int seg)
Map *loadmap(Map *map, int fd, Fhdr *fp)
Map *attachproc(int pid, int kflag, int corefd, Fhdr *fp)
int get1(Map *map, uvlong addr, uchar *buf, int n)
int get2(Map *map, uvlong addr, ushort *val)
int get4(Map *map, uvlong addr, ulong *val)
int get8(Map *map, uvlong addr, uvlong *val)
int geta(Map *map, uvlong addr, uvlong *val)
int put1(Map *map, uvlong addr, uchar *buf, int n)
int put2(Map *map, uvlong addr, ushort val)
int put4(Map *map, uvlong addr, ulong val)
int put8(Map *map, uvlong addr, uvlong val)
int puta(Map *map, uvlong addr, uvlong val)
ushort beswab(ushort val)
ulong beswal(ulong val)
uvlong beswav(uvlong val)
ushort leswab(ushort val)
ulong leswal(ulong val)
uvlong leswav(uvlong val)
extern Mach mach;
extern Machdata machdata;
These functions provide
a processor-independent interface for accessing
the executable files or executing images of all
Related library functions described in
provide similar access to symbol tables and object files.
is a file containing an executable program or the
file of the
file system associated with an executing process as
After opening an executable, an application
invokes a library function which parses the
determines the target architecture and
initializes data structures with parameters
and pointers to functions appropriate for
that architecture. Next, the application
invokes functions to construct one or more
data structures that translate references
in the address space of the executable
to offsets in the file. Each
comprises one or more
each associating a non-overlapping range of
memory addresses with a logical section of
Other library functions then use a map
and the architecture-specific data structures
to provide a generic interface to the
interprets the header of the executable
the open file descriptor
It loads the data structure
with a machine-independent description
of the header information and
points global variable
data structure containing processor-dependent parameters
of the target architecture.
selects architecture-specific data structures and parameter
values based on
the code stored in the
performs the same selection based
on the name of a processor class; see
for a list of valid names.
Both functions point global variables
data structures appropriate for the
target architecture and load global variable
with the proper disassembler type code.
creates an empty map with
is zero, the new map is dynamically
allocated, otherwise it is assumed to
point to an existing dynamically allocated map whose
size is adjusted, as necessary.
A zero return value indicates an allocation error.
loads the first unused segment in
segment mapping parameters.
is an open file descriptor associated with
contain the lowest and highest virtual addresses
mapped by the segment.
is the offset to the start of the segment in the file.
is a name to be attached to the segment.
returns the index of the
A return of -1 indicates that no
marks segment number
segments in the map remain unaffected.
initializes a default map containing
segments named ‘text’ and ‘data’ that
map the instruction and data segments
of the executable described in the
structure pointed to by
Usually that structure was loaded by
and can be passed to this function without
is non-zero, that map, which must have been
dynamically allocated, is resized to contain two segments;
otherwise a new map is allocated.
This function returns zero if allocation fails.
is usually used to build a map for accessing
a static executable, for example, an executable
constructs a map for accessing a
running process. It
returns the address of a
containing segments mapping the
address space of the running process
whose process ID is
is non-zero, the process is assumed to be
a kernel process.
is an file descriptor opened to
points to the
structure describing the header
of the executable. For most architectures
contains four segments named ‘text’, ‘data’,
‘regs’ and ‘fpregs’. The latter two provide access to
the general and floating point registers, respectively.
If the executable is a kernel process (indicated by a
argument), the data segment extends to the maximum
supported address, currently 0xffffffff, and the
register sets are read-only. In user-level programs,
the data segment extends to the
top of the stack or 0x7fffffff if the stack top
cannot be found, and the register sets are readable
returns zero if it is unable to build the map
for the specified process.
retrieve the data stored at address
in the executable associated
bytes of data beginning at
retrieve 16-bit, 32-bit and 64-bit values respectively,
into the location pointed to by
The value is byte-swapped if the source
byte order differs from that of the current architecture.
This implies that the value returned by
may not be the same as the byte sequences
is two, four or eight; the former may be byte-swapped, the
latter reflects the byte order of the target architecture.
If the file descriptor associated with the applicable segment in
is negative, the address itself is placed in the
return location. These functions return the number
of bytes read or a –1 when there is an error.
the executable associated with
The address is translated using the
map parameters and multi-byte quantities are
byte-swapped, if necessary, before they are written.
bytes stored at
write the 16-bit, 32-bit or 64-bit quantity contained in
respectively. The number of bytes transferred is returned.
A –1 return value indicates an error.
big-endian representation of
return the little-endian representation of the
These routines set