kallsyms , addr to symbol
#!/usr/bin/env python # addr2sym.py - resolve addresses to symbols, using a map file
# Reads a log file, and map file, and substitutes function
# names and offsets for numeric values in the log.
# The re-written log file is sent to standard out.
#
# A normal usage looks like:
# cat boot.log | addr2sym -m linux-2.6.7/System.map >boot.lst
#
import sys
import fileinput
import string
import re def startswith(str, pattern):
if string.find(str, pattern)==0:
return 1
else:
return 0 def print_error(str):
sys.stderr.write(str+"\n");
sys.stderr.flush() # returns function map (key=addr, value=funcname) and
# a list of function tuples (addr, funcname)
def read_map(filename):
funcmap = {}
funclist = []
try:
f = open(filename)
except:
print_error("Error: Cannot read map file: %s" % filename)
usage() for line in f.readlines():
#print("debug " + line)
(addr_str, symtype, funcname) = string.split(line, None, 2) #print(addr_str + "," + symtype + "," + funcname)
#yzg remove "\n\t"
funcname=funcname.strip()
funcmap[addr_str] = funcname.strip() addr = eval("0x" + addr_str + "L")
funclist.append((addr, funcname))
#sort the list, since moudule address not in seq.
funclist.sort(key=lambda x:x[0]) return (funcmap, funclist) callsite_cache = {} # return string with function and offset for a given address
def lookup_sym(funcmap, funclist, addr_str):
global callsite_cache try:
return funcmap[addr_str]
except:
pass # no exact match found, now do binary search for closest function # convert address from string to number
addr = eval(addr_str) # if address is outside range of addresses in the
# map file, just return the address without converting it
if addr < funclist[0][0] or addr > funclist[-1][0]:
return addr_str if callsite_cache.has_key(addr):
return callsite_cache[addr] # do a binary search in funclist for the function
# use a collapsing range to find the closest addr
lower = 0
upper = len(funclist)-1
while (lower != upper-1):
guess_index = lower + (upper-lower)/2
guess_addr = funclist[guess_index][0]
if addr < guess_addr:
upper = guess_index
if addr >= guess_addr:
lower = guess_index offset = addr-funclist[lower][0]
name = funclist[lower][1]
if startswith(name, "."):
name = name[1:]
func_str = "%s+0x%x" % (name, offset)
callsite_cache[addr] = func_str
return func_str def usage():
print "Usage: addr2sym <infile -m mapfile >outfile"
print "\nexample:"
print "addr2sym <boot.log -m linux-2.6.7/System.map >boot.lst"
sys.exit(1) def main():
# user must have "-m mapfile" at a minimum
# TODO: You can also try to read /proc/kallsym (perhaps with in-situ option)
if len(sys.argv)<3:
print_error("Error: no map file specified")
usage() mapfilename = ""
i = 0
while i < len(sys.argv):
if sys.argv[i]=="-m":
try:
mapfilename = sys.argv[i+1]
# remove the args from the argument list
sys.argv[i:i+2]=[]
except:
pass
i = i+1 if not mapfilename:
print_error("Error: missing map file name")
usage() # read function names and addresses from map file
(funcmap, funclist) = read_map(mapfilename) for line in fileinput.input():
# strip trailing \n, if present
if line[-1]=='\n':
line = line[:-1] # convert all hex numbers to symbols plus offsets
# try to preserve column spacing in the output
tmp = line
new_line = ""
#m = re.match(r".*?call_site=([0-9abcdef]+)(\s*)", tmp)
m = 1 if m:
# addr is match for re group 1, look it up
#addr_str = "0x" + tmp[m.start(1): m.end(1)]
addr_str = "0x" + tmp #print 'lookup ' + addr_str
func = lookup_sym(funcmap, funclist, addr_str) if func[0] != '0':
print func # replace call_site address with call_site symbol name
#new_line = new_line + tmp[:m.start(1)] + func + tmp[m.end(1):]
#end = m.end(1) # pad line to keep columns the same
# whitespace might match or not. If it does, it's
# group 2 from the regex above. #if len(m.groups())>1: # if we also matched whitespace
# end = m.end(2)
# pad_count = (m.end(2)-m.start(1))-len(func)
# if pad_count < 1: pad_count=1
# new_line = new_line + " "*pad_count #if new_line:
# line = new_line
#print line if __name__=="__main__":
main()
将要解析的地址保存到文件:
grep --binary-files=text "NMI Watchdog" -A 30 vmcore_1.7-20151012_ra2xx_2015-10-13_09_28.10
#cat addr3.txt
8000000041246000
ffffffffc0fb4a0c
8000000041246000
#translate the addr to function name:
#./addr2sym.py < addr3.txt -m vmcore_kallsyms_1.7-20151012_ra2xx_2015-10-13_09_26.29
0x8000000041246000
_ieee80211_free_node [umac]+0x25c
0x8000000041246000
0x80000000360c5480
0x80000000392e0000
0x800000003934f590
0x8000000038330680
0x0000000000000000
_raw_spin_lock_irqsave+0x0
_raw_spin_unlock_irqrestore+0x0
0x8000000038660000
ieee80211_complete_wbuf [umac]+0xec
0x0000000000000000
0x0000000000000000
0x0000000000000043
0x000000000000001f
0x0000000000000009
ath_hal_reg_read [ath_hal]+0x0
kallsyms , addr to symbol的更多相关文章
- linux内核钩子--khook
简介 本文介绍github上的一个项目khook,一个可以在内核中增加钩子函数的框架,支持x86.项目地址在这里:https://github.com/milabs/khook 本文先简单介绍钩子函数 ...
- ELF静态链接
一直对ELF目标文件是怎样链接成可执行文件感到比较的疑惑,ELF文件里面的重定位段是怎样解决符号引用问题的?前几天偶然看了<深入理解计算机系统>里面讲了这个问题,看了之后对里面的实现机制终 ...
- CSAPP读书随笔之一:为什么汇编器会将call指令中的引用的初始值设置为-4
CSAPP,即<深入理解计算机系统:程序员视角>第三版,是一本好书,但读起来确需要具备相当的基本功.而且,有的表述(中译文)还不太直白. 比如,第463页提到,(对于32位系统)为什么汇编 ...
- crash部分命令用法
Set set [pid | taskp | [-c cpu] | -p] | [crash_variable [setting]] | -v 1.设置要显示的内容,内容一般以进程为单位. Set p ...
- 六星经典CSAPP-笔记(7)加载与链接(上)
六星经典CSAPP-笔记(7)加载与链接 1.对象文件(Object File) 1.1 文件类型 对象文件有三种形式: 可重定位对象文件(Relocatable object file):包含二进制 ...
- Linux Debugging(四): 使用GDB来理解C++ 对象的内存布局(多重继承,虚继承)
前一段时间再次拜读<Inside the C++ Object Model> 深入探索C++对象模型,有了进一步的理解,因此我也写了四篇博文算是读书笔记: Program Transfor ...
- CSAPP HITICS 大作业 hello's P2P by zsz
摘 要 摘要是论文内容的高度概括,应具有独立性和自含性,即不阅读论文的全文,就能获得必要的信息.摘要应包括本论文的目的.主要内容.方法.成果及其理论与实际意义.摘要中不宜使用公式.结构式.图表和非公知 ...
- 系统级编程(csapp)
系统级编程漫游 系统级编程提供学生从用户级.程序员的视角认识处理器.网络和操作系统,通过对汇编器和汇编代码.程序性能评测和优化.内存组织层次.网络协议和操作以及并行编程的学习,理解底层计算机系统对应用 ...
- 内核中dump_stack的实现原理(2) —— symbol
环境 Linux-4.14 Aarch64 正文 在前面的分析中调用print_symbol("PC is at %s\n", instruction_pointer(regs ...
随机推荐
- 9、Dubbo-配置(4)
本地存根 远程服务后,客户端通常只剩下接口,而实现全在服务器端,但提供方有些时候想在客户端 也执行部分逻辑,比如:做 ThreadLocal 缓存,提前验证参数,调用失败后伪造容错数据等 等,此时就需 ...
- spring boot +druid数据库连接池配置
1.启动应用入口修改 增加servlet注解 import javax.sql.DataSource; import org.apache.ibatis.session.SqlSessionFacto ...
- throws、throw和try catch
在学习代理模式的时候,编写动态生成代理类.java文件时,用try{}catch(){}捕获异常发现catch(Exception e)报错,得换成catch(Throwable e),然后又查了查两 ...
- jQuery笔记: 基本概念与jQuery核心
目录 初识jQuery 为什么要使用jQuery? 如何使用jQuery? jQuery与js加载模式不同 jQuery入口函数的四种写法 jQuery的访问符冲突问题 jQuery核心函数和jQue ...
- Promise 的应用
Promise 有三种状态,进行中(pending),已成功(fulfilled),已失败(rejected): 一旦状态改变,就不会再变,任何时候都可以得到这个结果.Promise对象的状态改变,只 ...
- Python-逻辑运算
1 or 3>2 and 4<5 or 6 and 2<7
- Dynamics CRM plugin调试方法之Profiler
https://blog.csdn.net/vic0228/article/details/72903815
- ARM开发---Keil注册+JLink维修详解
在ARM开发中,经常使用的开发环境就是Keil uVision集成开发环境+JLink仿真器,本文就是就是介绍.总结使用该开发环境中遇到的问题,并在问题后方附上亲测可行的解决方法.如果各位看官在开发过 ...
- 关于STM32 DMA相关总结[概述知识点]
关于DMA相关知识的总结,写给未来的自己,希望有帮助.立个Flag[坚持写博客总结自己工作或学习记录自己的生活] ------------------------------------------- ...
- python 文件读取方法详解
话不多说直接码 # 绝对路径 # f = open('/Users/fangxiang/Downloads/我的古诗.text', mode='r', encoding='utf-8') # cont ...