$ hexdump -C <corefile>
000005a0 00 00 00 00 00 00 00 00 2e 2f 74 65 73 74 20 48 |........./test H|
000005b0 65 6c 6c 6f 20 57 6f 72 6c 64 20 00 00 00 00 00 |ello World .....|
hexdump显示类似“./test Hello World”的字符串
如何从ELF核心文件中读取命令调用的字符串?
答案 0 :(得分:2)
核心文件的注释部分有'prpsinfo',其中包含可执行文件名&amp;参数信息。
readelf --notes /b/syrajendra/core.test.25963.1518497907
Notes at offset 0x000003f8 with length 0x00000614:
Owner Data size Description
CORE 0x00000150 NT_PRSTATUS (prstatus structure)
CORE 0x00000088 NT_PRPSINFO (prpsinfo structure)
CORE 0x00000080 Unknown note type: (0x53494749)
CORE 0x00000130 NT_AUXV (auxiliary vector)
“prpsinfo”结构在“/usr/include/linux/elfcore.h”文件中定义。