Skip to content

Tool to recover C headers (types, function signatures) from DWARF debug data

License

Notifications You must be signed in to change notification settings

Jayveer/dwarf_to_c

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

57 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

dwarf_to_c

Tool to generate C headers from DWARF debug data.

Can be used to recover types and function signatures from compiled executables and libraries with debug information.

This is a fork of dwarf_to_c that uses pyelftools as the previous dwarf library was giving me problems whilst pyelftools worked fine. It also has support for python 3

!!IMPORTANT NOTE!!

This utility, as well as the underlying library pydevtools has limited support for the more recent DWARF 4 format.

This makes it currently fail on a lot of recent executables.

Patches to improve this are welcome. Unfortunately, pydevtools is not actively maintained, so this would mean either switching to another ELF/DWARF parsing library (pyelftools looks promising) or taking up maintenance...

Alternatively, if you have control over compilation, you can specify GCC to generate DWARF3 instead:

gcc teest.c -gdwarf-3 -o teest

In:

struct packet {
    int from, to;
    char name[16];
    int sin:1, ark:1, arg:1, fun:1;
    enum { NEWT, DUCK, WOLF } type;
} x;

int main() { return 0; }

Out:

struct packet
{
  int from; /* +0x0 */
  int to; /* +0x4 */
  char name[16]; /* +0x8 */
  int sin:1; /* +0x18 bit 31..31 of 32 */
  int ark:1; /* +0x18 bit 30..30 of 32 */
  int arg:1; /* +0x18 bit 29..29 of 32 */
  int fun:1; /* +0x18 bit 28..28 of 32 */
  enum {
    NEWT = 0, /* 0x00000000 */
    DUCK = 1, /* 0x00000001 */
    WOLF = 2 /* 0x00000002 */
  } type; /* +0x1c */
};
/* Basetype: sizetype */
int main();

Usage

usage: dwarf_to_c.py [-h] INFILE [CUNAME]

Where INFILE is the name of an ELF binary, and CUNAME is the name of the compilation unit (this can be the full name or only the base name, such as test.c).

If CUNAME is left out, all compilation units in the ELF object will be processed.

Misc tools

usage: inline_functions.py [-h] INPUT

List all usages of inline functions.

usage: extract_structures_json.py [-h] INFILE ROOT

Dump DWARF information for data structure ROOT and all substructures into JSON format. This can be useful for pretty-printers.

Info on used libraries

pycunparser is based on pycparser, but keeps only the C-generation code and adds code for handling adding comments.

cgen has a much friendlier API, however it supports a smaller subset of (correct) C. Enumerations and unions are not supported, which was not that hard to add, however it also could not handle bit offsets on structure fields, and function pointer support was lacking (granted, with C's Byzantine syntax, it's a suprise that anyone gets it right).

So we took the C generation part out of pycparser and adapted it to our needs. The parsing support was stripped as it is not needed for these tools, and to remove the dependency on PLY.

Authors

About

Tool to recover C headers (types, function signatures) from DWARF debug data

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 99.9%
  • C 0.1%