search

volatilityfoundation / dwarf2json

convert ELF/DWARF symbol and type information into vol3's intermediate JSON
Other
104 stars 28 forks source link

How to get symbol of a NAS system #56

Open mu0gua opened 11 months ago

mu0gua commented 11 months ago

golang env:

GOVERSION='go1.21.1'
GO111MODULE='on'
GOARCH='amd64'
GOOS='linux'

readelf for nas -> ash:

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x41fef4
  Start of program headers:          64 (bytes into file)
  Start of section headers:          1023192 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         9
  Size of section headers:           64 (bytes)
  Number of section headers:         26
  Section header string table index: 25

run

root@nas:/volume1/share# ./dwarf2json 
./dwarf2json: /lib/libc.so.6: version `GLIBC_2.34' not found (required by ./dwarf2json)
./dwarf2json: /lib/libc.so.6: version `GLIBC_2.32' not found (required by ./dwarf2json)

system

root@nas:/volume1/share# cat /proc/version 
Linux version 4.4.59+ (root@build11) (gcc version 4.9.3 20150311 (prerelease) (crosstool-NG 1.20.0) ) #24922 SMP PREEMPT Fri May 10 02:59:42 CST 2019
root@nas:/volume1/share# uname -a
Linux nas 4.4.59+ #24922 SMP PREEMPT Fri May 10 02:59:42 CST 2019 x86_64 GNU/Linux synology_apollolake_918+

I want to get the symbols of the nas system to analyze the memory data dumped in the nas. I tried the above operations, but I am stuck at this step. I don’t know what I should do next.

quantum2274 commented 4 months ago

I occured the same glibc problem, it was because I built the dwarf2json on the different machine with different glibc version, then copied the binary to use.

Tried building on the machine that was used to get the symbol worked for me.