惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

美团技术团队
D
DataBreaches.Net
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
D
Docker
N
Netflix TechBlog - Medium
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
Check Point Blog
腾讯CDC
Stack Overflow Blog
Stack Overflow Blog
V
Visual Studio Blog
IT之家
IT之家
月光博客
月光博客
U
Unit 42
K
Kaspersky official blog
T
Threatpost
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
GbyAI
GbyAI
P
Proofpoint News Feed
Last Week in AI
Last Week in AI
云风的 BLOG
云风的 BLOG
酷 壳 – CoolShell
酷 壳 – CoolShell
I
InfoQ
Engineering at Meta
Engineering at Meta
Recorded Future
Recorded Future
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
Security @ Cisco Blogs
MyScale Blog
MyScale Blog
大猫的无限游戏
大猫的无限游戏
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
Schneier on Security
S
Secure Thoughts
The Register - Security
The Register - Security
B
Blog RSS Feed
The Last Watchdog
The Last Watchdog
P
Palo Alto Networks Blog
爱范儿
爱范儿
B
Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
N
News and Events Feed by Topic
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
C
Cisco Blogs
Spread Privacy
Spread Privacy
F
Full Disclosure
博客园 - 聂微东
T
The Blog of Author Tim Ferriss

博客园 - YZG

zigbee路由(报文实例) Zigbee系列(路由机制) Zigbee系列(end device) Zigbee系列(网络) Zigbee系列(概览) Linux checksum flag in kernel ubuntu apt-xxx 清空DNS缓存 shell loop shell 参数 power sequece grep 文件内容搜索 netif_receive_skb pt_prev why? virtual machine AVR地址空间 altera 与 xilinx fifo 时序的区别 如何在Linux下实现50万并发 Linux tcp socket相关参数设置 对Linux下socket限制的理解
kallsyms , addr to symbol
YZG · 2015-10-14 · via 博客园 - YZG
#!/usr/bin/env python

# addr2sym.py - resolve addresses to symbols, using a map file
# Reads a log file, and map file, and substitutes function
# names and offsets for numeric values in the log.
# The re-written log file is sent to standard out.
#
# A normal usage looks like:
# cat boot.log | addr2sym -m linux-2.6.7/System.map >boot.lst
#
import sys
import fileinput
import string
import re

def startswith(str, pattern):
	if string.find(str, pattern)==0:
		return 1
	else:
		return 0

def print_error(str):
	sys.stderr.write(str+"\n");
	sys.stderr.flush()

# returns function map (key=addr, value=funcname) and
# a list of function tuples (addr, funcname)
def read_map(filename):
	funcmap = {}
	funclist = []
	try:
		f = open(filename)
	except:
		print_error("Error: Cannot read map file: %s" % filename)
		usage()

	for line in f.readlines():
		#print("debug " + line)
		(addr_str, symtype, funcname) = string.split(line, None, 2)

		#print(addr_str + "," + symtype + "," + funcname)
		#yzg remove "\n\t"
		funcname=funcname.strip()
		funcmap[addr_str] = funcname.strip()

		addr = eval("0x" + addr_str + "L")
		funclist.append((addr, funcname))

          #sort the list, since moudule address not in seq.
               funclist.sort(key=lambda x:x[0])

return (funcmap, funclist) callsite_cache = {} # return string with function and offset for a given address def lookup_sym(funcmap, funclist, addr_str): global callsite_cache try: return funcmap[addr_str] except: pass # no exact match found, now do binary search for closest function # convert address from string to number addr = eval(addr_str) # if address is outside range of addresses in the # map file, just return the address without converting it if addr < funclist[0][0] or addr > funclist[-1][0]: return addr_str if callsite_cache.has_key(addr): return callsite_cache[addr] # do a binary search in funclist for the function # use a collapsing range to find the closest addr lower = 0 upper = len(funclist)-1 while (lower != upper-1): guess_index = lower + (upper-lower)/2 guess_addr = funclist[guess_index][0] if addr < guess_addr: upper = guess_index if addr >= guess_addr: lower = guess_index offset = addr-funclist[lower][0] name = funclist[lower][1] if startswith(name, "."): name = name[1:] func_str = "%s+0x%x" % (name, offset) callsite_cache[addr] = func_str return func_str def usage(): print "Usage: addr2sym <infile -m mapfile >outfile" print "\nexample:" print "addr2sym <boot.log -m linux-2.6.7/System.map >boot.lst" sys.exit(1) def main(): # user must have "-m mapfile" at a minimum # TODO: You can also try to read /proc/kallsym (perhaps with in-situ option) if len(sys.argv)<3: print_error("Error: no map file specified") usage() mapfilename = "" i = 0 while i < len(sys.argv): if sys.argv[i]=="-m": try: mapfilename = sys.argv[i+1] # remove the args from the argument list sys.argv[i:i+2]=[] except: pass i = i+1 if not mapfilename: print_error("Error: missing map file name") usage() # read function names and addresses from map file (funcmap, funclist) = read_map(mapfilename) for line in fileinput.input(): # strip trailing \n, if present if line[-1]=='\n': line = line[:-1] # convert all hex numbers to symbols plus offsets # try to preserve column spacing in the output tmp = line new_line = "" #m = re.match(r".*?call_site=([0-9abcdef]+)(\s*)", tmp) m = 1 if m: # addr is match for re group 1, look it up #addr_str = "0x" + tmp[m.start(1): m.end(1)] addr_str = "0x" + tmp #print 'lookup ' + addr_str func = lookup_sym(funcmap, funclist, addr_str) if func[0] != '0': print func # replace call_site address with call_site symbol name #new_line = new_line + tmp[:m.start(1)] + func + tmp[m.end(1):] #end = m.end(1) # pad line to keep columns the same # whitespace might match or not. If it does, it's # group 2 from the regex above. #if len(m.groups())>1: # if we also matched whitespace # end = m.end(2) # pad_count = (m.end(2)-m.start(1))-len(func) # if pad_count < 1: pad_count=1 # new_line = new_line + " "*pad_count #if new_line: # line = new_line #print line if __name__=="__main__": main()

将要解析的地址保存到文件:

grep --binary-files=text "NMI Watchdog" -A 30 vmcore_1.7-20151012_ra2xx_2015-10-13_09_28.10

#cat addr3.txt
8000000041246000
ffffffffc0fb4a0c
8000000041246000

#translate the addr to function name:
#./addr2sym.py  < addr3.txt -m vmcore_kallsyms_1.7-20151012_ra2xx_2015-10-13_09_26.29

0x8000000041246000
_ieee80211_free_node    [umac]+0x25c
0x8000000041246000
0x80000000360c5480
0x80000000392e0000
0x800000003934f590
0x8000000038330680
0x0000000000000000
_raw_spin_lock_irqsave+0x0
_raw_spin_unlock_irqrestore+0x0
0x8000000038660000
ieee80211_complete_wbuf    [umac]+0xec
0x0000000000000000
0x0000000000000000
0x0000000000000043
0x000000000000001f
0x0000000000000009
ath_hal_reg_read    [ath_hal]+0x0