#offtovma
Consider the below o/p from od utility
od -Ad -t x4z -w core
.....................
0005088 08ec8348 0d058b48 4800200c 0574c085 00002be8 c4834800 0000c308 00000000 >H...H.... .H..t..+...H..........<
0005120 0c0235ff 25ff0020 00200c04 00401f0f 0c0225ff 00680020 e9000000 ffffffe0 >.5.. ..%.. ...@..%.. .h.........<
0005152 0bfa25ff 01680020 e9000000 ffffffd0 0bf225ff 02680020 e9000000 ffffffc0 >.%.. .h..........%.. .h.........<
0005184 8949ed31 89485ed1 e48348e2 495450f0 0600c0c7 c7480040 400590c1 c7c74800 >1.I..^H..H...PTI....@.H....@.H..<
0005216 00400536 ffffa7e8 0f66f4ff 0000441f 60103fb8 2d485500 00601038 0ef88348 >6.@.......f..D...?.`.UH-8.`.H...<
0005248 76e58948 0000b81b 85480000 5d1174c0 601038bf 66e0ff00 00841f0f 00000000 >H..v......H..t.].8.`...f........<
0005280 6666c35d 2e666666 00841f0f 00000000 601038be 81485500 601038ee fec14800 >].fffff..........8.`.UH..8.`.H..<
The first column in every row in the od output is the offset within the core file followed by the actual file contents
Let us try to get the VMA address associated with the file offset 0005088
localhost:~/offtovma]$ ./offtovma -c core -o 5088
Elf type: ELF 64-bit LSB core file x86-64
Load sections in the core file
0x0000000000400000-0x0000000000401000 is load1 at offset 4096
0x0000000000600000-0x0000000000601000 is load2 at offset 8192
0x0000000000601000-0x0000000000602000 is load3 at offset 12288
0x000000000253f000-0x0000000002647000 is load4 at offset 16384
0x00007f3d5cb62000-0x00007f3d5cd19000 is load5 at offset 1097728
0x00007f3d5cd19000-0x00007f3d5cf18000 is load6 at offset 1101824
0x00007f3d5cf18000-0x00007f3d5cf1c000 is load7 at offset 1101824
0x00007f3d5cf1c000-0x00007f3d5cf1e000 is load8 at offset 1118208
0x00007f3d5cf1e000-0x00007f3d5cf22000 is load9 at offset 1126400
0x00007f3d5cf22000-0x00007f3d5cf43000 is load10 at offset 1142784
0x00007f3d5d126000-0x00007f3d5d129000 is load11 at offset 1146880
0x00007f3d5d141000-0x00007f3d5d142000 is load12 at offset 1159168
0x00007f3d5d142000-0x00007f3d5d143000 is load13 at offset 1163264
0x00007f3d5d143000-0x00007f3d5d144000 is load14 at offset 1167360
0x00007f3d5d144000-0x00007f3d5d145000 is load15 at offset 1171456
0x00007ffee1012000-0x00007ffee1034000 is load16 at offset 1175552
0x00007ffee1120000-0x00007ffee1122000 is load17 at offset 1314816
0x00007ffee1122000-0x00007ffee1124000 is load18 at offset 1323008
0xffffffffff600000-0xffffffffff601000 is load19 at offset 1331200
Finding vma for the offset 5088
0x0000000000400000-0x0000000000401000 is load1 at offset 4096
VMA is approximately **0x04003e0**
Let us dump the contents around the VMA **0x4003e0** in gdb to verify this
localhost:~/offtovma]$ gdb ./test core
GNU gdb (GDB) Fedora 7.9-11.fc22
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from ./test...done.
[New LWP 2721]
Core was generated by `./test'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000000000400582 in main () at test.c:23
23 *null = 1;
Missing separate debuginfos, use: dnf debuginfo-install glibc-2.21-8.fc22.x86_64
(gdb) x/10wx 0x4003e0
0x4003e0: 0x08ec8348 0x0d058b48 0x4800200c 0x0574c085
0x4003f0: 0x00002be8 0xc4834800 0x0000c308 0x00000000
0x400400: 0x0c0235ff 0x25ff0020
(gdb)