Core dump note section

Question

Following my question about manually generating a core dump file, I decided to dive into it and get my hands dirty.

I am able to build the basic core dump structure

Answer 1

After some tests I figured things out, answering for anyone looking for this information :

Can someone confirm I am going the right way structuring my Elf file this way ?

Yes.

As GDB is accepting the file, this seems to be the right way of doing. Results shown by readelf -a show the correct structure, good so far.

I am not sure about where should lay the data (note & program sections) into my file : is there a mandatory order, or is this my program headers offset that define where the data is ?

Offsets given to Phdr.p_offset should point where the data lays in the Elf file. They start at the very beginning of the file.

For example :

The p_offset for the PT_NOTE program header should be set at sizeof(ElfW(Ehdr)) + ehdr.e_phnum*sizeof(ElfW(Phdr)). ehdr.e_phnum being the number of program header present in the Elf file.

For the PT_LOAD program header, this is a bit longer, cause we will also have to add length of all the note sections. For a "standard" core dump with a note segment containg NT_PRSTATUS, NT_PRPSINFO and NT_AUXV sections, offset for the PT_LOAD data (Phdr.p_offset) will be :

sizeof(ElfW(Ehdr)) + ehdr.e_phnum*sizeof(ElfW(Phdr))
+ sizeof(ElfW(Nhdr)) + sizeof(name_of_section) + sizeof(struct prstatus)
+ sizeof(ElfW(Nhdr)) + sizeof(name_of_section) + sizeof(struct prpsinfo)
+ sizeof(ElfW(Nhdr)) + sizeof(name_of_section) + sizeof(struct auxv_t)