Unusual code available...

Fri Feb 8 19:40:37 AEST 1991

You can anon ftp Symboltin.tar from my anonymous account.

This is a program that reads the symbol table of itself or
another program and then 'knows' something about the structures,
typedefs, unions and other user defined c types and something
about the addresses of these things.

The code if far from finished, but it's main goal is to dump an
arbitrary c structure in a form that can be recompiled and have the
values in the structure at dump time. Sort of a printf statment that
knows what you hand it, and it formats its output into recompilable C.

It knows all static addresses, and if someone wants, I can finish the
stack map so it can know for itself a map of its own stack addresses. Don't
expect that to have any meaning external to the program, as the stack
is too volatile viewed from another async process for any addresses in it
to have much meaning.

This program uses the mips/third-eye symbol table, and I have cracked
it so I would not need to build a parallel compiler/parser for c structures. 
There was no documentation except for a few
include files and the help of Dave Anderson at sgi. This program
can be considered to constitute sample code that is worth much more
than any documentation. It even works.

In that same spirit, there is no documentation for this program, yet.

I expect to change it too much to pin my self down at this point. If you
want to know more, please write me and my feeble attempts to explain will
become documentation.

What does it do:

SYNOPSIS:

Symboltin [-p PID|-r PROGRAM_TO_RUN ] executable_compiled_with-g address symbol

-p PID : PID of a running program that can be expected to remain active
while this program attaches to it. Symboltin can only read values from
another program or itself at this time.

-r PROGRAM_TO_RUN: A program which will be launched by Symboltin and then
Symboltin will attach to the child forked process address space. Killing
Symboltin will kill the child program.

executable_compiled_with-g : A target program. In order for it to have a
symbol table, it must be compiled with the -g or -g{1,2,3} flag.

address: If your argument is formated like a 0x1000000 hex number, it will
attempt to look up the value at that address. If you don't specify a PID,
it will look at itself for the value. If you specify a PID, it will look
in that process'es memory space and return that value formated for the
object that templates that address. This includes structs, but does not
include any pointers into the heap at this time. I will eventually get it
to undstand pointers to the Text area, for translating proc addresses to
symbols in another PID. With simple mods it can do proc address->symbol
for its own process space via the run time proc facility from mips.

Eventually, I will get it to understand address/symbol pairs, so if you
want to lookup the value of MyStructTag at 0x100000ff, you will get
a complete recitation in C of the values there templated by MyStructTag.

If your argument is a non numeric character string, it will look up that
symbol that matches that string and return a declarator for that symbol. That
is the c statment that declares that object.

Other args: -D  Dump the ANSI declarators for all the symbols in the binary
            -h  Dump the Header files and supress those declarators in the
			headers 
	    -q  Dump a skeleton C program recovered from the binary.
            -S  Dump all the statics and their values in C

I plan to complete the C structure to Lisp translater very shortly. 
Since the c structure is COMPLETELY digested by the c compiler symbol table
and Symboltin, there is no need to build a parallel compiler/parser to 
translate a c structure declarator into a lisp spec. Or for that matter,
any other mips language.

If this makes no sense to you, or you are wondering why on earth I did this,
just write me. I don't know how to explain how usefull this can be. 

+-----------------------------------------------------------------------------+
| karron at nyu.edu (E-mail alias that will always find me)                      |
| Fax: 212 263 7190           *           Dan Karron, Research Associate      |
| . . . . . . . . . . . . . . *           New York University Medical Center  |
| 560 First Avenue           \*\    Pager <1> (212) 397 9330                  |
| New York, New York 10016    \**\        <2> 10896   <3> <your-number-here>  |
| (212) 263 5210               \***\_________________________________________ |
| Main machine: karron.med.nyu.edu (128.122.135.3) IRIS 85GT                  |
+-----------------------------------------------------------------------------+

NOTE PHONE NUMBER CHANGE: The Med Ctr has changed from 340 to 263 exchange.