security-dwarf-expert
DWARF Debug Information Analysis
When to Use
- Extracting type information, struct layouts, and function signatures from debug symbols
- Analyzing binary layout and memory organization for vulnerability research
- Recovering source-level abstractions from compiled binaries
- Understanding compiler-generated code structure
- Mapping binary addresses back to source locations
- Parsing
.debug_info,.debug_line,.debug_framesections
When NOT to Use
- Source code analysis (use static analysis tools instead)
- Stripped binaries without debug info (use decompilers like Ghidra/IDA)
- Windows PDB files (different format)
Core Tools
# Check for DWARF info
readelf --debug-dump=info binary | head -50
file binary # Look for "with debug_info"
# Dump all DWARF sections
dwarfdump binary
objdump --dwarf=info binary
# List compilation units
dwarfdump --show-form binary | grep DW_TAG_compile_unit
# Extract type definitions
dwarfdump --name=TargetStruct binary
Key DWARF Tags
| Tag | Purpose |
|---|---|
DW_TAG_compile_unit |
Source file compilation unit |
DW_TAG_subprogram |
Function definition |
DW_TAG_variable |
Variable declaration |
DW_TAG_structure_type |
Struct definition |
DW_TAG_member |
Struct field |
DW_TAG_formal_parameter |
Function parameter |
DW_TAG_base_type |
Primitive type (int, char, etc.) |
DW_TAG_pointer_type |
Pointer to type |
DW_TAG_array_type |
Array type with bounds |
Security Applications
- Struct padding analysis: Identify padding bytes that may leak stack data
- Stack frame layout: Map local variable offsets for exploit development
- Type confusion: Verify type sizes and alignment across compilation units
- Function boundary recovery: Accurate function identification for binary analysis
- Source-level debugging: Map crash addresses to source locations
Resources
- DWARF Standard — https://dwarfstd.org/
- libdwarf — https://github.com/davea42/libdwarf-code
- pyelftools — https://github.com/eliben/pyelftools
More from elizaos/eliza
nano-pdf
Edits PDF files using natural-language instructions via the nano-pdf CLI. Supports modifying text, changing titles, fixing typos, and updating content on specific pages. Use when the user wants to edit a PDF, modify PDF content, update PDF text, fix a typo in a PDF, change a PDF title, or rewrite part of a PDF page.
30wacli
Send WhatsApp messages to other people or search/sync WhatsApp history via the wacli CLI (not for normal user chats). Use when the user asks to send a WhatsApp message, text someone on WhatsApp, search WhatsApp chat history, sync WhatsApp conversations, backfill message history, or forward a file via WhatsApp to a third party.
27nano-banana-pro
Generate or edit images via Gemini 3 Pro Image (Nano Banana Pro). Use when the user asks to create an image, generate a picture, produce AI-generated artwork, edit a photo, compose multiple images, or upscale an image to higher resolution. Supports text-to-image generation, single-image editing, and multi-image composition using the Gemini API.
27obsidian
Work with Obsidian vaults (plain Markdown notes) and automate via obsidian-cli. Use when the user asks about notes, vault management, PKM, knowledge base organization, wikilinks, or personal knowledge management in Obsidian.
25session-logs
Search and analyze session logs (older/parent conversations) stored as JSONL files using jq and rg. Use when the user asks about prior chats, previous conversations, conversation history, what was said before, session costs, token usage, or tool usage breakdown across past sessions.
24discord
Use when you need to control Discord from Otto via the discord tool: send messages, react, post or upload stickers, upload emojis, run polls, manage threads/pins/search, create/edit/delete channels and categories, fetch permissions or member/role/channel info, set bot presence/activity, or handle moderation actions in Discord DMs or channels.
24