dwarf-expert
Technical expertise for analyzing DWARF debug files and understanding the DWARF standard (v3–v5).
- Covers DWARF standard questions, parsing debug information from binaries, and code that interacts with DWARF data
- Provides verification workflows using
llvm-dwarfdump --verifyfor structural validation and quality metrics - Supports parsing tools including
dwarfdump,readelf, and DWARF parsing libraries (libdwarf, pyelftools, gimli) - References authoritative sources: official DWARF standards, LLVM implementation, and libdwarf reference code
- Excludes DWARF v1/v2, general ELF parsing, executable debugging, binary reverse engineering, and compiler-specific generation issues
Overview
This skill provides technical knowledge and expertise about the DWARF standard and how to interact with DWARF files. Tasks include answering questions about the DWARF standard, providing examples of various DWARF features, parsing and/or creating DWARF files, and writing/modifying/analyzing code that interacts with DWARF data.
When to Use This Skill
- Understanding or parsing DWARF debug information from compiled binaries
- Answering questions about the DWARF standard (v3, v4, v5)
- Writing or reviewing code that interacts with DWARF data
- Using
dwarfdumporreadelfto extract debug information - Verifying DWARF data integrity with
llvm-dwarfdump --verify - Working with DWARF parsing libraries (libdwarf, pyelftools, gimli, etc.)
When NOT to Use This Skill
- DWARF v1/v2 Analysis: Expertise limited to versions 3, 4, and 5.
- General ELF Parsing: Use standard ELF tools if DWARF data isn't needed.
- Executable Debugging: Use dedicated debugging tools (gdb, lldb, etc) for debugging executable code/runtime behavior.
- Binary Reverse Engineering: Use dedicated RE tools (Ghidra, IDA) unless specifically analyzing DWARF sections.
- Compiler Debugging: DWARF generation issues are compiler-specific, not covered here.
Authoritative Sources
When specific DWARF standard information is needed, use these authoritative sources:
More from trailofbits/skills
ask-questions-if-underspecified
Clarify requirements before implementing. Use when serious doubts arise.
4.2Ksemgrep
>-
3.8Kmodern-python
Configures Python projects with modern tooling (uv, ruff, ty). Use when creating projects, writing standalone scripts, or migrating from pip/Poetry/mypy/black.
3.7Kcodeql
>-
3.6Kinsecure-defaults
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
3.5Ksecure-workflow-guide
Guides through Trail of Bits' 5-step secure development workflow. Runs Slither scans, checks special features (upgradeability/ERC conformance/token integration), generates visual security diagrams, helps document security properties for fuzzing/verification, and reviews manual security areas.
3.4K