I'm using binutils-2.21.53.0.1-6.fc16.x86_64.
I have a small object file, hello.o with just enough "stuff" to have contents in all sections:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000000000 00000040
000000000000005d 0000000000000000 AX 0 0 4
[ 2] .rela.text RELA 0000000000000000 00000808
0000000000000060 0000000000000018 15 1 8
[ 3] .data PROGBITS 0000000000000000 000000a0
0000000000000000 0000000000000000 WA 0 0 4
[ 4] .bss NOBITS 0000000000000000 000000a0
0000000000000053 0000000000000000 WA 0 0 32
[ 5] .rodata PROGBITS 0000000000000000 000000a0
000000000000000f 0000000000000000 A 0 0 1
[ 6] .data.rel.local PROGBITS 0000000000000000 000000b0
0000000000000008 0000000000000000 WA 0 0 8
[ 7] .rela.data.rel.lo RELA 0000000000000000 00000868
0000000000000018 0000000000000018 15 6 8
[ 8] .data.rel PROGBITS 0000000000000000 000000b8
0000000000000008 0000000000000000 WA 0 0 8
[ 9] .rela.data.rel RELA 0000000000000000 00000880
0000000000000018 0000000000000018 15 8 8
[10] .comment PROGBITS 0000000000000000 000000c0
000000000000002d 0000000000000001 MS 0 0 1
[11] .note.GNU-stack PROGBITS 0000000000000000 000000ed
0000000000000000 0000000000000000 0 0 1
[12] .eh_frame PROGBITS 0000000000000000 000000f0
0000000000000058 0000000000000000 A 0 0 8
[13] .rela.eh_frame RELA 0000000000000000 00000898
0000000000000030 0000000000000018 15 12 8
[14] .shstrtab STRTAB 0000000000000000 00000148
0000000000000085 0000000000000000 0 0 1
[15] .symtab SYMTAB 0000000000000000 00000610
00000000000001b0 0000000000000018 16 11 8
[16] .strtab STRTAB 0000000000000000 000007c0
0000000000000045 0000000000000000 0 0 1
If I use -pie and no linker script, the results are as expected:
$ ld -pie -Map hello_pie.map -o hello_pie.elf hello.o
$ ll hello_pie.elf
-rwxrwx---. 1 jreinhart jreinhart 3453 Mar 13 23:44 hello_pie.elf
However, if I include any sort of linker script, the output size explodes:
$ cat 1.ld
SECTIONS
{
}
$ ld -T 1.ld -pie -Map hello_pie.map -o hello_pie.elf hello.o
$ ll hello_pie.elf
-rwxrwx---. 1 jreinhart jreinhart 2100070 Mar 13 23:45 hello_pie.elf
As you can see, this file became huge.
Note that this appears to happen because the .text section insists on starting at offset 0x200000 in the file:
$ readelf -l -S hello_pie.elf
There are 19 section headers, starting at offset 0x200400:
Section Headers:
[Nr] Name Type Address Offset
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS 0000000000000000 00200000 <--- Why?
000000000000005d 0000000000000000 AX 0 0 4
[ 2] .rodata PROGBITS 000000000000005d 0020005d
000000000000000f 0000000000000000 A 0 0 1
[ 3] .eh_frame PROGBITS 0000000000000070 00200070
0000000000000058 0000000000000000 A 0 0 8
[ 4] .interp PROGBITS 00000000000000c8 002000c8
000000000000000f 0000000000000000 A 0 0 1
[ 5] .dynsym DYNSYM 00000000000000d8 002000d8
0000000000000078 0000000000000018 A 6 2 8
[ 6] .dynstr STRTAB 0000000000000150 00200150
0000000000000014 0000000000000000 A 0 0 1
[ 7] .hash HASH 0000000000000168 00200168
0000000000000028 0000000000000004 A 5 0 8
[ 8] .rela.dyn RELA 0000000000000190 00200190
0000000000000078 0000000000000018 A 5 0 8
[ 9] .data.rel.local PROGBITS 0000000000000208 00200208
0000000000000008 0000000000000000 WA 0 0 8
[10] .data.rel PROGBITS 0000000000000210 00200210
0000000000000008 0000000000000000 WA 0 0 8
[11] .dynamic DYNAMIC 0000000000000218 00200218
00000000000000f0 0000000000000010 WA 6 0 8
[12] .got PROGBITS 0000000000000308 00200308
0000000000000018 0000000000000008 WA 0 0 8
[13] .got.plt PROGBITS 0000000000000320 00200320
0000000000000018 0000000000000008 WA 0 0 8
[14] .bss NOBITS 0000000000000340 00200338
0000000000000053 0000000000000000 WA 0 0 32
[15] .comment PROGBITS 0000000000000000 00200338
000000000000002c 0000000000000001 MS 0 0 1
[16] .shstrtab STRTAB 0000000000000000 00200364
000000000000009a 0000000000000000 0 0 1
[17] .symtab SYMTAB 0000000000000000 002008c0
0000000000000258 0000000000000018 18 19 8
[18] .strtab STRTAB 0000000000000000 00200b18
000000000000004e 0000000000000000 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings), l (large)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
Elf file type is DYN (Shared object file)
Entry point 0x0
There are 5 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
PHDR 0x0000000000000040 0x0000000000200040 0x0000000000000000
0x0000000000000118 0x0000000000000118 R E 8
INTERP 0x00000000002000c8 0x00000000000000c8 0x00000000000000c8
0x000000000000000f 0x000000000000000f R 1
[Requesting program interpreter: /lib/ld64.so.1]
LOAD --> 0x0000000000200000 0x0000000000000000 0x0000000000000000
0x0000000000000338 0x0000000000000393 RWE 200000
DYNAMIC 0x0000000000200218 0x0000000000000218 0x0000000000000218
0x00000000000000f0 0x00000000000000f0 RW 8
GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
0x0000000000000000 0x0000000000000000 RW 8
This has been happening regardless of the contents of my linker script. Any ideas what's going on?
I ran into this same problem today when learning about linker scripts. SIZEOF_HEADERS was the magic bullet to solve it. Here is my simple source file to build the object I'm linking:
.section .text
.global _start
_start:
mov $1, %eax
mov $8, %ebx
int $0x80
With the following linker script, I get a 2+ MB executable:
SECTIONS
{
. = 0x400000;
.text : { *(.text) }
}
If I add +SIZEOF_HEADERS, as shown below, I get a 568-byte executable:
SECTIONS
{
. = 0x400000 + SIZEOF_HEADERS;
.text : { *(.text) }
}
Per the LD documentation, this function returns the size of the output file's headers. Manually setting the offset to include the header size also yields a 568-byte executable:
SECTIONS
{
. = 0x400078;
.text : { *(.text) }
}
If I move .text even further down, the executable starts to expand. The following yields a 65984-byte executable:
SECTIONS
{
. = 0x410000;
.text : { *(.text) }
}
So basically, from what I can tell, it appears that:
The first output section appears to share a memory page with the output file headers. If the first section overlaps with the headers, LD emits a full page of pad bytes before outputting the first section to avoid a conflict
To fix this, set the output address for the first output section to X + SIZEOF_HEADERS. This is what the built-in linker script for LD does (you can take a look by running "ld --verbose")
Try the following command line option with ld (or gcc):
-z max-page-size=0x1000
By default ld page-aligns input sections. Since your kernel enforces superpages (pages of 2MB = 0x200000 bytes) your .text section gets aligned at offset 0x200000. It seems like a bug in ld as it should use offset 0x0000000 instead (see EDIT below for a possible explanation)
To prevent this alignment which creates a bigger file, you can use the --nmagic flag to ld to prevent it from page-aligning your .text section although it has side effects (it also disables linking against shared libraries). Be careful though to align other sections (.data, .rodata,...) to 2M pages because they can't live in the same page as .text since all these sections require different access bits.
EDIT: thinking about it, we all expect accesses to virtual address 0x00000000 to generate an exception (segfault). To do so, I see two possibilities: either the kernel maps a page with no access rights (r/w/x) or (more likely) it simply doesn't map anything (no page mapped => segfault) and the linker must know that somehow... that could explain why ld skips the first page which is at address zero. This is TBC.
Related
I'm new to MATLAB and I get the following crash information when running GISTIC2 based on MCR. No problem running that algorithm in other machine we are using.
------------------------------------------------------------------------
Segmentation violation detected at Thu Jul 8 23:01:05 2021
------------------------------------------------------------------------
Configuration:
Crash Decoding : Disabled
Current Visual : 0x21 (class 4, depth 24)
Default Encoding : UTF-8
GNU C Library : 2.31 stable
MATLAB Architecture: glnxa64
MATLAB Root : /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83
MATLAB Version : 8.3.0.532 (R2014a)
Operating System : Linux 5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021 x86_64
Processor ID : x86 Family 143 Model 96 Stepping 1, AuthenticAMD
Virtual Machine : Java 1.7.0_11-b21 with Oracle Corporation Java HotSpot(TM) 64-Bit Server VM mixed mode
Window System : The X.Org Foundation (12009000), display :0
Fault Count: 1
Abnormal termination:
Segmentation violation
Register State (from fault):
RAX = 0000000000000000 RBX = 00007f7790b2c190
RCX = 0000000000000000 RDX = 0000000000000000
RSP = 00007f77f2becde8 RBP = 00007f77ec0376c0
RSI = 000000003e07c725 RDI = 0000000000000000
R8 = 0000000000000007 R9 = 00312d3634363031
R10 = 00007f77f2becc70 R11 = 0000000000000000
R12 = 0000000000000000 R13 = 00007f77f2bed180
R14 = 0000000000000000 R15 = 0000000000000000
RIP = 00007f7807063675 EFL = 0000000000010283
CS = 0033 FS = 0000 GS = 0000
Stack Trace (from fault):
[ 0] 0x00007f7807063675 /lib/x86_64-linux-gnu/libc.so.6+01619573
[ 1] 0x00007f77f588ec18 /lib/x86_64-linux-gnu/libX11.so.6+00134168 XLoadQueryFont+00000056
[ 2] 0x00007f77f870adf0 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwuix.so+00261616
[ 3] 0x00007f77f870baae /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwuix.so+00264878
[ 4] 0x00007f77f870bd29 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwuix.so+00265513
[ 5] 0x00007f77f8e5d143 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwgui.so+00663875 _Z21wm_SetUnadjWindowFontP10WinRec_tagP6mxFont+00000083
[ 6] 0x00007f77f8e5d74b /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwgui.so+00665419 _Z22wm_GetDeviceFontExtentP10WinRec_tagP6mxFontPKcdP6mwrect+00000315
[ 7] 0x00007f77f8e78fff /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwgui.so+00778239 uiGetDeviceFont+00000815
[ 8] 0x00007f77f8e79171 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwgui.so+00778609 _Z15uiSetWindowFontP10WinRec_tagP6mxFont+00000017
[ 9] 0x00007f77f8e5d013 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwgui.so+00663571 _Z16wm_SetWindowFontP10WinRec_tagP6mxFont+00000083
[ 10] 0x00007f77a5d81195 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05001621
[ 11] 0x00007f77f8e9489d /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwgui.so+00891037 _ZN11gui_objects10tickpicker12nicefyLimitsERNS0_14AxisDescriptorENS0_8AxisTypeE+00000173
[ 12] 0x00007f77f8e94cc3 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwgui.so+00892099 _ZN11gui_objects10tickpicker12nicefyLimitsERNS0_14AxisDescriptorE+00000019
[ 13] 0x00007f77a5d816d9 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05002969
[ 14] 0x00007f77a5ce57df /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+04364255
[ 15] 0x00007f77a5cd0b1f /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+04279071
[ 16] 0x00007f77a5dd4740 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05343040
[ 17] 0x00007f77a5dd427c /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05341820
[ 18] 0x00007f77a5dc72b0 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05288624
[ 19] 0x00007f77f746bded /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwudd.so+00634349
[ 20] 0x00007f77f7465153 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwudd.so+00606547 _ZN11UDInterface15notifyPropEventEP16UDDatabaseClientPK10UDPropInfoPK11UDEventInfoP7UDEvent+00000115
[ 21] 0x00007f77f7468671 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwudd.so+00620145 _ZN11UDInterface4setEEP16UDDatabaseClientP10UDPropInfoPvP13UDErrorStatus+00000593
[ 22] 0x00007f77a5dd15b6 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05330358
[ 23] 0x00007f77a5dcbadd /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05307101
[ 24] 0x00007f77a5dca0d0 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05300432
[ 25] 0x00007f77a5db06f5 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05195509
[ 26] 0x00007f77a5dbdfd0 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05251024
[ 27] 0x00007f77a5db7408 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05223432
[ 28] 0x00007f77a5dbe432 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05252146
[ 29] 0x00007f77a5dc3113 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhg.so+05271827 hgSet+00001107
[ 30] 0x00007f77a6c80742 /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwhgbuiltins.so+00345922
...
[125] 0x00007f77fba703bf /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwmcr.so+00365503
[126] 0x00007f77fba6b28f /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/bin/glnxa64/libmwmcr.so+00344719
[127] 0x00007f78070d3609 /lib/x86_64-linux-gnu/libpthread.so.0+00038409
If this problem is reproducible, please submit a Service Request via:
http://www.mathworks.com/support/contact_us/
A technical support engineer might contact you with further information.
Thank you for your help.** This crash report has been saved to disk as /home/lcj/matlab_crash_dump.29508-1 **
Segmentation fault (core dumped)
After renaming the libstdc++.so.6 library to libstdc++.so.6.old in ~/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83/sys/os/glnxa64, I got the following crash information.
------------------------------------------------------------------------
Segmentation violation detected at Sat Jul 10 23:22:39 2021
------------------------------------------------------------------------
Configuration:
Crash Decoding : Disabled
Current Visual : 0x21 (class 4, depth 24)
Default Encoding : UTF-8
GNU C Library : 2.31 stable
MATLAB Architecture: glnxa64
MATLAB Root : /home/lcj/Biosoft/GISTIC2/MATLAB_Compiler_Runtime/v83
MATLAB Version : 8.3.0.532 (R2014a)
Operating System : Linux 5.8.0-59-generic #66~20.04.1-Ubuntu SMP Thu Jun 17 11:14:10 UTC 2021 x86_64
Processor ID : x86 Family 143 Model 96 Stepping 1, AuthenticAMD
Virtual Machine : Java 1.7.0_11-b21 with Oracle Corporation Java HotSpot(TM) 64-Bit Server VM mixed mode
Window System : The X.Org Foundation (12009000), display :0
Fault Count: 1
Abnormal termination:
Segmentation violation
Register State (from fault):
RAX = 0000000000000000 RBX = 00007f26c0b99880
RCX = 0000000000000000 RDX = 0000000000000000
RSP = 00007f2720dcede8 RBP = 00007f271c0376c0
RSI = 000000003e07c725 RDI = 0000000000000000
R8 = 0000000000000007 R9 = 00312d3634363031
R10 = 00007f2720dcec70 R11 = 0000000000000000
R12 = 0000000000000000 R13 = 00007f2720dcf180
R14 = 0000000000000000 R15 = 0000000000000000
RIP = 00007f2735246675 EFL = 0000000000010283
CS = 0033 FS = 0000 GS = 0000
Stack Trace (from fault):
Caught "std::exception" Exception message is:
FatalException
Error:FatalException
Any clues to solve this errors?
I'd like to get a trace of function calls inside comctl32.dll beginning when the left mouse button is pressed on a tree control item and while the mouse button is held down.
I can set a breakpoint on comctl32!TV_ButtonDown and then use wt when the breakpoint is hit but this requires me to release the mouse button and interact with WinDbg. When I try to use a command string for my breakpoint like this: bp comctl32!TV_ButtonDown "wt -m comctl32", the tracing stops immediately after starting upon hitting the breakpoint:
Tracing COMCTL32!TV_ButtonDown to return address 00007ffd`57a48f1d
0 instructions were executed in 0 events (0 from other threads)
Function Name Invocations MinInst MaxInst AvgInst
0 system calls were executed
COMCTL32!TV_ButtonDown+0x5:
00007ffd`57b03bd9 48896c2418 mov qword ptr [rsp+18h],rbp ss:000000b7`746f8b00=0000000000000201
Is what I am attempting possible? Are there any alternatives?
not 64 bit but 32 bit
supply the end address
( top of stack or return address is what i give #$ra and don't release the mouse
it is not mandatory that you give #$ra but you should be sure that you will reach the end address
eventually without releasing the mouse lsft button)
0:000> bl
0 e Disable Clear 6e57a2ee 0001 (0001) 0:**** COMCTL32!TV_ButtonDown "wt -m comctl32 #$ra"
0:000> g
17 0 [ 0] COMCTL32!TV_ButtonDown
10 0 [ 1] COMCTL32!GetMessagePosClient
3 0 [ 2] USER32!GetMessagePos
18 3 [ 1] COMCTL32!GetMessagePosClient
17 0 [ 2] USER32!ScreenToClient
25 20 [ 1] COMCTL32!GetMessagePosClient
20 45 [ 0] COMCTL32!TV_ButtonDown
22 0 [ 1] COMCTL32!TV_DismissEdit
14 0 [ 2] USER32!IsWindowVisible
26 14 [ 1] COMCTL32!TV_DismissEdit
10 0 [ 2] USER32!GetDlgCtrlID
33 24 [ 1] COMCTL32!TV_DismissEdit
10 0 [ 2] USER32!SetWindowLongW
48 34 [ 1] COMCTL32!TV_DismissEdit
16 0 [ 2] COMCTL32!TV_InvalidateItem
40 0 [ 3] COMCTL32!TV_GetItemRect
24 40 [ 2] COMCTL32!TV_InvalidateItem
4 0 [ 3] USER32!NtUserRedrawWindow
27 44 [ 2] COMCTL32!TV_InvalidateItem
52 105 [ 1] COMCTL32!TV_DismissEdit
4 0 [ 2] USER32!NtUserShowWindow
58 109 [ 1] COMCTL32!TV_DismissEdit
34 0 [ 2] COMCTL32!CCSendNotify
25 0 [ 3] USER32!GetParent
40 25 [ 2] COMCTL32!CCSendNotify
18 0 [ 3] USER32!GetWindow
44 43 [ 2] COMCTL32!CCSendNotify
10 0 [ 3] USER32!GetDlgCtrlID
57 53 [ 2] COMCTL32!CCSendNotify
24 0 [ 3] USER32!GetWindowThreadProcessId
60 77 [ 2] COMCTL32!CCSendNotify
1 0 [ 3] kernel32!GetCurrentProcessIdStub
1 0 [ 3] kernel32!GetCurrentProcessId
3 0 [ 3] KERNELBASE!GetCurrentProcessId
87 82 [ 2] COMCTL32!CCSendNotify
24 0 [ 3] USER32!SendMessageW
109 106 [ 2] COMCTL32!CCSendNotify
16 0 [ 3] COMCTL32!InOutAtoW
118 122 [ 2] COMCTL32!CCSendNotify
3 0 [ 3] COMCTL32!__security_check_cookie
120 125 [ 2] COMCTL32!CCSendNotify
67 354 [ 1] COMCTL32!TV_DismissEdit
4 0 [ 2] USER32!NtUserDestroyWindow
75 358 [ 1] COMCTL32!TV_DismissEdit
3 0 [ 2] COMCTL32!__security_check_cookie
77 361 [ 1] COMCTL32!TV_DismissEdit
27 483 [ 0] COMCTL32!TV_ButtonDown
3 0 [ 1] COMCTL32!__security_check_cookie
29 486 [ 0] COMCTL32!TV_ButtonDown
515 instructions were executed in 514 events (0 from other threads)
Function Name Invocations MinInst MaxInst AvgInst
COMCTL32!CCSendNotify 1 120 120 120
COMCTL32!GetMessagePosClient 1 25 25 25
COMCTL32!InOutAtoW 1 16 16 16
COMCTL32!TV_ButtonDown 1 29 29 29
COMCTL32!TV_DismissEdit 1 77 77 77
COMCTL32!TV_GetItemRect 1 40 40 40
COMCTL32!TV_InvalidateItem 1 27 27 27
COMCTL32!__security_check_cookie 3 3 3 3
KERNELBASE!GetCurrentProcessId 1 3 3 3
USER32!GetDlgCtrlID 2 10 10 10
USER32!GetMessagePos 1 3 3 3
USER32!GetParent 1 25 25 25
USER32!GetWindow 1 18 18 18
USER32!GetWindowThreadProcessId 1 24 24 24
USER32!IsWindowVisible 1 14 14 14
USER32!NtUserDestroyWindow 1 4 4 4
USER32!NtUserRedrawWindow 1 4 4 4
USER32!NtUserShowWindow 1 4 4 4
USER32!ScreenToClient 1 17 17 17
USER32!SendMessageW 1 24 24 24
USER32!SetWindowLongW 1 10 10 10
kernel32!GetCurrentProcessId 1 1 1 1
kernel32!GetCurrentProcessIdStub 1 1 1 1
0 system calls were executed
eax=00000000 ebx=00000201 ecx=422f0fd7 edx=77a370f4 esi=002d9590 edi=00000200
eip=6e542888 esp=0012fcc4 ebp=0012fd00 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
COMCTL32!TV_WndProc+0x577:
6e542888 e90a060000 jmp COMCTL32!TV_WndProc+0x5de (6e542e97)
I wonder if there is a way in windbg to set a breakpoint in all over the code when one of the register get a specific value or point to specific value.
to be more specific, somewhere in the code return "Err". I want to set a breakpoint that whenever EAX or other registers point to somthing like "Err", stop the code.
also I must say that there is no way to find "Err" in disassemblers.
a break point is always tied to an address be it software breakpoint or hardware breakpoint
if you use a memory breakpoint it would be triggered on a page boundary (page_gaurd_violation)
other than that you have to single step
you can try windbgs wt (watch and trace command with a depth argument )
combined with a generic break-point address if You want to watch only eax (the return value of any call )
an example below
os windows 7 sp1 32 bit
windbg version 10.0.16299.15
debuggee calc.exe
generic breakpoint calc!WinMain
command used wt -l 8 -or
before windbg breaks it would have traced around 7500 calls in this depth
>wc -l foo.txt & head foo.txt
7679 foo.txt
0:000> bp calc!WinMain
0:000> wt -l 8 -or
3 0 [ 0] ntdll!LdrpDoDebuggerBreak
11 0 [ 1] ntdll!_SEH_epilog4 eax = 0
4 11 [ 0] ntdll!LdrpDoDebuggerBreak eax = 0
>> No match on ret
4 11 [ 0] ntdll!LdrpDoDebuggerBreak
12 0 [ 0] ntdll!LdrpInitializeProcess
*** ERROR: Module load completed but symbols could not be
1 0 [ 1] ntdll!NtQueryInformationProcess
and you know eax has 88 and you want to check for it you can employ some grep magic like this
>grep -i "eax = .*88" foo.txt
21 0 [ 7] msvcrt!_SEH_prolog4 eax = ef388
21 0 [ 8] KERNELBASE!_SEH_prolog4 eax = ee788
14 0 [ 8] ntdll!RtlpAllocateDebugInfo eax = 2c7b88
21 0 [ 7] ntdll!_SEH_prolog4 eax = ef388
44 0 [ 8] ntdll!RtlAllocateHeap eax = 2c88c0
57 0 [ 8] ntdll!RtlDebugAllocateHeap eax = 2c88c0
3 0 [ 8] ntdll!RtlpAllocateHeap eax = 2c88c0
15 0 [ 8] ntdll!RtlAllocateHeap eax = 2c88c0
6 0 [ 7] ole32!CPageAllocator::CPageAllocator eax = 76b88814
6 0 [ 7] ole32!CPageAllocator::CPageAllocator eax = 76b87688
6 0 [ 7] ole32!CPageAllocator::CPageAllocator eax = 76b86788
3 0 [ 6] ole32!`dynamic initializer for 'arDcomInterfaces'' eax = 76a87988
32 0 [ 8] ole32!_onexit eax = 76a7e88b
31 96 [ 7] ole32!ComVerifierSettings::ComVerifierSettings eax = 76b88aef
104 0 [ 8] ntdll!RtlDebugAllocateHeap eax = 2ca880
11 0 [ 8] ntdll!_SEH_epilog4 eax = 2ca880
33 136 [ 7] ntdll!RtlpAllocateHeap eax = 2ca880
44 169 [ 6] ntdll!RtlAllocateHeap eax = 2ca880
14 0 [ 5] WINMM!WPP_INIT_CONTROL_ARRAY eax = 68d68f88
7 0 [ 8] WINMM!soundPlay eax = ffffffff`f7d0ed88
7 0 [ 8] WINMM!soundPlay eax = ffffffff`fbf886bb
13 0 [ 8] KERNELBASE!GetTickCount eax = 346883
7 0 [ 8] WINMM!soundPlay eax = ffffffff`ff48a886
7 0 [ 8] WINMM!soundPlay eax = 3010388
once you narrow down set specific breaks based on the sample data gathered
here is a specific scenerio you know the error code is 0xc0000034 and you know you dont want NtOpenKey which returns that value but some other api
you can employ some thing like this notic there is only one avast hook which return the error which you can latch on
>grep -i "eax =.*c.*34" foo.txt | grep -v -iE "ntopen|query|Image"
18 0 [ 8] KERNELBASE!BaseGetProcessDllPath eax = 2c634c
51 0 [ 8] KERNELBASE!BasepGetCachedPath eax = 2c634c
18 80 [ 7] KERNELBASE!BaseGetProcessDllPath eax = 2c634c
99 0 [ 8] aswhookx eax = ffffffff`c0000034
Hi I am trying to use tiff2pdf to convert some tiff files captured by the fax application in asterisk to PDF
I have installed tiff2pdf by the following method:
sudo yum install ghostscript libtiff
When I execute the command to convert I get the following:
[root#cloud01 tmp]# tiff2pdf FAX-443439791001-2015-09-26_00-34-40.tiff
II*%PDF-1.1
%âãÏÓ
1 0 obj
<<
/Type /Catalog
/Pages 3 0 R
>>
endobj
2 0 obj
<<
/CreationDate (D:20150926003458)
/ModDate (D:20150926003458)
/Producer (libtiff / tiff2pdf - 20100615)
/Creator (Spandsp 20110122 075024)
/Subject (01279 850795)
>>
endobj
3 0 obj
<<
/Type /Pages
/Kids [ 4 0 R ]
/Count 1
>>
endobj
4 0 obj
<<
/Type /Page
/Parent 3 0 R
/MediaBox [0.0000 0.0000 609.8823 833.8776]
/Contents 5 0 R
/Resources <<
/XObject <<
/Im1 7 0 R >>
/ProcSet [ /ImageB ]
>>
>>
endobj
5 0 obj
<<
/Length 6 0 R
>>
stream
q 609.8823 0.0000 0.0000 833.8776 0.0000 0.0000 cm /Im1 Do Q
endstream
endobj
6 0 obj
62
endobj
7 0 obj
<<
/Length 8 0 R
/Type /XObject
/Subtype /Image
/Name /Im1
/Width 1728
/Height 1135
/BitsPerComponent 1
/ColorSpace /DeviceGray
/Filter /CCITTFaxDecode /DecodeParms << /K -1 /Columns 1728 /Rows 1135>>
>>
stream
ó"yËhªŠf.f)àù˜¦b™Šf))dJ†Nï…3dO<)P)àç…<𧃖îØsÁ ó<Ÿ)ò|¾Ol¸97päù S`ä\S7™Šfág³#Ìú#ÌöyžÏ3ÙæqS¼#Ìâù÷¡æ{;Â<Ϥ#Ìâ3Ùô<Ϥ#Ìövúgsœó9ÿüÏ:s›èsŸ‚/„yÎyžÎðó=ÿü(A…ÂøþyáGð‚ÿð¡ÿÿðÿÿÿ|(þxøAaøA„wáÿòïÇÿä'B;ÿú_„g°‹þoÿ ïÂ
ïá!Â
, °‚ð‚Ãá<ó>î^AØpžg¸Aay½ŽCŸøg¿ñü„7â¾l/ð‚øAO3ðPü ‚
:xAcÃð‚Ê|B<Ϧ”øóÌî{>‚
ï
ïþsþs} AäüáaøACøA
, ¡p/…á_ð°‚ÿÃ9ðøAÿÿø_ÂøAxA~Aÿáty?þ_æÿüßþÏœü8aÿÎxgïø‡à°Âðˆ0ŒÅ"á!úN0ð#ˆyɆaH0‚!îì„¿ÿæÂrnÿ
“ä\#Á0Â<""""""""""""""""""""†ÊÐ`ÃÃÁ·ÃÛvØpÏn‚#Ì8»D|·vÛaÓ
†G 0Èl0s.a†pÑ0í°Ão[•6
“c<Ž¥ºª
838—Á²:†Q±œÙÍŒÂ#¢?hŽ¡¢:#òÜÎàÎoSQa¶áÃ`ÌÔ
‘û: 0qg:# `ì60pØaƒÎ`î`ÁĆÁƒ†RˆüCDt9œÃÐn´pÎpÃD
C†Q æøCMˆÚ#Ñ#â
8‘Ó ÍA{
;(€Á¢=g!†ì2l;‰ ìM9¼ñf Ù6/ƒ32ÎÎn€áœÝÃ9ºˆ35+&ÂH0â
0vpØ0pÊÐ0hYômÄŽ˜`ÈÚåB ÍB °¦ÑaÄš–M‹qf¡©6#ʦ™‘Ón“e4šdŒÆâ0eˆMLHèm0Q&êù6JØ8“r|›lIºNm00aÉ¿`ÌÓV ÎMφ[L`ƒ‘Õ‡&õ `ø0âGÃÍÄŒÓÀÊ7;NŽƒ-¤hÊ7%ÐaÄŽ–ÒXe”
›\8—#Ëi2Êq:³´‹ ¹b
°Ãƒ ¡ÎÒ(>!¤,ᙤ&ÎvØg73Hè0â
0ᆠÍ%Ýa;H‰†f•AÈê6GRÈjƒ$tMÕh†šC†å’h33L™ÍÉC‰už$tÁÄpe³BË"t
ƒá»1²ƒ5•C °`á†8aƒD~ØhŽ¡°ÁØ0`àØr:†cdáÛGáÃe› ;9ºXq.™šTÎn—#¨em`¶hÃaÈü0Á²:¶
ÌÑ0ÖA¤ C†
ÌÐ! pØdšÃb
82™¤Ë ®$z ÎÍ™µƒ;7PÌÍ C”Í£q#ðÎÍ€ÎÍ33
Ãøg6*Dua†Aƒ–á2mRVs`³5U1°P83›paٔʦ©P3›)2:ˆ4G帲#¡aDGxlÁ˜–Ù‹a–Ì%Gá”l.Ìl.6
¦b›-˜ ¶¨ÛDt8³›"?l[‰0{&Ëuƒ
82‡)˜TðËf
Pp`ááœr™„Æ0á¸ff'veMÃ;00Î9LÊàÎÌàÎ9LÇ,°‰B
ã”Îf,ìƒ$u:n!¸fgXfuPggS
ÌáMÁœµÈüC(r™ÅÞÇ)œL0àäu;O †PægV؆í†S8FÙ™Ä6
Ìõ¶Ë ªft
A”9LómÈü0Ãv0á†på‘ÐaØ1v„°Ã
í
a†ÚC
ˆgh(ÃveSB“bÎÐl8a†îh0ɹšv‚¡
0Ì9Ml0n`ÌÐdÜÉ)0ÙLº”9Ú†ÄC)¡C
Hô0Á”Ð00Ùm†jVˆêÛpaƒ;Ea™£ƒ
òlD C”ц,ã”Êh
8lNG3(#ÊeXlDYÇ)•P0Ɔ
¡Êe
1e2‚tËe*l›¢Ê*¡ƒ[(«eob
Ì£A†YðgelC)”À`ÙC”9L¡‚G†Å™”C`ÎÊ¢>YfeÔ6$t
ã”ʀ؋;-eMPå2ðlXv
µ
CbÎÈhÙdAÈ0Ä2ÙŠÞe¨¢Û3! l³ŠàÎȨÃ,‚hC(r™Ú#¡+‹(s²†ˆùdÄC)±±e²0ËQf†ÁM°Ê¦A¦dBÎÈD|C;"FÃ3"€ÃfBí‰Ô6Ã°Ë ¢,£jسŽS!Ãa¢?aˆgdæÃ)“
HêÙdÄ¿lDÃD|3ŽQºËe]0ÄŽ»læó*#f7S
1HHý±
ÛÎ9Fá £pPÛ)Ê7+aŠVÄŽá†Z¥øl2ÅlæâFE;aœÜhCDtÌ0Ë!J
7aƒ9¸€Øg7NÙd*A”oXaˆ‘øhŽƒ9¹
0Ë7˜lvnØÃ
²"Ê«‘Õ±sc0Øg6Ka–B¤FÉA†$tÌl²Øƒ(Ù`0Ù•[,…H7
6vU£›)4GÄ2‚ÃbGPØ‘û
†Q²#ÑB¤$zÃg6.#áœØB¤Í«Ä3›jÃ,…(3ŽQ²DtÎʬå{ 3BGPÃ,…)”l,âÊ£a0Ùd,BÎl6ÃÎl†sc
Rf6˜lAœÛš#¢ÈT˜vƒ(ÚDtY
БղÈT™Û’†vêË!ZŽ…á†$u
¡ÊnÎÈTS#gn
L…ESB²mRB›–ÙÛ•‹!^Û”3µVJn.l…4jvâa¢:Èè0pÑtÃ… 2š*؆a‡GEY7r:ƈùdÃhŽƒ)¢·ÎÑXpÎ9L‚Å4'pÃ:
0ŸhŽƒrÈ-‡.¡œsµVpÓš«AÃdt
6pÁ†ˆü9dMÛ.™M
8°pÙ
0ᙪ´0eÂåÔ2Ú«HŽ¡Ë Þ0pÊd)¡[™3µRÈgj¥¸g¦ªË‡#àÁÃE
89è7hCpÌÕZr:aÑÑdHƒpÑt!¢?i‡
¶ªË†Ë"M‡
†4GA»
†áœrš«á†Y¦¡¡ 0àá‡g¦Bgh0¡Å“‘fj¬‡
Ðghpì;†[UT©l°ƒ&ÕUvVÔ˜aÄebAÃ8å5IQ†Æš¤í–#xhÃdtMn#¡.ƒÃe4
Œ3ŽS\Ì0á²Éª†
KB¯n
ÃDu`à݇7d)˜¬f
Ãd¥a†áÈè3³¸eµë 1†á–×GE’Šc
”ÌpÃ
²QYšÆA‡
8a–OW#¡#¨mœ°8ÙlžS9Hla‡xgk[X¡¢:‡†fL)œ Èèa‡GPÙd…
1†
²ðÑtÝ¡†vAÎÏXeµªGPÑtMÌÕ¢>0ðÃ&éju
Û†qÊ7S) ”60e5JÚ¢Á–Õ ÍaÁ”9MS6჆áìíU€Î9MU#ðÊrš¡O
-¨”#¨³µXw#¨n 8jÎå5Rƒ;U[ÙmRá¢:Œ8`àäur:‹;V™«ÅrÔÑE¸2š°ÎÕ3µ
ÆãE4TÃn
íBÆᙨPpÃ)¨&$z
qÊj
Ã;L˜gi¨ 87aÄXpx‘Ôe˜±Ã8å5 9Fá¦fM3"È ˆfi¬šjA¸fi‚;L°3´Ê„Û†qÊi‰
í0a¦ 34ëSN¦f˜`ÌÓ8lŽ£pÌÓ‡#¨aÃpfi%2Òú%Õ™¤Êí"Ñ
í"°Êi2‡)¤.ÉuNpÙ6PÎÒHÚJÃ+f§fƒf\ÌíÁs,3´«
Í-‘ÔYC”Ò£Ã2à…4(På4 x‘øe.[#êðÌÍ[
82™«
¦i(‘è2™ªLÌÐPÙ‡†0á¸gfŠ2lÑ aÃpÃ;5CpÎÍ.LÑ]YÙº†På3HS”͘ áá›l†a˜g¦bØr:gf†vb¨g¦`XaÑÔ<Hý¸ff
ᙘ$pÃ;1 gf+
ã”Ì.ܦeA¨gfj™„á™™0e3=™ƒ-C.Ä‹n¬×Ã2*†eáCiÔHðÈêLêB]Ylå`ñ#«38°3³Š7
Ìã#ÊgfgH$tGV¬¡Êg."GVfzƒÄŽˆêäu
Œ3³Àe´pÌДpÜHü2šYÚÃ)aR<0ÁÃgh
Ã;A0ÎÐ 2‡;# ã”Ð&/Ň
¦‚GVM €n
í`àÃ3#íÔYl©e¯jÎÊ´l¤…®…geS
¡Êe
,мY‡)”¬E”¤´–÷#¨Hn"Gì832
µÅh3²„
ÄCeq¥ ¡Ê7Ny‹;*pÌ˨3²†ÙPl¾
¶C"Ø…e²,–ÄÕ”9C”Ȧ-ÔYC”È
ĺ³2Êd+fd(vA`Ì9LƒcpÎÈ™ ƒ;"€Ëd
¶JÙl˜[ HŽø†ss0Ê72?aÁœÜ”3í(¦ë!œÝL3›…‰DŽˆê,æå!˜ÜXHèŽÆ["|3p‚Gâ]YFõ ‰ÔF[+J&”n8—â]YFËB_†se#Ê]ÊP—ÆÍ‹F[#è‘øe
Í€ƒ9²#Ê£eÊ&8e$~9m,(‘øg6/Æ[n¢]G-°ÔHê9L£-µj2ÛQ.£ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿø€
endstream
endobj
8 0 obj
4041
endobj
xref
0 9
0000000000 65535 f
0000000016 00000 n
0000000068 00000 n
0000000253 00000 n
0000000317 00000 n
0000000493 00000 n
0000000611 00000 n
0000000629 00000 n
0000004913 00000 n
trailer
<<
/Size 9
/Root 1 0 R
/Info 2 0 R
/ID[<67458B6BC6237B3269983C6473483366><67458B6BC6237B3269983C6473483366>]
>>
startxref
4933
%%EOF
[root#cloud01 tmp]#
Am I missing a library or some other dependency?
Thanks
From the man page:
tiff2pdf opens a TIFF image and writes a PDF document to standard output.
Perhaps if you tried:
tiff2pdf FAX-443439791001-2015-09-26_00-34-40.tiff > FAX-443439791001-2015-09-26_00-34-40.pdf
I need to know what tm->when means, but proc(5) doesn't mention anything helpful,
So, does it store the creation time of the socket? The number seems to be decreasing each time I view the file.
root#ubuntu-vm:~# cat /proc/net/tcp
sl local_address rem_address st tx_queue rx_queue tr tm->when retrnsmt uid timeout inode
0: 00000000:0CEA 00000000:0000 0A 00000000:00000000 00:00000000 00000000 104 0 17410 1 dddb6d00 100 0 0 10 -1
1: 00000000:0016 00000000:0000 0A 00000000:00000000 00:00000000 00000000 0 0 7959 1 dddb4500 100 0 0 10 -1
2: B238A8C0:0016 0138A8C0:9C96 01 00000000:00000000 02:00061444 00000000 0 0 8243 4 daa3c000 20 4 27 10 16
3: B238A8C0:0CEA 0138A8C0:8753 01 00000000:00000000 02:0009C787 00000000 104 0 19467 2 daa3e300 20 4 18 10 -1
From Exploring the /proc/net/ Directory
The tr field indicates whether a timer is active for this socket. A value of zero indicates the timer is not active. The tm->when field indicates the time remaining (in jiffies) before timeout occurs.