Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Need help figuring out why my powerpc elf file causing seg fault (https://forum.exetools.com/showthread.php?t=19871)

dion 06-13-2021 13:43

Need help figuring out why my powerpc elf file causing seg fault
 
Hello,

basically, i am trying to embed a vxworks image into an elf binary (a simple hello world c application), just to see if it is possible. if it is possible, i plan to use call cast on the c code to verify certain functions inside vxworks image. but after weeks, i find no way to make this elf run without seg fault (using qemu-ppc). thus, i need help.

so, i used debian, and the commands were like these :
Code:

powerpc-linux-gnu-objcopy -I binary -O elf32-powerpc -B powerpc vxs vxw.o
powerpc-linux-gnu-objcopy --set-section-flags .data=alloc,load,code vxw.o
powerpc-linux-gnu-objcopy --rename-section .data=.vxworks vxw.o
powerpc-linux-gnu-gcc -Wall -Werror -g hello.c -o myprog -T myscript vxw.o -static

vxs is prepared vxworks image. but it can be any binary blob. hello.c :
Code:

#include <stdio.h>

extern unsigned char _binary_vxs_start;
extern unsigned char _binary_vxs_end;

int main()
{
        printf("Hello World!\n");
        unsigned char *pblob = &_binary_vxs_start;
            int i = 0;
        while (i < 100)
        {
        printf("%x: %02X\n", pblob - &_binary_vxs_start, *pblob);
        i++;
        pblob++;
        }

        return 0;
}

the linker script is default linker script modified. i got the default by :
Code:

powerpc-linux-gnu-ld --verbose
i listed here the modifications :
Code:

...
  /* Read-only sections, merged into text segment: */
  /* PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x10000000)); . = SEGMENT_START("text-segment", 0x10000000) + SIZEOF_HEADERS; */
  PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x000FFF4C));
  . = SEGMENT_START("text-segment", 0x000FFF4C) + SIZEOF_HEADERS;

  .vxworks          : { *(.vxworks) }
  .interp        : { *(.interp) }
...

the elf file constructed successfully without any warning. but when run it with "qemu-ppc myprog", it seg fault. this seg fault seems only happen when i set the segment start (in linker script) to that very value. if i set them to other value, they seems to run normally. so, is there anyway to track why seg fault happen?

tried to compare both working elf and notworking elf with readelf, the not working one, doesn't have __ehdr_start. i tried to add that symbol in the linker script :
Code:

__ehdr_start = 0x000FFF4C;
but not worked (still seg fault). it compiled the symbol as global and abs. i can not find anything from google concern this.

any help appreciated.
thanks in advance.

deepzero 06-13-2021 15:17

1 Attachment(s)
Works perfectly fine for me just following your steps.
I do not understand why you change segment_start though? And where does 0x000FFF4C come from?

I am attaching my tests, sw versions I used:

Quote:

deep@zero:~/tmp/ppc$ powerpc-linux-gnu-gcc --version
powerpc-linux-gnu-gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0

deep@zero:~/tmp/ppc$ qemu-ppc --version
qemu-ppc version 4.2.1 (Debian 1:4.2-3ubuntu6.16)

deep@zero:~/tmp/ppc$ powerpc-linux-gnu-ld --version
GNU ld (GNU Binutils for Ubuntu) 2.34

CryptXor 06-13-2021 16:32

Ok i'll poke the elephant in the room

Quote:

Originally Posted by dion (Post 123168)
basically, i am trying to embed a vxworks image into an elf binary (a simple hello world c application), just to see if it is possible. if it is possible, i plan to use call cast on the c code to verify certain functions inside vxworks image. but after weeks, i find no way to make this elf run without seg fault (using qemu-ppc). thus, i need help.

Why? Does it have to be vxworks specifically? Because it seems a lot more straightforward to just implement whatever functions you want yourself :eek:

dion 06-13-2021 16:46

Quote:

Originally Posted by deepzero (Post 123169)
Works perfectly fine for me just following your steps.
I do not understand why you change segment_start though? And where does 0x000FFF4C come from?

I am attaching my tests, sw versions I used:

it is because i need to load the image at certain address (which is 0x00100000). the image is position dependent code.

when i used default loading address(0x10000000), the vx section loaded at (0x100000b4). so, i figured, i just need to substract to get loaded to 0x00100000, which is 0x000FFF4C.

btw, i got :
Code:

Error while loading myprog: Permission denied
when i tried to qemu-ppc your file. the sw version seems to be more updated from what's on mine.

dion 06-13-2021 16:49

Quote:

Originally Posted by CryptXor (Post 123170)
Ok i'll poke the elephant in the room



Why? Does it have to be vxworks specifically? Because it seems a lot more straightforward to just implement whatever functions you want yourself :eek:

yes, because it's what i worked on. i am not trying to implement something on source level, but to verify certain crypto function inside.

deepzero 06-13-2021 17:52

makes sense, and since the file works for me but not for you the issue has to be in your setup...

Try
Quote:

qemu-ppc -strace -D log.log -d guest_errors,int myprog
and see if you get any errors.
Or attach gdb

Quote:

qemu-ppc -g 1234 myprog
And in another terminal: gdb -> target remote localhost:1234 -> continue

dion 06-13-2021 21:08

tried in ubuntu 20.04, installed the bintools and gcc, it works.
must be bug somewhere.

thank you deepzero ;)


All times are GMT +8. The time now is 18:44.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX