Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-13-2021, 13:43
dion dion is offline
game tech
 
Join Date: Jan 2002
Posts: 165
Rept. Given: 13
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 4 Times in 4 Posts
dion Reputation: 2
Need help figuring out why my powerpc elf file causing seg fault

Hello,

basically, i am trying to embed a vxworks image into an elf binary (a simple hello world c application), just to see if it is possible. if it is possible, i plan to use call cast on the c code to verify certain functions inside vxworks image. but after weeks, i find no way to make this elf run without seg fault (using qemu-ppc). thus, i need help.

so, i used debian, and the commands were like these :
Code:
powerpc-linux-gnu-objcopy -I binary -O elf32-powerpc -B powerpc vxs vxw.o
powerpc-linux-gnu-objcopy --set-section-flags .data=alloc,load,code vxw.o
powerpc-linux-gnu-objcopy --rename-section .data=.vxworks vxw.o
powerpc-linux-gnu-gcc -Wall -Werror -g hello.c -o myprog -T myscript vxw.o -static
vxs is prepared vxworks image. but it can be any binary blob. hello.c :
Code:
#include <stdio.h>

extern unsigned char _binary_vxs_start;
extern unsigned char _binary_vxs_end;

int main()
{
	printf("Hello World!\n");
	unsigned char *pblob = &_binary_vxs_start;
    	int i = 0;
	while (i < 100)
	{
	printf("%x: %02X\n", pblob - &_binary_vxs_start, *pblob);
	i++;
	pblob++;
	}

	return 0;
}
the linker script is default linker script modified. i got the default by :
Code:
powerpc-linux-gnu-ld --verbose
i listed here the modifications :
Code:
...
  /* Read-only sections, merged into text segment: */
  /* PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x10000000)); . = SEGMENT_START("text-segment", 0x10000000) + SIZEOF_HEADERS; */
  PROVIDE (__executable_start = SEGMENT_START("text-segment", 0x000FFF4C)); 
  . = SEGMENT_START("text-segment", 0x000FFF4C) + SIZEOF_HEADERS; 

  .vxworks	  : { *(.vxworks) } 
  .interp         : { *(.interp) }
...
the elf file constructed successfully without any warning. but when run it with "qemu-ppc myprog", it seg fault. this seg fault seems only happen when i set the segment start (in linker script) to that very value. if i set them to other value, they seems to run normally. so, is there anyway to track why seg fault happen?

tried to compare both working elf and notworking elf with readelf, the not working one, doesn't have __ehdr_start. i tried to add that symbol in the linker script :
Code:
__ehdr_start = 0x000FFF4C;
but not worked (still seg fault). it compiled the symbol as global and abs. i can not find anything from google concern this.

any help appreciated.
thanks in advance.
Reply With Quote
  #2  
Old 06-13-2021, 15:17
deepzero's Avatar
deepzero deepzero is online now
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 282
Rept. Given: 104
Rept. Rcvd 62 Times in 40 Posts
Thanks Given: 132
Thanks Rcvd at 171 Times in 82 Posts
deepzero Reputation: 63
Works perfectly fine for me just following your steps.
I do not understand why you change segment_start though? And where does 0x000FFF4C come from?

I am attaching my tests, sw versions I used:

Quote:
[email protected]:~/tmp/ppc$ powerpc-linux-gnu-gcc --version
powerpc-linux-gnu-gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0

[email protected]:~/tmp/ppc$ qemu-ppc --version
qemu-ppc version 4.2.1 (Debian 1:4.2-3ubuntu6.16)

[email protected]:~/tmp/ppc$ powerpc-linux-gnu-ld --version
GNU ld (GNU Binutils for Ubuntu) 2.34
Attached Files
File Type: zip ppctest.zip (296.6 KB, 4 views)
Reply With Quote
The Following User Gave Reputation+1 to deepzero For This Useful Post:
dion (06-14-2021)
The Following User Says Thank You to deepzero For This Useful Post:
dion (06-13-2021)
  #3  
Old 06-13-2021, 16:32
CryptXor CryptXor is offline
Friend
 
Join Date: Oct 2015
Posts: 61
Rept. Given: 0
Rept. Rcvd 24 Times in 12 Posts
Thanks Given: 21
Thanks Rcvd at 113 Times in 36 Posts
CryptXor Reputation: 24
Ok i'll poke the elephant in the room

Quote:
Originally Posted by dion View Post
basically, i am trying to embed a vxworks image into an elf binary (a simple hello world c application), just to see if it is possible. if it is possible, i plan to use call cast on the c code to verify certain functions inside vxworks image. but after weeks, i find no way to make this elf run without seg fault (using qemu-ppc). thus, i need help.
Why? Does it have to be vxworks specifically? Because it seems a lot more straightforward to just implement whatever functions you want yourself
Reply With Quote
  #4  
Old 06-13-2021, 16:46
dion dion is offline
game tech
 
Join Date: Jan 2002
Posts: 165
Rept. Given: 13
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 4 Times in 4 Posts
dion Reputation: 2
Quote:
Originally Posted by deepzero View Post
Works perfectly fine for me just following your steps.
I do not understand why you change segment_start though? And where does 0x000FFF4C come from?

I am attaching my tests, sw versions I used:
it is because i need to load the image at certain address (which is 0x00100000). the image is position dependent code.

when i used default loading address(0x10000000), the vx section loaded at (0x100000b4). so, i figured, i just need to substract to get loaded to 0x00100000, which is 0x000FFF4C.

btw, i got :
Code:
Error while loading myprog: Permission denied
when i tried to qemu-ppc your file. the sw version seems to be more updated from what's on mine.
Reply With Quote
  #5  
Old 06-13-2021, 16:49
dion dion is offline
game tech
 
Join Date: Jan 2002
Posts: 165
Rept. Given: 13
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 4 Times in 4 Posts
dion Reputation: 2
Quote:
Originally Posted by CryptXor View Post
Ok i'll poke the elephant in the room



Why? Does it have to be vxworks specifically? Because it seems a lot more straightforward to just implement whatever functions you want yourself
yes, because it's what i worked on. i am not trying to implement something on source level, but to verify certain crypto function inside.
Reply With Quote
  #6  
Old 06-13-2021, 17:52
deepzero's Avatar
deepzero deepzero is online now
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 282
Rept. Given: 104
Rept. Rcvd 62 Times in 40 Posts
Thanks Given: 132
Thanks Rcvd at 171 Times in 82 Posts
deepzero Reputation: 63
makes sense, and since the file works for me but not for you the issue has to be in your setup...

Try
Quote:
qemu-ppc -strace -D log.log -d guest_errors,int myprog
and see if you get any errors.
Or attach gdb

Quote:
qemu-ppc -g 1234 myprog
And in another terminal: gdb -> target remote localhost:1234 -> continue
Reply With Quote
  #7  
Old 06-13-2021, 21:08
dion dion is offline
game tech
 
Join Date: Jan 2002
Posts: 165
Rept. Given: 13
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 5
Thanks Rcvd at 4 Times in 4 Posts
dion Reputation: 2
tried in ubuntu 20.04, installed the bintools and gcc, it works.
must be bug somewhere.

thank you deepzero
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 06:46.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )