# Ubuntu 16.04 LTS ###### tags: `林納斯` ![](https://i.imgur.com/FSMWrua.png) :::success :::spoiler 目錄 [TOC] ::: --- ## Chat Room > 編譯三個小時後就爆炸了。 > 吃了 10GB 硬碟。 > 內存 4GB 不夠。 > 編譯完了,剛才應該是林姓商人在搞。 > [name=Soda] > 叫姓林的商人踹共 > [name=JCxYIS] help help > Attack & Denfense possible questions: > - alignment > - canary > > [name=Soda] > HBD to 林納斯 > [time=Wed, Dec 28, 2022] --- ## Purpose > [Official Project 1 Description](https://staff.csie.ncu.edu.tw/hsufh/COURSES/FALL2022/linux_project_1.html) - PARTs to be detected with its range, share-ness | Parts | Ofcl | E.g. | `mm_struct` | |:----- |:----:|:----------------------- |:-----------:| | Text | Y | `main, const int a = 0` | Y | | Data | Y | `int a = 1` | Y | | BSS | Y | `int a, b = 0` | N | | Heap | Y | `malloc(1)` | D | | Libs | Y | `printf` | N | | Stack | Y | `void a(){int a}` | D | | Arg | N | `argv` | Y | | Env | N | `getenv("HOME")` | Y | | TLS | N | `__thread int a` | N | - E.g. ==TODO==: local static ```c= #define _GNU_SOURCE // dlsym #include<stdio.h> #include<stdlib.h> #include<dlfcn.h> // -ldl -D_GNU_SOURCE const int a = 0; int b = 1; int c, d = 0; __thread int e; int main(int argc, char *argv[]) { void* k = malloc(1); int l; void* m = dlsym(RTLD_DEFAULT, "printf"); // -ldl -D_GNU_SOURCE char* n = getenv("HOME"); printf( "M: %#018lx [text ]\n" // &main `int main(int argc, char *argv[])` "a: %#018lx [text ]\n" // &a `const int a = 0` "b: %#018lx [data ]\n" // &b `int b = 1` "c: %#018lx [bss ]\n" // &c `int c` "d: %#018lx [bss ]\n" // &d `int d = 0` "k: %#018lx [heap ]\n" // k `malloc(1)` "L: %#018lx [libs ]\n" // m `dlsym(RTLD_DEFAULT, "printf")` "e: %#018lx [anon ]\n" // &e `__thread int e` "l: %#018lx [stack]\n" // &l `(local) int l` "A: %#018lx [arg ]\n" // argv `argv` "n: %#018lx [env ]\n", // n `getenv("HOME")` (unsigned long)&main, (unsigned long)&a, (unsigned long)&b, (unsigned long)&c, (unsigned long)&d, (unsigned long)k, (unsigned long)m, (unsigned long)&e, (unsigned long)&l, (unsigned long)argv, (unsigned long)n ); getchar(); // pause return 0; } ``` ```= M: 0x00000000004007b6 [text ] a: 0x0000000000400908 [text ] // .rodata b: 0x0000000000601060 [data ] c: 0x000000000060106c [bss ] d: 0x0000000000601068 [bss ] k: 0x0000000001930010 [heap ] L: 0x00007f4c81afe810 [libs ] e: 0x00007f4c822926fc [anon ] l: 0x00007fffb7a747cc [stack] A: 0x00007fffb7a748d8 [arg ] n: 0x00007fffb7a75d95 [env ] ``` ```= 00400000-00401000 r-xp 00000000 fc:00 1707107 /home/linuxopain/ncu_linux_project/test/playground/a.out 00600000-00601000 r--p 00000000 fc:00 1707107 /home/linuxopain/ncu_linux_project/test/playground/a.out 00601000-00602000 rw-p 00001000 fc:00 1707107 /home/linuxopain/ncu_linux_project/test/playground/a.out 01930000-01951000 rw-p 00000000 00:00 0 [heap] 7f4c81aa9000-7f4c81c69000 r-xp 00000000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f4c81c69000-7f4c81e69000 ---p 001c0000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f4c81e69000-7f4c81e6d000 r--p 001c0000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f4c81e6d000-7f4c81e6f000 rw-p 001c4000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f4c81e6f000-7f4c81e73000 rw-p 00000000 00:00 0 7f4c81e73000-7f4c81e76000 r-xp 00000000 fc:00 269665 /lib/x86_64-linux-gnu/libdl-2.23.so 7f4c81e76000-7f4c82075000 ---p 00003000 fc:00 269665 /lib/x86_64-linux-gnu/libdl-2.23.so 7f4c82075000-7f4c82076000 r--p 00002000 fc:00 269665 /lib/x86_64-linux-gnu/libdl-2.23.so 7f4c82076000-7f4c82077000 rw-p 00003000 fc:00 269665 /lib/x86_64-linux-gnu/libdl-2.23.so 7f4c82077000-7f4c8209d000 r-xp 00000000 fc:00 269670 /lib/x86_64-linux-gnu/ld-2.23.so 7f4c82291000-7f4c82295000 rw-p 00000000 00:00 0 7f4c8229c000-7f4c8229d000 r--p 00025000 fc:00 269670 /lib/x86_64-linux-gnu/ld-2.23.so 7f4c8229d000-7f4c8229e000 rw-p 00026000 fc:00 269670 /lib/x86_64-linux-gnu/ld-2.23.so 7f4c8229e000-7f4c8229f000 rw-p 00000000 00:00 0 7fffb7a55000-7fffb7a76000 rw-p 00000000 00:00 0 [stack] 7fffb7bb1000-7fffb7bb3000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] ``` --- ## Env ### VM Env > OS: [Ubuntu 16.04 LTS Server](https://ftp.ubuntu-tw.org/ubuntu-releases/16.04.7/ubuntu-16.04.7-server-amd64.iso) > Disk: 50 GB > User: `linuxopain` > Password: ~~<span style='display: none;'>`linuxopain`</span> *(with super high information security)*~~ ### Kernel Source > Kernel Source: [3.10.104](https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/linux-3.10.104.tar.gz), ([Source Code](https://elixir.bootlin.com/linux/v3.10.104/source)) ## Garbage :::spoile r https://blog.gspirits.org/wp/956 https://zhuanlan.zhihu.com/p/358459200 https://askubuntu.com/questions/865304/which-size-to-compile-linux-kernel --- https://howardlau.me/programming/debugging-linux-kernel-with-vscode-qemu.html https://stackoverflow.com/questions/58386640/how-to-develop-linux-kernel-module-with-vscode-without-incorrect-error-detection **https://linuxgazette.net/112/krishnakumar.html** **http://reborn2266.blogspot.com/2011/11/linux-user-space.html** **https://github.com/davidhcefx/Translate-Virtual-Address-To-Physical-Address-in-Linux-Kernel** https://stackoverflow.com/questions/47405315/visual-studio-code-and-subfolder-specific-settings http://www.cs.fsu.edu/~baker/opsys/notes/linuxmemory.html https://ithelp.ithome.com.tw/articles/10186995 http://don7hao.github.io/2015/01/28/kernel/mm_struct/ ![](https://pica.zhimg.com/v2-e20ff792570ea84b104af1f4e5971e45_1440w.jpg?source=172ae18b) https://zhuanlan.zhihu.com/p/68398179 https://ithelp.ithome.com.tw/articles/10274922 https://blog.csdn.net/weixin_41028621/article/details/104455327 https://blog.51cto.com/u_15060517/4191813 <!-- ![](https://i.imgur.com/4n4CM3M.png) --> ![](https://i.imgur.com/v7l7WzB.png) ![](https://i.imgur.com/M45mqaN.png) https://students.mimuw.edu.pl/ZSO/Wyklady/04_processes2/processAddressSpace.pdf https://stackoverflow.com/questions/41077209/linux-memory-management-how-to-get-random-xxx-offset https://stackoverflow.com/questions/27749792/why-mm-struct-start-stack-and-vm-area-struct-start-dont-point-to-the-same-add https://stackoverflow.com/questions/42151774/how-to-send-dynamic-arrays-to-copy-to-user-in-kernel-module https://www.kernel.org/doc/htmldocs/kernel-api/API-kmalloc.html https://unix.stackexchange.com/questions/52313/how-to-get-execution-time-of-a-script-effectively https://stackoverflow.com/questions/556405/what-do-real-user-and-sys-mean-in-the-output-of-time1/556411#556411 https://blog.csdn.net/tq384998430/article/details/54314198 https://serverfault.com/questions/180711/what-exactly-do-the-colors-in-htop-status-bars-mean https://ithelp.ithome.com.tw/articles/10274922 ![](https://i.imgur.com/xXwaDla.png) PGD -> PUD -> PMD -> PTE -> PG **https://stackoverflow.com/questions/41090469/linux-kernel-how-to-get-physical-address-memory-management** https://linux-kernel-labs.github.io/refs/heads/master/labs/memory_mapping.html https://blog.csdn.net/gatieme/article/details/50756050 --- https://blog.csdn.net/lijzheng/article/details/23618365 https://www.cnblogs.com/arnoldlu/p/10272466.html https://blog.gtwang.org/programming/memory-layout-of-c-program/ https://blog.csdn.net/phenixyf/article/details/116718762 **https://stackoverflow.com/questions/33756119/relationship-between-vma-and-elf-segments** https://www.jollen.org/blog/2007/03/elf_program_loading_1_segment.html https://www.intezer.com/blog/research/executable-linkable-format-101-part1-sections-segments/ https://stackoverflow.com/questions/14361248/whats-the-difference-of-section-and-segment-in-elf-file-format ![](https://upload.wikimedia.org/wikipedia/commons/e/e4/ELF_Executable_and_Linkable_Format_diagram_by_Ange_Albertini.png) --- **https://github.com/davidleitw/ncu_linux_project** --- https://gcc.gnu.org/onlinedocs/gcc/Designated-Inits.html#:~:targetText=6.29%20Designated%20Initializers,array%20or%20structure%20being%20initialized.&targetText=To%20initialize%20a%20range%20of,This%20is%20a%20GNU%20extension. https://gcc.gnu.org/onlinedocs/gcc/C-Dialect-Options.html --- https://stackoverflow.com/questions/24793556/addresses-of-thread-local-storage-variables https://stackoverflow.com/questions/39943019/function-of-shared-library-is-loaded-at-different-physical-addresses-for-differe https://blog.csdn.net/earbao/article/details/106157449 --- http://rk700.github.io/2016/11/22/mmap-aslr/ --- https://blog.csdn.net/dream_for_/article/details/117201988 https://stackoverflow.com/questions/45933732/how-to-specify-a-compiler-in-cmake https://zhuanlan.zhihu.com/p/128519905 https://zhuanlan.zhihu.com/p/128519905 https://zh-blog.logan.tw/2021/09/26/cxx-thread-promise-future-packaged-task-async-usage/#std-packaged-task https://stackoverflow.com/questions/23728136/c-thread-asynchronous-running-simultaneously https://shengyu7697.github.io/std-condition_variable/ https://shengyu7697.github.io/std-mutex/ --- https://stackoverflow.com/questions/72456445/which-direction-does-memory-mapped-segment-of-a-processs-virtual-address-space --- https://stackoverflow.com/questions/27073225/is-there-a-way-to-find-the-file-names-of-files-mapped-to-the-virtual-memory-area https://stackoverflow.com/questions/66891002/is-it-possible-to-add-a-customized-name-for-the-non-file-backed-mmap-region --- https://stackoverflow.com/questions/15881209/linux-kernel-mode-string-copy --- https://stackoverflow.com/questions/36213681/how-kernel-distinguishes-between-thread-and-process https://zhuanlan.zhihu.com/p/491874949 https://stackoverflow.com/questions/71204947/task-struct-node-for-threads --- https://stackoverflow.com/questions/9695902/how-to-break-out-of-nested-loops --- https://stackoverflow.com/questions/41178216/how-to-turn-off-mmap-usage-for-malloc-in-multithread https://stackoverflow.com/questions/10706466/how-does-malloc-work-in-a-multithreaded-environment ::: ### Note INSTALL BC advancde option ![](https://i.imgur.com/K7tX9vd.png) ![](https://i.imgur.com/oRPTyy2.png) sudo make -j6 sudo make INSTALL_MOD_STRIP=1 modules_install # ERROR sudo apt install bc sudo make INSTALL_MOD_STRIP=1 modules_install sudo make INSTALL_MOD_STRIP=1 install > core: ~15m (+6m with bc) > modules_install: ~4m (with INSTALL_MOD_STRIP=1) > install: ~0m (with INSTALL_MOD_STRIP=1) > make install itself is possible > [name=Soda] dmesg --color=always | tail -n5 gpg rngd file associations process segments mm_struct TASK_UNMAPPED_BASE extern "C" brk /proc/xxxx/maps /proc/xxxx/pagemap xxd 我根本沒上課 -static pass dynamic array / linked list get/put_user kmalloc ![](https://i.imgur.com/ec1jOnD.png) 5xx -> 3xx FUCKING TYPO: ~~`odj-y`~~ -> `obj-y` only warning: ISO C90 forbids mixed declarations and code why use c standard ~30 years ago My all 32GB RAM is full why everymeow include non-working headers install fucking new cmake Makefile: $() v.s. ${} %014p ```= Pid: 24553 Vma number 1: Starts at 0x000000400000, Ends at 0x000000401000 Vma number 2: Starts at 0x000000600000, Ends at 0x000000601000 Vma number 3: Starts at 0x000000601000, Ends at 0x000000602000 Vma number 4: Starts at 0x0000006cd000, Ends at 0x0000006ff000 Vma number 5: Starts at 0x7fcef0923000, Ends at 0x7fcef0939000 Vma number 6: Starts at 0x7fcef0939000, Ends at 0x7fcef0b38000 Vma number 7: Starts at 0x7fcef0b38000, Ends at 0x7fcef0b39000 Vma number 8: Starts at 0x7fcef0b39000, Ends at 0x7fcef0c41000 Vma number 9: Starts at 0x7fcef0c41000, Ends at 0x7fcef0e40000 Vma number 10: Starts at 0x7fcef0e40000, Ends at 0x7fcef0e41000 Vma number 11: Starts at 0x7fcef0e41000, Ends at 0x7fcef0e42000 Vma number 12: Starts at 0x7fcef0e42000, Ends at 0x7fcef1002000 Vma number 13: Starts at 0x7fcef1002000, Ends at 0x7fcef1202000 Vma number 14: Starts at 0x7fcef1202000, Ends at 0x7fcef1206000 Vma number 15: Starts at 0x7fcef1206000, Ends at 0x7fcef1208000 Vma number 16: Starts at 0x7fcef1208000, Ends at 0x7fcef120c000 Vma number 17: Starts at 0x7fcef120c000, Ends at 0x7fcef137e000 Vma number 18: Starts at 0x7fcef137e000, Ends at 0x7fcef157e000 Vma number 19: Starts at 0x7fcef157e000, Ends at 0x7fcef1588000 Vma number 20: Starts at 0x7fcef1588000, Ends at 0x7fcef158a000 Vma number 21: Starts at 0x7fcef158a000, Ends at 0x7fcef158e000 Vma number 22: Starts at 0x7fcef158e000, Ends at 0x7fcef15b4000 Vma number 23: Starts at 0x7fcef17a6000, Ends at 0x7fcef17ac000 Vma number 24: Starts at 0x7fcef17b3000, Ends at 0x7fcef17b4000 Vma number 25: Starts at 0x7fcef17b4000, Ends at 0x7fcef17b5000 Vma number 26: Starts at 0x7fcef17b5000, Ends at 0x7fcef17b6000 Vma number 27: Starts at 0x7fffe4cb7000, Ends at 0x7fffe4cd9000 Vma number 28: Starts at 0x7fffe4d3e000, Ends at 0x7fffe4d40000 Code Segment start = 0x000000400000, end = 0x000000400bdc Data Segment start = 0x000000600e00, end = 0x000000601060 BSS Segment start = 0x0000006cd000, end = 0x0000006ff000 Stack Segment start = 0x7fffe4cd75e0 ``` ```= code : 0x000000400000 - 0x000000400bdc (vma 1) data : 0x000000600e00 - 0x000000601060 (vma 2, 3) BSS : 0x0000006cd000 - 0x0000006ff000 (vma 4) stack: 0x7fffe4cd75e0 (vma 27) ``` PAGE_MASK ```= Pid: 3387 Vma number 1: Starts at 0x000000400000, Ends at 0x000000401000 Starts at 0x00033a058000, Ends at 0x00033a058fff Vma number 2: Starts at 0x000000600000, Ends at 0x000000601000 Starts at 0x000376bc3000, Ends at 0x000376bc3fff Vma number 3: Starts at 0x000000601000, Ends at 0x000000602000 Starts at 0x000349caf000, Ends at 0x000349caffff Vma number 4: Starts at 0x000000ebc000, Ends at 0x000000eee000 Starts at 0x000334de6000, Ends at (nil) Vma number 5: Starts at 0x7f4dbfe53000, Ends at 0x7f4dbfe69000 Starts at 0x0003ffe90000, Ends at (nil) Vma number 6: Starts at 0x7f4dbfe69000, Ends at 0x7f4dc0068000 Starts at (nil), Ends at (nil) Vma number 7: Starts at 0x7f4dc0068000, Ends at 0x7f4dc0069000 Starts at 0x0003352e5000, Ends at 0x0003352e5fff Vma number 8: Starts at 0x7f4dc0069000, Ends at 0x7f4dc0171000 Starts at 0x00041fa02000, Ends at (nil) Vma number 9: Starts at 0x7f4dc0171000, Ends at 0x7f4dc0370000 Starts at (nil), Ends at (nil) Vma number 10: Starts at 0x7f4dc0370000, Ends at 0x7f4dc0371000 Starts at 0x000335bca000, Ends at 0x000335bcafff Vma number 11: Starts at 0x7f4dc0371000, Ends at 0x7f4dc0372000 Starts at 0x000335279000, Ends at 0x000335279fff Vma number 12: Starts at 0x7f4dc0372000, Ends at 0x7f4dc0532000 Starts at 0x00041fc9c000, Ends at (nil) Vma number 13: Starts at 0x7f4dc0532000, Ends at 0x7f4dc0732000 Starts at (nil), Ends at (nil) Vma number 14: Starts at 0x7f4dc0732000, Ends at 0x7f4dc0736000 Starts at 0x000334d26000, Ends at 0x000335278fff Vma number 15: Starts at 0x7f4dc0736000, Ends at 0x7f4dc0738000 Starts at 0x000334d27000, Ends at 0x0003352acfff Vma number 16: Starts at 0x7f4dc0738000, Ends at 0x7f4dc073c000 Starts at 0x000335ebf000, Ends at 0x000335ed8fff Vma number 17: Starts at 0x7f4dc073c000, Ends at 0x7f4dc08ae000 Starts at 0x0003ffd1f000, Ends at (nil) Vma number 18: Starts at 0x7f4dc08ae000, Ends at 0x7f4dc0aae000 Starts at (nil), Ends at (nil) Vma number 19: Starts at 0x7f4dc0aae000, Ends at 0x7f4dc0ab8000 Starts at 0x00033602b000, Ends at 0x000335edbfff Vma number 20: Starts at 0x7f4dc0ab8000, Ends at 0x7f4dc0aba000 Starts at 0x0003352e4000, Ends at 0x000334d08fff Vma number 21: Starts at 0x7f4dc0aba000, Ends at 0x7f4dc0abe000 Starts at (nil), Ends at 0x000338244fff Vma number 22: Starts at 0x7f4dc0abe000, Ends at 0x7f4dc0ae4000 Starts at 0x00041fc66000, Ends at (nil) Vma number 23: Starts at 0x7f4dc0cd6000, Ends at 0x7f4dc0cdc000 Starts at 0x000339373000, Ends at 0x000336095fff Vma number 24: Starts at 0x7f4dc0ce3000, Ends at 0x7f4dc0ce4000 Starts at 0x000335bb6000, Ends at 0x000335bb6fff Vma number 25: Starts at 0x7f4dc0ce4000, Ends at 0x7f4dc0ce5000 Starts at 0x000335a71000, Ends at 0x000335a71fff Vma number 26: Starts at 0x7f4dc0ce5000, Ends at 0x7f4dc0ce6000 Starts at 0x000333ec3000, Ends at 0x000333ec3fff Vma number 27: Starts at 0x7ffdf1fc8000, Ends at 0x7ffdf1fea000 Starts at (nil), Ends at 0x00033df8bfff Vma number 28: Starts at 0x7ffdf1fef000, Ends at 0x7ffdf1ff1000 Starts at 0x000001c03000, Ends at (nil) Code Segment start = 0x000000400000, end = 0x000000400dbc Data Segment start = 0x000000600e00, end = 0x000000601068 Heap Segment start = 0x000000ebc000, end = 0x000000eee000 Stack Segment start = 0x7ffdf1fe8da0 Arg start = 0x7ffdf1fe9058, end = 0x7ffdf1fe9066 Env start = 0x7ffdf1fe9066, end = 0x7ffdf1fe9fea ``` ```= code : 0x000000400000 - 0x000000400dbc (vma 1) data : 0x000000600e00 - 0x000000601068 (vma 2, 3) heap : 0x000000ebc000 - 0x000000eee000 (vma 4) stack: 0x7ffdf1fe8da0 (vma 27) arg : 0x7ffdf1fe9058 - 0x7ffdf1fe9066 (vma 27) env : 0x7ffdf1fe9066 - 0x7ffdf1fe9fea (vma 27) ``` :::info ```= Pid: 3556 Vma number 1: Starts at 0x000000400000, Ends at 0x000000401000 Starts at 0x000340c64000, Ends at 0x000340c64fff Vma number 2: Starts at 0x000000601000, Ends at 0x000000602000 Starts at 0x0003421d0000, Ends at 0x0003421d0fff Vma number 3: Starts at 0x000000602000, Ends at 0x000000603000 Starts at 0x00033b9ff000, Ends at 0x00033b9fffff Vma number 4: Starts at 0x000001385000, Ends at 0x0000013b7000 Starts at 0x000377321000, Ends at (nil) Vma number 5: Starts at 0x7f76121c8000, Ends at 0x7f76121de000 Starts at 0x0003ffe90000, Ends at (nil) Vma number 6: Starts at 0x7f76121de000, Ends at 0x7f76123dd000 Starts at (nil), Ends at (nil) Vma number 7: Starts at 0x7f76123dd000, Ends at 0x7f76123de000 Starts at 0x000335e11000, Ends at 0x000335e11fff Vma number 8: Starts at 0x7f76123de000, Ends at 0x7f76124e6000 Starts at 0x00041fa02000, Ends at (nil) Vma number 9: Starts at 0x7f76124e6000, Ends at 0x7f76126e5000 Starts at (nil), Ends at (nil) Vma number 10: Starts at 0x7f76126e5000, Ends at 0x7f76126e6000 Starts at 0x00036cf9c000, Ends at 0x00036cf9cfff Vma number 11: Starts at 0x7f76126e6000, Ends at 0x7f76126e7000 Starts at 0x00033a3a2000, Ends at 0x00033a3a2fff Vma number 12: Starts at 0x7f76126e7000, Ends at 0x7f76128a7000 Starts at 0x00041fc9c000, Ends at (nil) Vma number 13: Starts at 0x7f76128a7000, Ends at 0x7f7612aa7000 Starts at (nil), Ends at (nil) Vma number 14: Starts at 0x7f7612aa7000, Ends at 0x7f7612aab000 Starts at 0x000339172000, Ends at 0x0003d0973fff Vma number 15: Starts at 0x7f7612aab000, Ends at 0x7f7612aad000 Starts at 0x0003d704b000, Ends at 0x000339e0dfff Vma number 16: Starts at 0x7f7612aad000, Ends at 0x7f7612ab1000 Starts at 0x000333d35000, Ends at 0x00034952efff Vma number 17: Starts at 0x7f7612ab1000, Ends at 0x7f7612c23000 Starts at 0x0003ffd1f000, Ends at (nil) Vma number 18: Starts at 0x7f7612c23000, Ends at 0x7f7612e23000 Starts at (nil), Ends at (nil) Vma number 19: Starts at 0x7f7612e23000, Ends at 0x7f7612e2d000 Starts at 0x00036c89a000, Ends at 0x0003e285efff Vma number 20: Starts at 0x7f7612e2d000, Ends at 0x7f7612e2f000 Starts at 0x00033ba21000, Ends at 0x000335f1ffff Vma number 21: Starts at 0x7f7612e2f000, Ends at 0x7f7612e33000 Starts at (nil), Ends at 0x0003361affff Vma number 22: Starts at 0x7f7612e33000, Ends at 0x7f7612e59000 Starts at 0x00041fc66000, Ends at (nil) Vma number 23: Starts at 0x7f761304b000, Ends at 0x7f7613051000 Starts at 0x0003e285f000, Ends at 0x00033510efff Vma number 24: Starts at 0x7f7613058000, Ends at 0x7f7613059000 Starts at 0x00033bea0000, Ends at 0x00033bea0fff Vma number 25: Starts at 0x7f7613059000, Ends at 0x7f761305a000 Starts at 0x000336ec1000, Ends at 0x000336ec1fff Vma number 26: Starts at 0x7f761305a000, Ends at 0x7f761305b000 Starts at 0x00034609e000, Ends at 0x00034609efff Vma number 27: Starts at 0x7ffdfa00f000, Ends at 0x7ffdfa031000 Starts at (nil), Ends at 0x0003397dbfff Vma number 28: Starts at 0x7ffdfa143000, Ends at 0x7ffdfa145000 Starts at 0x000001c03000, Ends at (nil) Code Segment start = 0x000000400000, end = 0x000000400e0c Data Segment start = 0x000000601e00, end = 0x000000602070 Heap Segment start = 0x000001385000, end = 0x0000013b7000 Stack Segment start = 0x7ffdfa02ea70 Arg start = 0x7ffdfa030058, end = 0x7ffdfa030066 Env start = 0x7ffdfa030066, end = 0x7ffdfa030fea ``` --- `/proc/3556/maps`: ```= 00400000-00401000 r-xp 00000000 fc:00 1706147 /home/linuxopain/ncu_linux_project/test/bin/proj1 00601000-00602000 r--p 00001000 fc:00 1706147 /home/linuxopain/ncu_linux_project/test/bin/proj1 00602000-00603000 rw-p 00002000 fc:00 1706147 /home/linuxopain/ncu_linux_project/test/bin/proj1 01385000-013b7000 rw-p 00000000 00:00 0 [heap] 7f76121c8000-7f76121de000 r-xp 00000000 fc:00 262596 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f76121de000-7f76123dd000 ---p 00016000 fc:00 262596 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f76123dd000-7f76123de000 rw-p 00015000 fc:00 262596 /lib/x86_64-linux-gnu/libgcc_s.so.1 7f76123de000-7f76124e6000 r-xp 00000000 fc:00 269673 /lib/x86_64-linux-gnu/libm-2.23.so 7f76124e6000-7f76126e5000 ---p 00108000 fc:00 269673 /lib/x86_64-linux-gnu/libm-2.23.so 7f76126e5000-7f76126e6000 r--p 00107000 fc:00 269673 /lib/x86_64-linux-gnu/libm-2.23.so 7f76126e6000-7f76126e7000 rw-p 00108000 fc:00 269673 /lib/x86_64-linux-gnu/libm-2.23.so 7f76126e7000-7f76128a7000 r-xp 00000000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f76128a7000-7f7612aa7000 ---p 001c0000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f7612aa7000-7f7612aab000 r--p 001c0000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f7612aab000-7f7612aad000 rw-p 001c4000 fc:00 269678 /lib/x86_64-linux-gnu/libc-2.23.so 7f7612aad000-7f7612ab1000 rw-p 00000000 00:00 0 7f7612ab1000-7f7612c23000 r-xp 00000000 fc:00 2885940 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7f7612c23000-7f7612e23000 ---p 00172000 fc:00 2885940 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7f7612e23000-7f7612e2d000 r--p 00172000 fc:00 2885940 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7f7612e2d000-7f7612e2f000 rw-p 0017c000 fc:00 2885940 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 7f7612e2f000-7f7612e33000 rw-p 00000000 00:00 0 7f7612e33000-7f7612e59000 r-xp 00000000 fc:00 269670 /lib/x86_64-linux-gnu/ld-2.23.so 7f761304b000-7f7613051000 rw-p 00000000 00:00 0 7f7613058000-7f7613059000 r--p 00025000 fc:00 269670 /lib/x86_64-linux-gnu/ld-2.23.so 7f7613059000-7f761305a000 rw-p 00026000 fc:00 269670 /lib/x86_64-linux-gnu/ld-2.23.so 7f761305a000-7f761305b000 rw-p 00000000 00:00 0 7ffdfa010000-7ffdfa031000 rw-p 00000000 00:00 0 [stack] 7ffdfa143000-7ffdfa145000 r-xp 00000000 00:00 0 [vdso] ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] ``` --- ```= code : 0x000000400000 - 0x000000400e0c (vma 1) data : 0x000000601e00 - 0x000000602070 (vma 2, 3) heap : 0x000001385000 - 0x0000013b7000 (vma 4) stack: 0x7ffdfa02ea70 (vma 27) arg : 0x7ffdfa030058 - 0x7ffdfa030066 (vma 27) env : 0x7ffdfa030066 - 0x7ffdfa030fea (vma 27) ``` ```= [n,*]() 21 [*,n](r-xp) 4 5 8 12 17 22 [n,n](---p) 6 9 13 18 ``` --- `size bin/proj1`: ```= text data bss dec hex filename 2988 624 8 3620 e24 bin/proj1 ``` --- `readelf -l bin/proj1`: ```= Elf file type is EXEC (Executable file) Entry point 0x400760 There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align PHDR 0x0000000000000040 0x0000000000400040 0x0000000000400040 0x00000000000001f8 0x00000000000001f8 R E 8 INTERP 0x0000000000000238 0x0000000000400238 0x0000000000400238 0x000000000000001c 0x000000000000001c R 1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000 0x0000000000000e0c 0x0000000000000e0c R E 200000 LOAD 0x0000000000001e00 0x0000000000601e00 0x0000000000601e00 0x0000000000000270 0x0000000000000278 RW 200000 DYNAMIC 0x0000000000001e18 0x0000000000601e18 0x0000000000601e18 0x00000000000001e0 0x00000000000001e0 RW 8 NOTE 0x0000000000000254 0x0000000000400254 0x0000000000400254 0x0000000000000044 0x0000000000000044 R 4 GNU_EH_FRAME 0x0000000000000cd8 0x0000000000400cd8 0x0000000000400cd8 0x0000000000000034 0x0000000000000034 R 4 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 10 GNU_RELRO 0x0000000000001e00 0x0000000000601e00 0x0000000000601e00 0x0000000000000200 0x0000000000000200 R 1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .plt.got .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .jcr .dynamic .got ``` `readelf -S bin/proj1`: ```= There are 31 section headers, starting at offset 0x2b70: Section Headers: [Nr] Name Type Address Offset Size EntSize Flags Link Info Align [ 0] NULL 0000000000000000 00000000 0000000000000000 0000000000000000 0 0 0 [ 1] .interp PROGBITS 0000000000400238 00000238 000000000000001c 0000000000000000 A 0 0 1 [ 2] .note.ABI-tag NOTE 0000000000400254 00000254 0000000000000020 0000000000000000 A 0 0 4 [ 3] .note.gnu.build-i NOTE 0000000000400274 00000274 0000000000000024 0000000000000000 A 0 0 4 [ 4] .gnu.hash GNU_HASH 0000000000400298 00000298 000000000000001c 0000000000000000 A 5 0 8 [ 5] .dynsym DYNSYM 00000000004002b8 000002b8 0000000000000150 0000000000000018 A 6 1 8 [ 6] .dynstr STRTAB 0000000000400408 00000408 0000000000000110 0000000000000000 A 0 0 1 [ 7] .gnu.version VERSYM 0000000000400518 00000518 000000000000001c 0000000000000002 A 5 0 2 [ 8] .gnu.version_r VERNEED 0000000000400538 00000538 0000000000000060 0000000000000000 A 6 2 8 [ 9] .rela.dyn RELA 0000000000400598 00000598 0000000000000018 0000000000000018 A 5 0 8 [10] .rela.plt RELA 00000000004005b0 000005b0 00000000000000d8 0000000000000018 AI 5 24 8 [11] .init PROGBITS 0000000000400688 00000688 000000000000001a 0000000000000000 AX 0 0 4 [12] .plt PROGBITS 00000000004006b0 000006b0 00000000000000a0 0000000000000010 AX 0 0 16 [13] .plt.got PROGBITS 0000000000400750 00000750 0000000000000008 0000000000000000 AX 0 0 8 [14] .text PROGBITS 0000000000400760 00000760 0000000000000442 0000000000000000 AX 0 0 16 [15] .fini PROGBITS 0000000000400ba4 00000ba4 0000000000000009 0000000000000000 AX 0 0 4 [16] .rodata PROGBITS 0000000000400bb0 00000bb0 0000000000000127 0000000000000000 A 0 0 8 [17] .eh_frame_hdr PROGBITS 0000000000400cd8 00000cd8 0000000000000034 0000000000000000 A 0 0 4 [18] .eh_frame PROGBITS 0000000000400d10 00000d10 00000000000000fc 0000000000000000 A 0 0 8 [19] .init_array INIT_ARRAY 0000000000601e00 00001e00 0000000000000008 0000000000000000 WA 0 0 8 [20] .fini_array FINI_ARRAY 0000000000601e08 00001e08 0000000000000008 0000000000000000 WA 0 0 8 [21] .jcr PROGBITS 0000000000601e10 00001e10 0000000000000008 0000000000000000 WA 0 0 8 [22] .dynamic DYNAMIC 0000000000601e18 00001e18 00000000000001e0 0000000000000010 WA 6 0 8 [23] .got PROGBITS 0000000000601ff8 00001ff8 0000000000000008 0000000000000008 WA 0 0 8 [24] .got.plt PROGBITS 0000000000602000 00002000 0000000000000060 0000000000000008 WA 0 0 8 [25] .data PROGBITS 0000000000602060 00002060 0000000000000010 0000000000000000 WA 0 0 8 [26] .bss NOBITS 0000000000602070 00002070 0000000000000008 0000000000000000 WA 0 0 1 [27] .comment PROGBITS 0000000000000000 00002070 0000000000000035 0000000000000001 MS 0 0 1 [28] .shstrtab STRTAB 0000000000000000 00002a5f 000000000000010c 0000000000000000 0 0 1 [29] .symtab SYMTAB 0000000000000000 000020a8 00000000000006f0 0000000000000018 30 47 8 [30] .strtab STRTAB 0000000000000000 00002798 00000000000002c7 0000000000000000 0 0 1 Key to Flags: W (write), A (alloc), X (execute), M (merge), S (strings), l (large) I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown) O (extra OS processing required) o (OS specific), p (processor specific) ``` `objdump -h bin/proj1`: ```= bin/proj1: file format elf64-x86-64 Sections: Idx Name Size VMA LMA File off Algn 0 .interp 0000001c 0000000000400238 0000000000400238 00000238 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 1 .note.ABI-tag 00000020 0000000000400254 0000000000400254 00000254 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 2 .note.gnu.build-id 00000024 0000000000400274 0000000000400274 00000274 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 3 .gnu.hash 0000001c 0000000000400298 0000000000400298 00000298 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 4 .dynsym 00000150 00000000004002b8 00000000004002b8 000002b8 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 5 .dynstr 00000110 0000000000400408 0000000000400408 00000408 2**0 CONTENTS, ALLOC, LOAD, READONLY, DATA 6 .gnu.version 0000001c 0000000000400518 0000000000400518 00000518 2**1 CONTENTS, ALLOC, LOAD, READONLY, DATA 7 .gnu.version_r 00000060 0000000000400538 0000000000400538 00000538 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 8 .rela.dyn 00000018 0000000000400598 0000000000400598 00000598 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 9 .rela.plt 000000d8 00000000004005b0 00000000004005b0 000005b0 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 10 .init 0000001a 0000000000400688 0000000000400688 00000688 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 11 .plt 000000a0 00000000004006b0 00000000004006b0 000006b0 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 12 .plt.got 00000008 0000000000400750 0000000000400750 00000750 2**3 CONTENTS, ALLOC, LOAD, READONLY, CODE 13 .text 00000442 0000000000400760 0000000000400760 00000760 2**4 CONTENTS, ALLOC, LOAD, READONLY, CODE 14 .fini 00000009 0000000000400ba4 0000000000400ba4 00000ba4 2**2 CONTENTS, ALLOC, LOAD, READONLY, CODE 15 .rodata 00000127 0000000000400bb0 0000000000400bb0 00000bb0 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 16 .eh_frame_hdr 00000034 0000000000400cd8 0000000000400cd8 00000cd8 2**2 CONTENTS, ALLOC, LOAD, READONLY, DATA 17 .eh_frame 000000fc 0000000000400d10 0000000000400d10 00000d10 2**3 CONTENTS, ALLOC, LOAD, READONLY, DATA 18 .init_array 00000008 0000000000601e00 0000000000601e00 00001e00 2**3 CONTENTS, ALLOC, LOAD, DATA 19 .fini_array 00000008 0000000000601e08 0000000000601e08 00001e08 2**3 CONTENTS, ALLOC, LOAD, DATA 20 .jcr 00000008 0000000000601e10 0000000000601e10 00001e10 2**3 CONTENTS, ALLOC, LOAD, DATA 21 .dynamic 000001e0 0000000000601e18 0000000000601e18 00001e18 2**3 CONTENTS, ALLOC, LOAD, DATA 22 .got 00000008 0000000000601ff8 0000000000601ff8 00001ff8 2**3 CONTENTS, ALLOC, LOAD, DATA 23 .got.plt 00000060 0000000000602000 0000000000602000 00002000 2**3 CONTENTS, ALLOC, LOAD, DATA 24 .data 00000010 0000000000602060 0000000000602060 00002060 2**3 CONTENTS, ALLOC, LOAD, DATA 25 .bss 00000008 0000000000602070 0000000000602070 00002070 2**0 ALLOC 26 .comment 00000035 0000000000000000 0000000000000000 00002070 2**0 CONTENTS, READONLY ``` ~~vma 2 is non-writable data segment lower vma 3 is writable data segment upper vma 3 is writable bss segment~~ ::: proc/xxxx/mpas format? why some physical addresses are nil? size a.out read-only data (rodata) segment problem ELF sections sections v.s. segments readelf -l readelf -S ```cpp= int a[100] = {0}; // bss (vma verified) int b[100] = {1}; // data (vma verified) const int c[100] = {0}; // text (vma verified) (.rodata?) ``` My brain just be like BIOS update failed. thread reg -> stack pthread_attribute shared library -> PIE size -A likely() unlikely() pte_offset_map v.s. pte_offset_kernel pte_unmap pmap -x -X -XX ldd check shared library (UPDATE: **checked**) mmap_base <-> mmap_legacy_base gcc -fPIE ubuntu 16.04 is super old show_vma_maps