[eresi-dev] Bug in SuSE ?
rusydi hasan
rusydi.hasan at gmail.com
Thu Sep 20 07:50:47 UTC 2007
dear crew, (sorry for awkward english)
For introducing myself , i'm a computer science undergraduate student in
IIUM university malaysia and majoring in embedded system development.
I just tried the eresi project in my box (IA32 / Linux SuSE 10.2 [
2.6.18.2-34-default]).No problem when installed this cool stuff but i can't
loaded binary file, and the response is "Out of memory".My question is, is
it a bug ? then how to fix it ?
crasher at localhost:~/tool> elfsh
The ELF shell 0.8 (32 bits built) .::.
.::. This software is under the General Public License V.2
.::. Please visit http://www.gnu.org
[*] No configuration in ~/.eresirc
[*] Type help for regular commands
(elfsh-0.8-a17-cam at local) load /bin/sh
Out of memory
crasher at localhost:~/tool>
I also attached strace log.
crasher at localhost:~/tool> strace elfsh
execve("/usr/local/bin/elfsh", ["elfsh"], [/* 101 vars */]) = 0
brk(0) = 0x804d000
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f64000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or
directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=239224, ...}) = 0
mmap2(NULL, 239224, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f29000
close(3) = 0
open("/usr/local/lib/libedfmt32.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 0\0\000"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1740175, ...}) = 0
mmap2(NULL, 182856, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7efc000
fadvise64(3, 0, 182856, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7f1e000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x22) = 0xb7f1e000
mmap2(0xb7f20000, 35400, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7f20000
close(3) = 0
open("/usr/local/lib/libelfsh32.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\251\0"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=7970022, ...}) = 0
mmap2(NULL, 578280, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7e6e000
fadvise64(3, 0, 578280, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7ef4000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x85) = 0xb7ef4000
mmap2(0xb7ef8000, 13032, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7ef8000
close(3) = 0
open("/usr/local/lib/libmjollnir32.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0p2\0\000"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1998330, ...}) = 0
mmap2(NULL, 101092, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7e55000
fadvise64(3, 0, 101092, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7e6c000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16) = 0xb7e6c000
close(3) = 0
open("/lib/libpthread.so.0", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0 at I\0\000"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=121246, ...}) = 0
mmap2(NULL, 94688, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7e3d000
fadvise64(3, 0, 94688, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7e51000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13) = 0xb7e51000
mmap2(0xb7e53000, 4576, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e53000
close(3) = 0
open("/usr/local/lib/libasm.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\220\212"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=28334673, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7e3c000
mmap2(NULL, 184652, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7e0e000
fadvise64(3, 0, 184652, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7e38000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x29) = 0xb7e38000
mmap2(0xb7e3b000, 332, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e3b000
close(3) = 0
open("/usr/local/lib/libaspect32.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0000%\0\000"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0644, st_size=557070, ...}) = 0
mmap2(NULL, 99748, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7df5000
fadvise64(3, 0, 99748, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7e02000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xc) = 0xb7e02000
mmap2(0xb7e04000, 38308, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7e04000
close(3) = 0
open("/usr/local/lib/librevm32.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\36"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0644, st_size=1195268, ...}) = 0
mmap2(NULL, 656340, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7d54000
fadvise64(3, 0, 656340, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7de6000, 16384, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x91) = 0xb7de6000
mmap2(0xb7dea000, 41940, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7dea000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\v\0\000"..., 512)
= 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=14226, ...}) = 0
mmap2(NULL, 12412, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7d50000
fadvise64(3, 0, 12412, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7d52000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7d52000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340`\1"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1491141, ...}) = 0
mmap2(NULL, 1234372, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7c22000
fadvise64(3, 0, 1234372, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7d4a000, 12288, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x128) = 0xb7d4a000
mmap2(0xb7d4d000, 9668, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7d4d000
close(3) = 0
open("/usr/lib/libcrypto.so.0.9.8", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300b\3"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0555, st_size=1270272, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7c21000
mmap2(NULL, 1256312, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7aee000
fadvise64(3, 0, 1256312, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7c09000, 86016, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11b) = 0xb7c09000
mmap2(0xb7c1e000, 11128, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7c1e000
close(3) = 0
open("/lib/libz.so.1", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0\27\0"..., 512) =
512
fstat64(3, {st_mode=S_IFREG|0755, st_size=72020, ...}) = 0
mmap2(NULL, 74000, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) =
0xb7adb000
fadvise64(3, 0, 74000, POSIX_FADV_WILLNEED) = 0
mmap2(0xb7aec000, 8192, PROT_READ|PROT_WRITE,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x10) = 0xb7aec000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7ada000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ada8d0, limit:1048575,
seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1,
seg_not_present:0, useable:1}) = 0
mprotect(0xb7c09000, 24576, PROT_READ) = 0
mprotect(0xb7d4a000, 4096, PROT_READ) = 0
mprotect(0xb7de6000, 4096, PROT_READ) = 0
mprotect(0xb7e02000, 4096, PROT_READ) = 0
mprotect(0xb7e38000, 4096, PROT_READ) = 0
mprotect(0xb7e6c000, 4096, PROT_READ) = 0
mprotect(0xb7ef4000, 4096, PROT_READ) = 0
mprotect(0xb7f1e000, 4096, PROT_READ) = 0
mprotect(0x804b000, 4096, PROT_READ) = 0
munmap(0xb7f29000, 239224) = 0
set_tid_address(0xb7ada918) = 5661
SYS_311(0xb7ada920, 0xc, 0xb7e51ff4, 0xb7ada8d0, 0xb7e51eec) = 0
rt_sigaction(SIGRTMIN, {0xb7e41520, [], SA_SIGINFO}, NULL, 8) = 0
rt_sigaction(SIGRT_1, {0xb7e41430, [], SA_RESTART|SA_SIGINFO}, NULL, 8) = 0
rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0
getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0
uname({sys="Linux", node="localhost", ...}) = 0
brk(0) = 0x804d000
brk(0x806e000) = 0x806e000
time(NULL) = 1190096338
fstat64(1, {st_mode=S_IFCHR|0600, st_rdev=makedev(136, 2), ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f63000
write(1, "\n", 1
) = 1
write(1, "\n", 1
) = 1
write(1, "\t The ELF shell 0.8 (32 bits bui"..., 42 The ELF shell
0.8(32 bits built) .::.
) = 42
write(1, "\n", 1
) = 1
write(1, " \t .::. This software is under t"..., 63 .::. This software
is under the General Public License V.2
) = 63
write(1, "\t .::. Please visit http://www.g"..., 40 .::. Please visit
http://www.gnu.org
) = 40
write(1, "\n", 1
) = 1
open("/home/crasher/.eresirc", O_RDONLY) = -1 ENOENT (No such file or
directory)
write(1, "\n [*] No configuration in ~/.ere"..., 39
[*] No configuration in ~/.eresirc
) = 39
write(1, " [*] Type help for regular comma"..., 38 [*] Type help for regular
commands
) = 38
rt_sigaction(SIGQUIT, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGTERM, {SIG_IGN}, {SIG_DFL}, 8) = 0
rt_sigaction(SIGINT, {0xb7dc5a04, [INT], SA_RESTART}, {SIG_DFL}, 8) = 0
brk(0x8098000) = 0x8098000
write(1, "(elfsh-0.8-a17-cam at local) ", 26(elfsh-0.8-a17-cam at local) ) = 26
select(1, [0], NULL, NULL, NULLload /bin/sh
) = 1 (in [0])
read(0, "l", 1) = 1
read(0, "o", 1) = 1
read(0, "a", 1) = 1
read(0, "d", 1) = 1
read(0, " ", 1) = 1
read(0, "/", 1) = 1
read(0, "b", 1) = 1
read(0, "i", 1) = 1
read(0, "n", 1) = 1
read(0, "/", 1) = 1
read(0, "s", 1) = 1
read(0, "h", 1) = 1
read(0, "\n", 1) = 1
write(1, "\n", 1
) = 1
write(1, "\n", 1
) = 1
open("/bin/sh", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0755, st_size=557704, ...}) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0*\1\000"..., 52) =
52
lseek(3, 556464, SEEK_SET) = 556464
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1240) =
1240
lseek(3, 52, SEEK_SET) = 52
read(3, "\6\0\0\0004\0\0\0004\0\0\0004\0\0\0@\1\0\0@\1\0\0\5\0\0"..., 320) =
320
lseek(3, 556197, SEEK_SET) = 556197
read(3, "\0.shstrtab\0.interp\0.note.ABI-tag"..., 264) = 264
lseek(3, 59652, SEEK_SET) = 59652
read(3, "\3002\10\0\10\0\0\0\3042\10\0\10\0\0\0\3102\10\0\10\0\0"..., 10592)
= 10592
lseek(3, 70244, SEEK_SET) = 70244
read(3, "\0@\10\0\7\21\0\0\4@\10\0\7\27\0\0\10@\10\0\7\31\0\0\f"..., 2000) =
2000
lseek(3, 549344, SEEK_SET) = 549344
read(3, "\0GCC: (GNU) 4.1.2 20061115 (prer"..., 6837) = 6837
lseek(3, 10568, SEEK_SET) = 10568
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0t\1\0\0\0\0\0\0"..., 23952)
= 23952
lseek(3, 34520, SEEK_SET) = 34520
read(3, "\0libreadline.so.5\0emacs_meta_key"..., 21976) = 21976
lseek(3, 72268, SEEK_SET) = 72268
read(3, "\377\263\4\0\0\0\377\243\10\0\0\0\0\0\0\0\377\243\f\0\0"..., 4016)
= 4016
open("/proc/meminfo", O_RDONLY) = 4
fstat64(4, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xb7f62000
read(4, "MemTotal: 507792 kB\nMemFre"..., 1024) = 771
close(4) = 0
munmap(0xb7f62000, 4096) = 0
brk(0x80be000) = 0x80be000
brk(0x80b8000) = 0x80b8000
lseek(3, 372, SEEK_SET) = 372
read(3, "/lib/ld-linux.so.2\0", 19) = 19
lseek(3, 539096, SEEK_SET) = 539096
read(3, "\1\0\0\0\1\0\0\0\1\0\0\0\270\n\0\0\1\0\0\0\310\n\0\0\1"..., 232) =
232
lseek(3, 537244, SEEK_SET) = 537244
read(3, "\377\377\377\377\0\0\0\0", 8) = 8
lseek(3, 537252, SEEK_SET) = 537252
read(3, "\377\377\377\377\0\0\0\0", 8) = 8
lseek(3, 540660, SEEK_SET) = 540660
read(3, "\3309\10\0\0\0\0\0\0\0\0\0b\32\1\0r\32\1\0\202\32\1\0\222"...,
1012) = 1012
lseek(3, 56496, SEEK_SET) = 56496
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2994) =
2994
lseek(3, 59492, SEEK_SET) = 59492
read(3, "\1\0\2\0\330\n\0\0\20\0\0\0000\0\0\0\21ii\r\0\0\10\0\230"..., 160)
= 160
lseek(3, 448, SEEK_SET) = 448
read(3, "\7\4\0\0\331\5\0\0\0\0\0\0\306\4\0\0\253\2\0\0\0\0\0\0"..., 10120)
= 10120
lseek(3, 392, SEEK_SET) = 392
read(3, "\4\0\0\0\20\0\0\0\1\0\0\0GNU\0\0\0\0\0\2\0\0\0\6\0\0\0"..., 32) =
32
lseek(3, 0, SEEK_SET) = 0
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0*\1\000"..., 372)
= 372
lseek(3, 424, SEEK_SET) = 424
read(3, "\5\0\0\0\4\0\0\0SuSESuSE\0\0\0\0\1\0\n\2", 24) = 24
lseek(3, 72244, SEEK_SET) = 72244
read(3, "U\211\345\203\354\10\350\371\17\0\0\350|\20\0\0\350w\351"..., 23) =
23
lseek(3, 76288, SEEK_SET) = 76288
mmap2(NULL, 385024, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0)
= 0xb7a7c000
read(3, "1\355^\211\341\203\344\360PTR\350\"\0\0\0\201\303\344\25"...,
383476) = 383476
lseek(3, 459764, SEEK_SET) = 459764
read(3, "U\211\345S\203\354\4\350\0\0\0\0[\201\303\364;\1\0\350"..., 28) =
28
lseek(3, 459808, SEEK_SET) = 459808
read(3, "\3\0\0\0\1\0\2\0I have no name!\0rbash\0BA"..., 74912) = 74912
lseek(3, 534720, SEEK_SET) = 534720
read(3, "\1\33\3;(\0\0\0\4\0\0\0\360\323\376\377D\0\0\0\240\325"..., 44) =
44
lseek(3, 534764, SEEK_SET) = 534764
read(3, "\24\0\0\0\0\0\0\0\1zR\0\1|\10\1\33\f\4\4\210\1\0\0\34\0"..., 156) =
156
lseek(3, 549344, SEEK_SET) = 549344
mmap2(NULL, 4294959104, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = -1 ENOMEM (Cannot allocate memory)
brk(0x80cb000) = 0x80cb000
mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1,
0) = 0xb787c000
munmap(0xb787c000, 540672) = 0
munmap(0xb7a00000, 507904) = 0
mprotect(0xb7900000, 122880, PROT_READ|PROT_WRITE) = 0
mmap2(NULL, 4294959104, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1,
0) = -1 ENOMEM (Cannot allocate memory)
mmap2(NULL, 2097152, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1,
0) = 0xb7700000
munmap(0xb7800000, 1048576) = 0
mprotect(0xb7700000, 122880, PROT_READ|PROT_WRITE) = 0
munmap(0xb7700000, 1048576) = 0
write(1, "Out of memory\n", 14Out of memory
) = 14
exit_group(1) = ?
Process 5661 detached
crasher at localhost:~/tool>
Regards
--
--Ruhm
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.einherjar.de/pipermail/eresi-dev/attachments/20070920/0e5bb180/attachment-0001.html
More information about the eresi-dev
mailing list