反汇编---异常定位

时间:2021-11-17 00:57:23
<span style="font-size:24px;color:#ff0000;"><strong>linux反汇编</strong></span>

 

 

 

 
 

android hal 反汇编
 

./prebuilt/linux-x86/xxxx/arm-eabi-4.4.3/bin/arm-eabi-addr2line -C -e out/target/product/xxxx/symbols/system/lib/hw/xxxxxx.xxxxxxx.so 00005342

 


  
 


 

(1)、arm-eabi-objdump 反汇编工具

//程序代码:
static void dealMessage(void)
{
	int i=0;
	int buf[99];
	int *p = NULL;
	for (i=0; i<200; i++)
	{
		buf[i] = i;
		printk("%d ", buf[i]);
		if (i == 100)
			*p = 598;
	}
}


//错误信息:(串口打印出来的)
[  105.440000] Unable to handle kernel NULL pointer dereference at virtual address 00000000
[  105.440000] pgd = c690c000
[  105.450000] [00000000] *pgd=470da031, *pte=00000000, *ppte=00000000
[  105.450000] Internal error: Oops: 817 [#1] PREEMPT
[  105.450000] last sysfs file: /sys/devices/virtual/usb_composite/usb_mass_storage/enable
[  105.450000] Modules linked in: Test(+) 
[  105.450000] CPU: 0    Tainted: P        W    (2.6.35.7-tcc #256)
[  105.450000] PC is at dealMessage+0x24/0x38 [Test]
[  105.450000] LR is at dealMessage+0x1c/0x38 [Test]
[  105.450000] pc : [<bf355024>]    lr : [<bf35501c>]    psr: 60000013
[  105.450000] sp : cfa67f40  ip : 00000000  fp : bebf7860
[  105.450000] r10: 40101008  r9 : cfa66000  r8 : c00270c4
[  105.450000] r7 : 00010073  r6 : 00000256  r5 : 00000000  r4 : 00000065
[  105.450000] r3 : cfa67f34  r2 : cfa67f34  r1 : bf355054  r0 : 00000004
[  105.450000] Flags: nZCv  IRQs on  FIQs on  Mode SVC_32  ISA ARM  Segment user
[  105.450000] Control: 10c5387d  Table: 4690c019  DAC: 00000015

//如上面可以知道出错的地方为:
[  105.450000] PC is at dealMessage+0x24/0x38 [Test]
[  105.450000] LR is at dealMessage+0x1c/0x38 [Test]
//即 dealMessage()函数向下偏移 0x1C~0x24 的地方有错误,我们可以用反汇编工具:
	arm-eabi-objdump -D Test.ko  > Test.dis,主要内容如下:

00000000 <dealMessage>:
   0:	e92d4070 	push	{r4, r5, r6, lr}
   4:	e3a04000 	mov	r4, #0	; 0x0	/*r4的地址为null*/
   8:	e3006256 	movw	r6, #598	; 0x256
   c:	e1a05004 	mov	r5, r4			/*把r4地址给r5*/
  10:	e1a01004 	mov	r1, r4
  14:	e59f0018 	ldr	r0, [pc, #24]	; 34 <dealMessage+0x34>
  18:	ebfffffe 	bl	0 <printk>
  1c:	e3540064 	cmp	r4, #100	;  	/*判断r4是否为100*/       	|
  20:	e2844001 	add	r4, r4, #1	; 0x1            				|------------>//事发现场
  24:	05856000 	streq	r6, [r5]	/*把r6的值-> 地址r5*/		|
  28:	e35400c8 	cmp	r4, #200	; 0xc8
  2c:	1afffff7 	bne	10 <dealMessage+0x10>
  30:	e8bd8070 	pop	{r4, r5, r6, pc}
  34:	00000000 	.word	0x00000000




 


 


 

 

Unable to handle kernel paging request at virtual address bf8ffaf4
pgd = e4518000
[bf8ffaf4] *pgd=25ae1811, *pte=00000000, *ppte=00000000
Internal error: Oops: 7 [#1] PREEMPT SMP ARM
Modules linked in: hardware(O) harddevice(O) mmap(O) mmapdevice(O) debug(O) g_android musb_hdrc usbipod(O) usb_hcd_hub(O) drvcli(PO) ac83xx_cpufreq(O) mhl(PO) ybr_vga(PO) btdrv(PO) mtprealloc7601Usta(PO) gps(O) tvddrv(PO) wch(PO) vdec(PO) gdec(PO) jdec(PO) pdec(PO) dvpagent(PO) drv_demuxer(PO) rle_hw1(PO) adec(PO) dualarmbackcar(PO) dualarmdrv(PO) fb1(PO) fb(O) bkl(O) pwm(PO) mali(O) ump(O) gfx(O) imgresz(PO) mtz_drv(PO) drvmmisc(PO) drvatcbsp(PO) drvwinmsg(O) drvosal(PO) ac83xxinput(O) gt9xx oal(O) [last unloaded: wlan]
CPU: 1    Tainted: P           O  (3.4.35 #27)
PC is at strnlen+0xc/0x58
LR is at string.clone.1+0x2c/0xd0
pc : [<<span style="color:#ff6666;">c0223240</span>>]    lr : [<c02252dc>]    psr: a0000093
sp : e455bdd0  ip : 0000000c  fp : e455be08
r10: e47ce0da  r9 : c0536e38  r8 : bf8ffaf4
r7 : 0000000c  r6 : 00000010  r5 : e47cf000  r4 : e47ce0da
r3 : 00000010  r2 : bf8ffaf4  r1 : ffffffff  r0 : bf8ffaf4
Flags: NzCv  IRQs off  FIQs on  Mode SVC_32  ISA ARM  Segment user
Control: 10c5387d  Table: 2551806a  DAC: 00000015



[<c0223240>] (strnlen+0xc/0x58) from [<c02252dc>] (string.clone.1+0x2c/0xd0)
[<c02252dc>] (string.clone.1+0x2c/0xd0) from [<c0226348>] (vsnprintf+0x1e0/0x40c)
[<c0226348>] (vsnprintf+0x1e0/0x40c) from [<c0104b54>] (seq_printf+0x40/0x78)
[<c0104b54>] (seq_printf+0x40/0x78) from [<c0276854>] (wakeup_sources_stats_show+0x1b0/0x2c4)
[<c0276854>] (wakeup_sources_stats_show+0x1b0/0x2c4) from [<c0104ea0>] (seq_read+0x1f4/0x4b4)
[<c0104ea0>] (seq_read+0x1f4/0x4b4) from [<c00e7900>] (vfs_read+0xb0/0x144)
[<c00e7900>] (vfs_read+0xb0/0x144) from [<c00e79d4>] (sys_read+0x40/0x70)
[<c00e79d4>] (sys_read+0x40/0x70) from [<c000e440>] (ret_fast_syscall+0x0/0x30)
Code: e12fff1e e3510000 01a00001 012fff1e (e5d03000) 
---[ end trace b33c296f5a3e8e5f ]---
Kernel panic - not syncing: Fatal exception
CPU0: stopping
[<c001458
 
~/Projects/ac8317/autochips/release$ arm-linux-androideabi-addr2line -f -e vmlinux c0223240 


 输出: 

 strnlen 

 /root/AC8317/android4.2.2/kernel/lib/string.c:405 

 


 


 


 

WINCE
 

 

 在调试WinCE程序的时候,有时候会碰到Data/Prefetch Abort的异常,相信从事过WinCE开发的人对这种异常信息应该都不会陌生,系统会在调试控制台输出如下类似信息:
 

 Exception 'Prefetch Abort' (3): Thread-Id=05870016(pth=9970c000), Proc-Id=057c0016(pprc=9973cdd4)‘TCPClient.exe’,VM-active=057c0016(pprc=9973cdd4) 'TCPClient.exe'PC=00000004(???+0x00000004) RA=00011254(TCPClient.exe+0x00001254) SP=0011f954, BVA=00000004



 如下图:
 

  反汇编---异常定位
 

 Prefetch Abort和Data Abort的定位方法一样。
 

 其中RA=00011254就表示产生异常的地址,也可以通过TCPClient.exe+0x00001254中的
 

 0x00001254 + 0x00010000 = RA=00011254来计算。为什么是加上0x00010000呢?
 

 打开map文件,找到Preferred load address is 00010000的一段信息,你就明白要加上多少了。
 

 在map文件中找到比0x000011254小且最接近的一个值,本程序中为0x00011108,如下图:
 

  反汇编---异常定位
 

 就可以判断是该函数中出了问题,要想找到具体出错在那一行,还得利用.cod文件进行定位。
 

 SocketThreadFunc函数的起始地址为0x00011108,错误处的偏移地址为:
 

 0x14C = 000011254 - 0x00011108(可以用windows计算器计算)。计算出偏移地址后,打开cod文件,寻找0x14C出现的位置,可以用记事本打开cod文件,用Ctrl+F查找14C,会定位到如下信息:
 

 反汇编---异常定位
 

 前边的;127就表示错误发生在代码中的第127行,分号应该是注释吧。
 

  
 

 VS2005默认不会生成.map文件和.cod文件,修改以下两处就可以生成这两个文件了:



 1.(.map)文件:在工程目录上右键->Properties->Configuration Properties->Linker->Debugging->Generate Map File(选择Yes(/MAP));
 

 2.(.cod)文件:在工程目录上右键->Properties->Configuration Properties->C/C++->Output Files->Assembler Output(选择Assembly,Machine Code and Source(/FAcs))。
 


  
标签:
相关文章