LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 07-08-2010, 01:26 PM   #1
qwerty47
LQ Newbie
 
Registered: Jul 2010
Posts: 4

Rep: Reputation: 0
Why exactly was my process killed ???


I'm working on program to convert ELF executable files to our internal binary format and backwards using BFD.

I created hello word program and stripped it so it would be as simple as possible. Then I converted it to our binary format and back to ELF. Using readelf and objdump I compare original ELF to result of transforations. Most of information were the same, there were some small differences but I'm not able to say how serious it was. Disassembled code was the same.

When i run transformed ELF i get:
[peter@althotas linux]$ ./empty.elf
Killed
[peter@althotas linux]$

I wasn't expected it to run alright at the first time but now i need some info why was process killed, what info is missing or incorrect and where exactly it went wrong ?
Is there som error log somewhere ? Can I trace what exactly had happened ?
 
Old 07-08-2010, 02:06 PM   #2
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, Lubuntu, FreeBSD
Posts: 3,930
Blog Entries: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by qwerty47
Can I trace what exactly had happened ?
Check out strace(1).
 
Old 07-08-2010, 02:13 PM   #3
qwerty47
LQ Newbie
 
Registered: Jul 2010
Posts: 4

Original Poster
Rep: Reputation: 0
I have already try that. There are no useful info:
[peter@althotas linux]$ strace ./empty.elf
execve("./empty.elf", ["./empty.elf"], [/* 63 vars */] <unfinished ...>
+++ killed by SIGKILL +++
killed
[peter@althotas linux]$
 
Old 07-08-2010, 02:44 PM   #4
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 23,000
Blog Entries: 11

Rep: Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893Reputation: 893
Quote:
Originally Posted by qwerty47 View Post
I have already try that. There are no useful info:
[peter@althotas linux]$ strace ./empty.elf
execve("./empty.elf", ["./empty.elf"], [/* 63 vars */] <unfinished ...>
+++ killed by SIGKILL +++
killed
[peter@althotas linux]$
Try some more involved options?
Code:
strace -vFf ./empty.elf
 
Old 07-09-2010, 03:03 AM   #5
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 668

Rep: Reputation: 134Reputation: 134
Quote:
Originally Posted by qwerty47 View Post
I'm working on program to convert ELF executable files to our internal binary format and backwards using BFD.

I created hello word program and stripped it so it would be as simple as possible. Then I converted it to our binary format and back to ELF. Using readelf and objdump I compare original ELF to result of transforations. Most of information were the same, there were some small differences but I'm not able to say how serious it was. Disassembled code was the same.

When i run transformed ELF i get:
[peter@althotas linux]$ ./empty.elf
Killed
[peter@althotas linux]$



I wasn't expected it to run alright at the first time but now i need some info why was process killed, what info is missing or incorrect and where exactly it went wrong ?
Is there som error log somewhere ? Can I trace what exactly had happened ?
Please post output of
Code:
readelf -l
readelf -d
for original and converted ELF

My guess is that those "small differences" are a big issue
 
Old 07-09-2010, 04:18 AM   #6
qwerty47
LQ Newbie
 
Registered: Jul 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Original empty:
[peter@althotas linux]$ readelf -d empty
Dynamic section at offset 0x468 contains 21 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x8048254
0x0000000d (FINI) 0x804842c
0x00000004 (HASH) 0x8048148
0x6ffffef5 (GNU_HASH) 0x804816c
0x00000005 (STRTAB) 0x80481cc
0x00000006 (SYMTAB) 0x804818c
0x0000000a (STRSZ) 69 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x804953c
0x00000002 (PLTRELSZ) 16 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x8048244
0x00000011 (REL) 0x804823c
0x00000012 (RELSZ) 8 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x804821c
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x8048212
0x00000000 (NULL) 0x0

Transformed empty.elf:
[peter@althotas linux]$ readelf -d empty.elf
Dynamic section at offset 0x2468 contains 21 entries:
Tag Type Name/Value
0x00000001 (NEEDED) Shared library: [libc.so.6]
0x0000000c (INIT) 0x8048254
0x0000000d (FINI) 0x804842c
0x00000004 (HASH) 0x8048148
0x6ffffef5 (GNU_HASH) 0x804816c
0x00000005 (STRTAB) 0x80481cc
0x00000006 (SYMTAB) 0x804818c
0x0000000a (STRSZ) 69 (bytes)
0x0000000b (SYMENT) 16 (bytes)
0x00000015 (DEBUG) 0x0
0x00000003 (PLTGOT) 0x804953c
0x00000002 (PLTRELSZ) 16 (bytes)
0x00000014 (PLTREL) REL
0x00000017 (JMPREL) 0x8048244
0x00000011 (REL) 0x804823c
0x00000012 (RELSZ) 8 (bytes)
0x00000013 (RELENT) 8 (bytes)
0x6ffffffe (VERNEED) 0x804821c
0x6fffffff (VERNEEDNUM) 1
0x6ffffff0 (VERSYM) 0x8048212
0x00000000 (NULL) 0x0

Original empty:
[peter@althotas linux]$ readelf -l empty
Elf file type is EXEC (Executable file)
Entry point 0x80482c0
There are 7 program headers, starting at offset 52

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x08048034 0x08048034 0x000e0 0x000e0 R E 0x4
INTERP 0x000114 0x08048114 0x08048114 0x00013 0x00013 R 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x000000 0x08048000 0x08048000 0x00454 0x00454 R E 0x1000
LOAD 0x000454 0x08049454 0x08049454 0x00104 0x0010c RW 0x1000
DYNAMIC 0x000468 0x08049468 0x08049468 0x000d0 0x000d0 RW 0x4
NOTE 0x000128 0x08048128 0x08048128 0x00020 0x00020 R 0x4
GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x4

Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .interp .note.ABI-tag .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame
03 .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag
06

Transformed empty.elf:
[peter@althotas linux]$ readelf -l empty.elf
Elf file type is EXEC (Executable file)
Entry point 0x80482c0
There are 6 program headers, starting at offset 52

Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
PHDR 0x000034 0x00001034 0x00000000 0x000c0 0x000c0 R E 0x4
INTERP 0x001114 0x08048114 0x08048114 0x00014 0x00014 RW 0x1
[Requesting program interpreter: /lib/ld-linux.so.2]
LOAD 0x001000 0x00000000 0x00000000 0x00050 0x00050 RW 0x1000
LOAD 0x001114 0x08048114 0x08048114 0x01444 0x0144c RWE 0x1000
DYNAMIC 0x002468 0x08049468 0x08049468 0x000d0 0x000d0 RW 0x1
NOTE 0x001128 0x08048128 0x08048128 0x00020 0x00020 RW 0x1

Section to Segment mapping:
Segment Sections...
00
01 .interp
02 .comment
03 .interp .note.ABI-tag .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rel.dyn .rel.plt .init .plt .text .fini .rodata .eh_frame .ctors .dtors .jcr .dynamic .got .got.plt .data .bss
04 .dynamic
05 .note.ABI-tag

My program works with logical sections and I did nothing with segments, but I know that loader treats file as a set of segments. There are biggest differences in program segments which was created by BFD from my information about sections. Like I said I am not able to say how serious these differences are, I started working on this just 2 weeks ago (it is kind of student project). So if anyone can advice me what info are crucial to execute program or how can I trace what goes wrong I would be glad.

PS: I tried strace with many options but it is useless, it always ends with:
execve("./empty.elf", ["./empty.elf"], [/* 63 vars */] <unfinished ...>

I disassembled transformed ELF and instructions and their addresses are all right (same as original).

Last edited by qwerty47; 07-09-2010 at 04:24 AM.
 
Old 07-09-2010, 06:23 AM   #7
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 668

Rep: Reputation: 134Reputation: 134
Your original and regenerated program headers are very different (enought to kill any program

I don't think that without deep understanding of ELF format you have a chance to generate working ELF executables.

As a start you can have a look here:
http://www.skyfree.org/linux/references/ELF_Format.pdf
 
Old 07-09-2010, 09:57 AM   #8
qwerty47
LQ Newbie
 
Registered: Jul 2010
Posts: 4

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by Valery Reznic View Post
Your original and regenerated program headers are very different (enought to kill any program

I don't think that without deep understanding of ELF format you have a chance to generate working ELF executables.

As a start you can have a look here:
http://www.skyfree.org/linux/references/ELF_Format.pdf
I'm not completely unprepared, I did read ELF Specification and BFD documentation.
But thank you, you pointed me in right direction. Problem was in program headers, but not in big differences. BFD generates program header automatically from information about sections and I wasn't able to find a way to directly influence this. Our binary format is not rich enought to record all ELF section flags and when I transformed it back I lost some flags. BFD created wrong program header.

Now I add flags and it run fine, I'm going to try some more complex programs. But BFD generated Program header is still pretty different, it has less segments, different alignment and some other differences, but it looks it doesn't matter.

But I would still like to know answer to my first question. Is there a way to find out why was process killed ?
 
Old 07-15-2010, 12:40 PM   #9
Valery Reznic
ELF Statifier author
 
Registered: Oct 2007
Posts: 668

Rep: Reputation: 134Reputation: 134
Quote:
Originally Posted by qwerty47 View Post
I'm not completely unprepared, I did read ELF Specification and BFD documentation.
But thank you, you pointed me in right direction. Problem was in program headers, but not in big differences. BFD generates program header automatically from information about sections and I wasn't able to find a way to directly influence this. Our binary format is not rich enought to record all ELF section flags and when I transformed it back I lost some flags. BFD created wrong program header.

Now I add flags and it run fine, I'm going to try some more complex programs. But BFD generated Program header is still pretty different, it has less segments, different alignment and some other differences, but it looks it doesn't matter.

But I would still like to know answer to my first question. Is there a way to find out why was process killed ?
Process image built by kernel and dynamic linker (ld-linux.so.2). Information how built such image is in the programs headers. If you program has wrong headers - no hope at all that process will run. Headers instruct kernel/ld-linux WHERE to look for the code and data in the file, WHERE in the memory each part should be loaded, what permission each segment should have - mess something in the headers -
almost every bit here important - and segfault is more than likely
 
Old 12-12-2013, 01:08 AM   #10
h4hero
LQ Newbie
 
Registered: Dec 2013
Posts: 1

Rep: Reputation: Disabled
for future questioner I like to tell my case even if my reply is not timely about this thread. because I couldn't find proper answer from google.
I also had the same result when I ran my app. application exactly got SIGKILL during execv syscall. please refer to below
and just try to set 0 on "mmap min address". it will give you clue.

================================================
Linux kernel 2.6.31 on x86.

CONFIG_DEFAULT_MMAP_MIN_ADDR:

This is the portion of low virtual memory which should be protected
from userspace allocation. Keeping a user from writing to low pages
can help reduce the impact of kernel NULL pointer bugs.

For most ia64, ppc64 and x86 users with lots of address space
a value of 65536 is reasonable and should cause no problems.
On arm and other archs it should not be higher than 32768.
Programs which use vm86 functionality or have some need to map
this low address space will need CAP_SYS_RAWIO or disable this
protection by setting the value to 0.

This value can be changed after boot using the
/proc/sys/vm/mmap_min_addr tunable.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Oracle process being killed none00 Linux - Server 1 06-25-2008 09:13 AM
Finding Killed Process Harlin Linux - Security 3 11-01-2007 04:04 PM
find history of a job killed by "kernel: Out of Memory: Killed process" poulacou Linux - Server 3 09-20-2007 05:24 PM
how to prevent process from being killed? iclinux Linux - Newbie 7 01-14-2005 11:43 PM
Killed Process Problem chr Slackware 2 05-06-2003 02:33 AM


All times are GMT -5. The time now is 09:41 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration