mcpat-it
commented
7 years ago I tried to compress upx 3.93 with upx 3.91:
works without lzma option, with lzma option I get this error:
Segmentation fault (core dumped)
Closed mcpat-it closed 7 years ago
mcpat-it
commented
7 years ago I tried to compress upx 3.93 with upx 3.91:
works without lzma option, with lzma option I get this error:
Segmentation fault (core dumped)
markus-oberhumer
commented
7 years ago I think this are two issues:
lzma doesn't work on linux/arm and linux/ppc
something is wrong with the displayed file size
FYI, linux/arm is the new name for linux/armel, and the decompression stub has grown by a few bytes
jreiser
commented
7 years ago @pwaliner Please clarify which compressed program gets the SIGSEGV, and the environment in which it was running. I'm confused because the first Comment mentions "work in putty" but names the file "XXXX".
Also, what is the smallest program which fails? Does /bin/date work when compresed?
mcpat-it
commented
7 years ago upx ist the program which gets the SIGSEGV (upx compressed with upx...), the environment ist my dreambox DM900 (armv7l). Please forget the comment "work in putty", because the programms compressed with lzma don't work on the DM900...
compressed /bin/date:
./upx --lzma -3 date
./date --help
Bus error (core dumped)maybe we should update the lzma-sdk to the latest version? I cannot find a newer version for upx...
I tried to compile 3.91 with lzma sdk 16.04 (latest version), compress date with lzma is working... also tried it with another programm, seems also working. But compressing upx with upx with lzma fails again?!
jreiser
commented
7 years ago linux/arm works for me. The released [https://github.com/upx/upx/releases] upx-3.93-amd64_linux.tar.xz works for me on /bin/date from my raspberry pi ARM linux.
## execute on amd64 machine
$ upx-3.93-amd64_linux/upx --lzma -3 -o date-linux-arm.upx393-lzma-3 date-linux-arm
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2017
UPX 3.93 Markus Oberhumer, Laszlo Molnar & John Reiser Jan 29th 2017
File size Ratio Format Name
-------------------- ------ ----------- -----------
54980 -> 27576 50.16% linux/arm date-linux-arm.upx393-lzma-3
## execute on raspberry pi machine
$ strace -o strace.out ./date-linux-arm.upx393-lzma-3 --help | wc -l
95 ## lines of output from "date --help"
$ cat strace.out ## showing system calls by the upx stub
execve("./date-linux-arm.upx393-lzma-3", ["./date-linux-arm.upx393-lzma-3"], [/* 27 vars */]) = 0
mmap2(0x28000, 29072, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x28000
cacheflush(0x2d844, 0x2e240, 0, 0xea000000, 0x20000) = 0
cacheflush(0x2e244, 0x2ec70, 0, 0, 0x20000) = 0
readlink("/proc/self/exe", "/home/pi/date-linux-arm.upx393-lzma-3"..., 4095) = 37
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0x7ed70000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x7ed70000
close(3) = 0
cacheflush(0x7ed6f4d0, 0x7ed6f624, 0, 0, 0x7ed6f4b8) = 0
mmap2(0x8000, 51636, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8000
cacheflush(0x8000, 0x8154, 0, 0, 0x7ed6f464) = 0
cacheflush(0x8154, 0x149b4, 0, 0, 0x7ed6f464) = 0
cacheflush(0x149b4, 0x149bc, 0, 0xe1a0f00e, 0x149b4) = 0
mprotect(0x8000, 51636, PROT_READ|PROT_EXEC) = 0
mmap2(0x1c000, 4420, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1c000
cacheflush(0x1ceec, 0x1d144, 0, 0, 0x7ed6f464) = 0
mprotect(0x1c000, 4420, PROT_READ|PROT_WRITE) = 0
brk(0x1e000) = 0xd69000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\360\16\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 159744, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76f05000
mmap2(0x76f05000, 118276, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x76f05000
mmap2(0x76f2a000, 6260, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1d) = 0x76f2a000
close(3) = 0
munmap(0x28000, 29072) = 0
## upx stub is finished; ld-linux-armhf starts
brk(0) = 0xd69000
uname({sys="Linux", node="raspberrypi", ...}) = 0
[[snip]]Attached is the compressed file, zipped. date-linux-arm.upx393-lzma-3.zip
Please run strace on your box, and compare.
mcpat-it
commented
7 years ago Hi,
root@dm900:/media/usb/building/upx# ./upx.392 --version
upx 3.92
UCL data compression library 1.03
zlib data compression library 1.2.8
LZMA SDK version 4.43
Copyright (C) 1996-2016 Markus Franz Xaver Johannes Oberhumer
Copyright (C) 1996-2016 Laszlo Molnar
Copyright (C) 2000-2016 John F. Reiser
Copyright (C) 2002-2016 Jens Medoch
Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler
Copyright (C) 1999-2006 Igor Pavlov
UPX comes with ABSOLUTELY NO WARRANTY; for details type 'upx.392 -L'.
root@dm900:/media/usb/building/upx# ./upx.392 --lzma -3 -o date-lzma-3 date
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2016
UPX 3.92 Markus Oberhumer, Laszlo Molnar & John Reiser Dec 11th 2016
File size Ratio Format Name
-------------------- ------ ----------- -----------
61264 -> 30376 49.58% linux/arm date-lzma-3
Packed 1 file.
root@dm900:/media/usb/building/upx# strace -o strace.out ./date-lzma-3 --help | wc -l
0execve("./date-lzma", ["./date-lzma", "--help"], [/* 15 vars */]) = 0
mmap2(0x40000, 31872, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40000
cacheflush(0x46334, 0x46d40, 0, 0xe3a0201e, 0x30000) = 0
cacheflush(0x46d44, 0x47770, 0, 0, 0x30000) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/date-lzm"..., 4095) = 33
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0xbefcc000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xbefcc000
close(3) = 0
cacheflush(0xbefcb50c, 0xbefcb640, 0, 0, 0xbefcb4f4) = 0
mmap2(0x10000, 59156, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0, 0xbefcb4a0) = 0
cacheflush(0x10134, 0x1e714, 0, 0, 0xbefcb4a0) = 0
cacheflush(0x1e714, 0x1e71c, 0, 0xe1a0f00e, 0x1e714) = 0
mprotect(0x10000, 59156, PROT_READ|PROT_EXEC) = 0
mmap2(0x2e000, 2456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2e000
cacheflush(0x2e714, 0x2e998, 0, 0, 0xbefcb4a0) = 0
mprotect(0x2e000, 2456, PROT_READ|PROT_WRITE) = 0
brk(0x2f000) = 0x6bb000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6ed9000
mmap2(0xb6ed9000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6ed9000
mmap2(0xb6f09000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6f09000
close(3) = 0
munmap(0x40000, 31872) = 0
brk(NULL) = 0x6bb000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6ed8000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33168, ...}) = 0
mmap2(NULL, 33168, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6ecf000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6d8c000
mprotect(0xb6eb9000, 65536, PROT_NONE) = 0
mmap2(0xb6ec9000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6ec9000
mmap2(0xb6ecc000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6ecc000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6d8b000
set_tls(0xb6d8b4c0, 0xb6d8bb98, 0xb6f0a050, 0xb6d8b4c0, 0xb6f0a050) = 0
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0xbefcbd7c} ---
+++ killed by SIGBUS (core dumped) +++root@dm900:/media/usb/building/upx# ./upx --version
upx 3.91
UCL data compression library 1.03
LZMA SDK version 16.04
Copyright (C) 1996-2013 Markus Franz Xaver Johannes Oberhumer
Copyright (C) 1996-2013 Laszlo Molnar
Copyright (C) 2000-2013 John F. Reiser
Copyright (C) 2002-2013 Jens Medoch
Copyright (C) 1999-2006 Igor Pavlov
UPX comes with ABSOLUTELY NO WARRANTY; for details type 'upx -L'.
root@dm900:/media/usb/building/upx# ./upx -o date-lzma-3 date
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2013
UPX 3.91 Markus Oberhumer, Laszlo Molnar & John Reiser Sep 30th 2013
File size Ratio Format Name
-------------------- ------ ----------- -----------
61264 -> 34024 55.54% linux/armel date-lzma-3
Packed 1 file.
root@dm900:/media/usb/building/upx# strace -o strace.out ./date-lzma-3 --help | wc -l
100execve("./date-lzma-3", ["./date-lzma-3", "--help"], [/* 15 vars */]) = 0
mmap2(0x40000, 35004, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40000
cacheflush(0x47994, 0x47a80, 0, 0x32811001, 0x30000) = 0
cacheflush(0x47a84, 0x4842c, 0, 0x47a84, 0) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/date-lzm"..., 4095) = 35
cacheflush(0xbea9d368, 0xbea9d49c, 0, 0xbea9d368, 0) = 0
mmap2(0x10000, 59156, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0x10000, 0) = 0
cacheflush(0x10134, 0x1e714, 0, 0x10134, 0) = 0
cacheflush(0x1e714, 0x1e71c, 0, 0xe1a0f00e, 0x1e714) = 0
mprotect(0x10000, 59156, PROT_READ|PROT_EXEC) = 0
mmap2(0x2e000, 2456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2e000
cacheflush(0x2e714, 0x2e998, 0, 0x2e714, 0) = 0
mprotect(0x2e000, 2456, PROT_READ|PROT_WRITE) = 0
brk(0x2f000) = 0x1637000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6ef7000
mmap2(0xb6ef7000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6ef7000
mmap2(0xb6f27000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6f27000
close(3) = 0
munmap(0x41000, 30908) = 0
brk(NULL) = 0x1637000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6ef6000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33168, ...}) = 0
mmap2(NULL, 33168, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6eed000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6daa000
mprotect(0xb6ed7000, 65536, PROT_NONE) = 0
mmap2(0xb6ee7000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6ee7000
mmap2(0xb6eea000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6eea000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6da9000
set_tls(0xb6da94c0, 0xb6da9b98, 0xb6f28050, 0xb6da94c0, 0xb6f28050) = 0
mprotect(0xb6ee7000, 8192, PROT_READ) = 0
mprotect(0xb6f27000, 4096, PROT_READ) = 0
munmap(0xb6eed000, 33168) = 0
brk(NULL) = 0x1637000
brk(0x1658000) = 0x1658000
fstat64(1, {st_mode=S_IFIFO|0600, st_size=0, ...}) = 0
write(1, "Usage: ./date-lzma-3 [OPTION]..."..., 4096) = 4096
write(1, "e US (use tzselect(1) to find TZ"..., 463) = 463
close(1) = 0
close(2) = 0
exit_group(0) = ?
+++ exited with 0 +++I can see, that the compressed file is bigger (34024 vs 30376) but it is working...
Is it normal, that I cannot see the libraries with:
root@dm900:/media/usb/building/upx# ldd date-lzma-3
not a dynamic executable
root@dm900:/media/usb/building/upx# ldd date
libc.so.6 => /lib/libc.so.6 (0xb6e84000)
/lib/ld-linux-armhf.so.3 (0xb6fc7000)@pwallner Yes, it is normal that the PT_DYNAMIC info has been compressed and thus ldd cannot see it. The only things that matter to execve() are PT_LOADs (specified by Elf32_Phdr) and some of the info in Elf32_Ehdr.
jreiser
commented
7 years ago @pwallner Please attach your compressed /bin/date (date-lzma-3) which gets SIGBUS. Put it in a .zip file, then upload. (For an example, see my date-linux-arm.upx393-lzma-3.zip of two days ago.) I want to look at the failing case.
mcpat-it
commented
7 years ago @jreiser here the requested file. The working one is from the patched 3.91 (with latest lzma sdk), the non-working one ist from 3.92 source.
Regards Patrick
jreiser
commented
7 years ago Reporting of output file size during un-compress (upx -d) is fixed by above commit on devel branch.
jreiser
commented
7 years ago 32-bit PowerPC lzma has been fixed.
jreiser
commented
7 years ago @pwallner In date_lzma_3.zip of 6 days ago, neither compression used --lzma:
$ ../upx.out --fileinfo date*working
date-lzma-3-notworking [arm-linux.elf, linux/arm]
34120 bytes, compressed by UPX 13, method 3, level 8, filter 0x50/0x00
date-lzma-3-working [arm-linux.elf, linux/arm]
34024 bytes, compressed by UPX 13, method 3, level 8, filter 0x50/0x00In src/conf.h, method 3 is M_NRV2B_8, the default for ARM (because it requires alignment to fetch a 32-bit quantity as the upx decompression stub desires, and the code is ugly to patch together 4 bytes). M_LZMA is method 14.
Do you have a failing example which uses lzma? One that does not use clock_settime@GLIBC_2.17 would be nice, because GLIBC_2.4 is the highest I can run on my raspberry pi. I have re-verified again that --lzma works for me on ARM using tip of devel branch. Please try that, or the date-linux-arm.upx393-lzma-3.zip of 9 days ago.
mcpat-it
commented
7 years ago @jreiser please find attached the requested file. both of them (lzma method 14 - level 4 and level 10) not working...
strace -o strace.out ./date-lzma-m14-l10 --help | wc -l
execve("./date-lzma-m14-l10", ["./date-lzma-m14-l10", "--help"], [/* 15 vars */]) = 0
mmap2(0x40000, 31872, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40000
cacheflush(0x46334, 0x46d40, 0, 0xe3a0201e, 0x30000) = 0
cacheflush(0x46d44, 0x47770, 0, 0, 0x30000) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/date-lzm"..., 4095) = 41
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0xbea68000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xbea68000
close(3) = 0
cacheflush(0xbea6750c, 0xbea67640, 0, 0, 0xbea674f4) = 0
mmap2(0x10000, 59156, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0, 0xbea674a0) = 0
cacheflush(0x10134, 0x1e714, 0, 0, 0xbea674a0) = 0
cacheflush(0x1e714, 0x1e71c, 0, 0xe1a0f00e, 0x1e714) = 0
mprotect(0x10000, 59156, PROT_READ|PROT_EXEC) = 0
mmap2(0x2e000, 2456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2e000
cacheflush(0x2e714, 0x2e998, 0, 0, 0xbea674a0) = 0
mprotect(0x2e000, 2456, PROT_READ|PROT_WRITE) = 0
brk(0x2f000) = 0x771000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f7f000
mmap2(0xb6f7f000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6f7f000
mmap2(0xb6faf000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6faf000
close(3) = 0
munmap(0x40000, 31872) = 0
brk(NULL) = 0x771000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f7e000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33650, ...}) = 0
mmap2(NULL, 33650, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f75000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e32000
mprotect(0xb6f5f000, 65536, PROT_NONE) = 0
mmap2(0xb6f6f000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6f6f000
mmap2(0xb6f72000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f72000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e31000
set_tls(0xb6e314c0, 0xb6e31b98, 0xb6fb0050, 0xb6e314c0, 0xb6fb0050) = 0
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0xbea67d7c} ---
+++ killed by SIGBUS (core dumped) +++and with file wiht level 8
./upx.392 --fileinfo date-lzma
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2016
UPX 3.92 Markus Oberhumer, Laszlo Molnar & John Reiser Dec 11th 2016
date-lzma [arm-linux.elf, linux/arm]
30376 bytes, compressed by UPX 13, method 14, level 8, filter 0x50/0x00I also get the error:
execve("./date-lzma", ["./date-lzma", "--help"], [/* 15 vars */]) = 0
mmap2(0x40000, 31872, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40000
cacheflush(0x46334, 0x46d40, 0, 0xe3a0201e, 0x30000) = 0
cacheflush(0x46d44, 0x47770, 0, 0, 0x30000) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/date-lzm"..., 4095) = 33
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0xbe984000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xbe984000
close(3) = 0
cacheflush(0xbe98350c, 0xbe983640, 0, 0, 0xbe9834f4) = 0
mmap2(0x10000, 59156, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0, 0xbe9834a0) = 0
cacheflush(0x10134, 0x1e714, 0, 0, 0xbe9834a0) = 0
cacheflush(0x1e714, 0x1e71c, 0, 0xe1a0f00e, 0x1e714) = 0
mprotect(0x10000, 59156, PROT_READ|PROT_EXEC) = 0
mmap2(0x2e000, 2456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2e000
cacheflush(0x2e714, 0x2e998, 0, 0, 0xbe9834a0) = 0
mprotect(0x2e000, 2456, PROT_READ|PROT_WRITE) = 0
brk(0x2f000) = 0xf19000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f28000
mmap2(0xb6f28000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6f28000
mmap2(0xb6f58000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6f58000
close(3) = 0
munmap(0x40000, 31872) = 0
brk(NULL) = 0xf19000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f27000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33650, ...}) = 0
mmap2(NULL, 33650, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f1e000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6ddb000
mprotect(0xb6f08000, 65536, PROT_NONE) = 0
mmap2(0xb6f18000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6f18000
mmap2(0xb6f1b000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f1b000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6dda000
set_tls(0xb6dda4c0, 0xb6ddab98, 0xb6f59050, 0xb6dda4c0, 0xb6f59050) = 0
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0xbe983d7c} ---
+++ killed by SIGBUS (core dumped) +++
I have glibc_2.23 on my dreambox. I have tested your file date-linux-arm.upx393-lzma-3.zip of 9 days ago on my dreambox, also seg. fault... But when I decompress your file, it works with "--help" and "--version" on my dreambox. It fails only when compressed. Maybe there is something wrong with the libs of the dreambox? Sorry I cannot compile glibc 2.4:
checking sysdep dirs... configure: error: The armv7l is not supported.
But now I see, method 3 is also not working on dreambox....
mcpat-it
commented
7 years ago @jreiser I tried the latest devel Version (3.94), same error...
./upx.devel --version
upx 3.94
UCL data compression library 1.03
zlib data compression library 1.2.8
LZMA SDK version 4.43
Copyright (C) 1996-2017 Markus Franz Xaver Johannes Oberhumer
Copyright (C) 1996-2017 Laszlo Molnar
Copyright (C) 2000-2017 John F. Reiser
Copyright (C) 2002-2017 Jens Medoch
Copyright (C) 1995-2005 Jean-loup Gailly and Mark Adler
Copyright (C) 1999-2006 Igor Pavlov
UPX comes with ABSOLUTELY NO WARRANTY; for details type 'upx.devel -L'../upx.devel --lzma date -o date.devel
execve("./date.devel", ["./date.devel", "--help"], [/* 15 vars */]) = 0
mmap2(0x40000, 31872, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40000
cacheflush(0x46334, 0x46d40, 0, 0xe28f1014, 0x30000) = 0
cacheflush(0x46d44, 0x47770, 0, 0, 0x30000) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/date.dev"..., 4095) = 34
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0xbef20000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xbef20000
close(3) = 0
cacheflush(0xbef1f50c, 0xbef1f640, 0, 0, 0xbef1f4f4) = 0
mmap2(0x10000, 59156, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0, 0xbef1f4a0) = 0
cacheflush(0x10134, 0x1e714, 0, 0, 0xbef1f4a0) = 0
cacheflush(0x1e714, 0x1e71c, 0, 0xe1a0f00e, 0x1e714) = 0
mprotect(0x10000, 59156, PROT_READ|PROT_EXEC) = 0
mmap2(0x2e000, 2456, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2e000
cacheflush(0x2e714, 0x2e998, 0, 0, 0xbef1f4a0) = 0
mprotect(0x2e000, 2456, PROT_READ|PROT_WRITE) = 0
brk(0x2f000) = 0xfe4000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f24000
mmap2(0xb6f24000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6f24000
mmap2(0xb6f54000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6f54000
close(3) = 0
munmap(0x40000, 31872) = 0
brk(NULL) = 0xfe4000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f23000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33650, ...}) = 0
mmap2(NULL, 33650, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f1a000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6dd7000
mprotect(0xb6f04000, 65536, PROT_NONE) = 0
mmap2(0xb6f14000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6f14000
mmap2(0xb6f17000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f17000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6dd6000
set_tls(0xb6dd64c0, 0xb6dd6b98, 0xb6f55050, 0xb6dd64c0, 0xb6f55050) = 0
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0xbef1fd7c} ---
+++ killed by SIGBUS (core dumped) +++I have uploaded another file for testing (method 14)
If you use "-V" with this file, also seg. fault...
execve("./oscam", ["./oscam", "-V"], [/* 15 vars */]) = 0
mmap2(0x200000, 506112, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x200000
cacheflush(0x279fb4, 0x27a9c0, 0, 0xe28f1014, 0x1f0000) = 0
cacheflush(0x27a9c4, 0x27b3f0, 0, 0, 0x1f0000) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/oscam", 4095) = 29
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0xbedbc000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xbedbc000
close(3) = 0
cacheflush(0xbedbb50c, 0xbedbb640, 0, 0, 0xbedbb4f4) = 0
mmap2(0x10000, 1729208, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0, 0xbedbb4a0) = 0
cacheflush(0x10134, 0x1b62b8, 0, 0, 0xbedbb4a0) = 0
cacheflush(0x1b62b8, 0x1b62c0, 0, 0xe1a0f00e, 0x1b62b8) = 0
mprotect(0x10000, 1729208, PROT_READ|PROT_EXEC) = 0
mmap2(0x1c6000, 12000, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1c6000
cacheflush(0x1c62b8, 0x1c8ee0, 0, 0, 0xbedbb4a0) = 0
mprotect(0x1c6000, 12000, PROT_READ|PROT_WRITE) = 0
mmap2(0x1c9000, 148208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1c9000
brk(0x1ee000) = 0x13f8000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f04000
mmap2(0xb6f04000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6f04000
mmap2(0xb6f34000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6f34000
close(3) = 0
munmap(0x200000, 506112) = 0
brk(NULL) = 0x13f8000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f03000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33650, ...}) = 0
mmap2(NULL, 33650, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6efa000
close(3) = 0
open("/usr/lib/libssl.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0`\322\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=317560, ...}) = 0
mmap2(NULL, 381792, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e9c000
mprotect(0xb6ee4000, 65536, PROT_NONE) = 0
mmap2(0xb6ef4000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x48000) = 0xb6ef4000
close(3) = 0
open("/usr/lib/libcrypto.so.1.0.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0@'\4\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1511300, ...}) = 0
mmap2(NULL, 1589240, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6d18000
mprotect(0xb6e73000, 61440, PROT_NONE) = 0
mmap2(0xb6e82000, 94208, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15a000) = 0xb6e82000
mmap2(0xb6e99000, 12280, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6e99000
close(3) = 0
open("/lib/libusb-1.0.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\f)\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=81088, ...}) = 0
mmap2(NULL, 145408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6cf4000
mprotect(0xb6d08000, 61440, PROT_NONE) = 0
mmap2(0xb6d17000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13000) = 0xb6d17000
close(3) = 0
open("/lib/librt.so.1", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\0\27\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=26560, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6cf3000
mmap2(NULL, 90640, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6cdc000
mprotect(0xb6ce2000, 61440, PROT_NONE) = 0
mmap2(0xb6cf1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x5000) = 0xb6cf1000
close(3) = 0
open("/lib/libpthread.so.0", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\3\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0LI\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=92700, ...}) = 0
mmap2(NULL, 164424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6cb3000
mprotect(0xb6cc9000, 61440, PROT_NONE) = 0
mmap2(0xb6cd8000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15000) = 0xb6cd8000
mmap2(0xb6cda000, 4680, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6cda000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0,\t\0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=9728, ...}) = 0
mmap2(NULL, 73912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6ca0000
mprotect(0xb6ca2000, 61440, PROT_NONE) = 0
mmap2(0xb6cb1000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1000) = 0xb6cb1000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6b5d000
mprotect(0xb6c8a000, 65536, PROT_NONE) = 0
mmap2(0xb6c9a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6c9a000
mmap2(0xb6c9d000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6c9d000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6b5c000
set_tls(0xb6b5c870, 0xb6b5cf48, 0xb6f35050, 0xb6b5c870, 0xb6f35050) = 0
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0xbedbbd7c} ---
+++ killed by SIGBUS (core dumped) +++@pwallner Let's try something even simpler.
===== test1.c
int const x[10000] = {1,2,3};
int main(int argc, char const *argv[])
{
return x[1];
}
=====
$ gcc -g -o test1 test1.c
$ upx -o test1.upx test1 ## default method 3
$ upx --fileinfo test1.upx
test1.upx [arm-linux.elf, linux/arm]
5744 bytes, compressed by UPX 13, method 3, level 8, filter 0x50/0x00
[test1.upx.zip](https://github.com/upx/upx/files/771108/test1.upx.zip)
$ strace ./test1.upx
execve("./test1.upx", ["./test1.upx"], [/* 27 vars */]) = 0
mmap2(0x28000, 7808, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x28000
cacheflush(0x28534, 0x28620, 0, 0x32811001, 0x20000) = 0
cacheflush(0x28624, 0x29050, 0, 0x28624, 0) = 0
readlink("/proc/self/exe", "/home/pi/test1.upx", 4095) = 18
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0x7ec14000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x7ec14000
close(3) = 0
cacheflush(0x7ec134d0, 0x7ec13604, 0, 0x7ec134d0, 0) = 0
mmap2(0x8000, 41084, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x8000
cacheflush(0x8000, 0x8134, 0, 0x8000, 0) = 0
cacheflush(0x8134, 0x1207c, 0, 0x8134, 0) = 0
cacheflush(0x1207c, 0x12084, 0, 0xe1a0f00e, 0x1207c) = 0
mprotect(0x8000, 41084, PROT_READ|PROT_EXEC) = 0
mmap2(0x1a000, 412, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1a000
cacheflush(0x1a07c, 0x1a19c, 0, 0x1a07c, 0) = 0
mprotect(0x1a000, 412, PROT_READ|PROT_WRITE) = 0
brk(0x1b000) = 0x1c72000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\360\16\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 159744, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76f4a000
mmap2(0x76f4a000, 118276, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0x76f4a000
mmap2(0x76f6f000, 6260, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x1d) = 0x76f6f000
close(3) = 0
munmap(0x28000, 7808) = 0
brk(0) = 0x1c72000
uname({sys="Linux", node="raspberrypi", ...}) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76f48000
access("/etc/ld.so.preload", R_OK) = 0
open("/etc/ld.so.preload", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=44, ...}) = 0
mmap2(NULL, 44, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0x76f47000
close(3) = 0
open("/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\270\4\0\0004\0\0\0"..., 512) = 512
lseek(3, 7276, SEEK_SET) = 7276
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1080) = 1080
lseek(3, 7001, SEEK_SET) = 7001
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=10170, ...}) = 0
mmap2(NULL, 39740, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x76f3d000
mprotect(0x76f3f000, 28672, PROT_NONE) = 0
mmap2(0x76f46000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0x76f46000
close(3) = 0
munmap(0x76f47000, 44) = 0
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=61432, ...}) = 0
mmap2(NULL, 61432, PROT_READ, MAP_PRIVATE, 3, 0) = 0x76f2e000
close(3) = 0
access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory)
open("/lib/arm-linux-gnueabihf/libc.so.6", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\214y\1\0004\0\0\0"..., 512) = 512
lseek(3, 1215264, SEEK_SET) = 1215264
read(3, "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 1360) = 1360
lseek(3, 1214828, SEEK_SET) = 1214828
read(3, "A.\0\0\0aeabi\0\1$\0\0\0\0056\0\6\6\10\1\t\1\n\2\22\4\24\1\25"..., 47) = 47
fstat64(3, {st_mode=S_IFREG|0755, st_size=1216624, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76f47000
mmap2(NULL, 1258784, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x76dfa000
mprotect(0x76f20000, 32768, PROT_NONE) = 0
mmap2(0x76f28000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x126) = 0x76f28000
mmap2(0x76f2b000, 9504, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x76f2b000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x76df9000
set_tls(0x76df94c0, 0x76df9b98, 0x76f70048, 0x76df94c0, 0x76f70048) = 0
mprotect(0x76f28000, 8192, PROT_READ) = 0
mprotect(0x76f6f000, 4096, PROT_READ) = 0
munmap(0x76f2e000, 61432) = 0
exit_group(2) = ?Please try that. The attached test1.upx.zip is what I get. The output from strace in your last 3 comments show that the upx stub decompresses, mmaps the PT_INTERP and shared libraries; then the PT_INTERP executes.
When you see a failure of test1.upx, then please run under gdb and show the state of memory mapping:
$ gdb test1.upx
(gdb) run
SIGBUS
(gdb) info reg ## show registers
(gdb) x/9i $pc-4*4 ## show instruction stream around the program counter
(gdb) x/32x $sp ## display 32 words of memory at stack pointer
(gdb) info proc
(gdb) shell cat /proc/<pid>/maps ## <pid> is processID shown by gdbOk, here the result:
root@dm900:/media/usb/building/upx# gcc -g -o test1 test1.c
root@dm900:/media/usb/building/upx# ./upx.devel -o test1.upx test1
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2017
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser Jan 30th 2017
File size Ratio Format Name
-------------------- ------ ----------- -----------
49788 -> 7156 14.37% linux/arm test1.upx
Packed 1 file.
root@dm900:/media/usb/building/upx# ./upx.devel --fileinfo test1.upx
Ultimate Packer for eXecutables
Copyright (C) 1996 - 2017
UPX 3.94 Markus Oberhumer, Laszlo Molnar & John Reiser Jan 30th 2017
test1.upx [arm-linux.elf, linux/arm]
7156 bytes, compressed by UPX 13, method 3, level 8, filter 0x50/0x00
root@dm900:/media/usb/building/upx# strace ./test1.upx
execve("./test1.upx", ["./test1.upx"], [/* 15 vars */]) = 0
mmap2(0x40000, 7856, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40000
cacheflush(0x40564, 0x40660, 0, 0x2afffffb, 0x30000) = 0
cacheflush(0x40664, 0x41090, 0, 0x40664, 0) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/test1.up"..., 4095) = 33
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0xbeef0000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xbeef0000
close(3) = 0
cacheflush(0xbeeef510, 0xbeeef644, 0, 0xbeeef510, 0) = 0
mmap2(0x10000, 41164, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0x10000, 0) = 0
cacheflush(0x10134, 0x1a0cc, 0, 0x10134, 0) = 0
cacheflush(0x1a0cc, 0x1a0d4, 0, 0xe1a0f00e, 0x1a0cc) = 0
mprotect(0x10000, 41164, PROT_READ|PROT_EXEC) = 0
mmap2(0x2a000, 484, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a000
cacheflush(0x2a0cc, 0x2a1e4, 0, 0x2a0cc, 0) = 0
mprotect(0x2a000, 484, PROT_READ|PROT_WRITE) = 0
brk(0x2b000) = 0xe76000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6fa6000
mmap2(0xb6fa6000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6fa6000
mmap2(0xb6fd6000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6fd6000
close(3) = 0
munmap(0x40000, 7856) = 0
brk(NULL) = 0xe76000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6fa5000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33650, ...}) = 0
mmap2(NULL, 33650, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f9c000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e59000
mprotect(0xb6f86000, 65536, PROT_NONE) = 0
mmap2(0xb6f96000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6f96000
mmap2(0xb6f99000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f99000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e58000
set_tls(0xb6e584c0, 0xb6e58b98, 0xb6fd7050, 0xb6e584c0, 0xb6fd7050) = 0
mprotect(0xb6f96000, 8192, PROT_READ) = 0
mprotect(0xb6fd6000, 4096, PROT_READ) = 0
munmap(0xb6f9c000, 33650) = 0
exit_group(2) = ?
+++ exited with 2 +++But with a paramter the compressed file has an error:
root@dm900:/media/usb/building/upx# ./test1.upx 2
Bus error (core dumped)
root@dm900:/media/usb/building/upx# strace ./test1.upx 1
execve("./test1.upx", ["./test1.upx", "1"], [/* 15 vars */]) = 0
mmap2(0x40000, 7856, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x40000
cacheflush(0x40564, 0x40660, 0, 0x2afffffb, 0x30000) = 0
cacheflush(0x40664, 0x41090, 0, 0x40664, 0) = 0
readlink("/proc/self/exe", "/media/usb/building/upx/test1.up"..., 4095) = 33
open("/proc/self/exe", O_RDONLY) = 3
mmap2(0xbeb54000, 4096, PROT_READ, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xbeb54000
close(3) = 0
cacheflush(0xbeb5350c, 0xbeb53640, 0, 0xbeb5350c, 0) = 0
mmap2(0x10000, 41164, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x10000
cacheflush(0x10000, 0x10134, 0, 0x10000, 0) = 0
cacheflush(0x10134, 0x1a0cc, 0, 0x10134, 0) = 0
cacheflush(0x1a0cc, 0x1a0d4, 0, 0xe1a0f00e, 0x1a0cc) = 0
mprotect(0x10000, 41164, PROT_READ|PROT_EXEC) = 0
mmap2(0x2a000, 484, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x2a000
cacheflush(0x2a0cc, 0x2a1e4, 0, 0x2a0cc, 0) = 0
mprotect(0x2a000, 484, PROT_READ|PROT_WRITE) = 0
brk(0x2b000) = 0x1c1e000
open("/lib/ld-linux-armhf.so.3", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\300\n\0\0004\0\0\0"..., 512) = 512
mmap2(NULL, 204800, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f8a000
mmap2(0xb6f8a000, 131180, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED, 3, 0) = 0xb6f8a000
mmap2(0xb6fba000, 6272, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED, 3, 0x20000) = 0xb6fba000
close(3) = 0
munmap(0x40000, 7856) = 0
brk(NULL) = 0x1c1e000
uname({sysname="Linux", nodename="dm900", ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6f89000
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=33650, ...}) = 0
mmap2(NULL, 33650, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb6f80000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0(\0\1\0\0\0\314n\1\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1250960, ...}) = 0
mmap2(NULL, 1320304, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb6e3d000
mprotect(0xb6f6a000, 65536, PROT_NONE) = 0
mmap2(0xb6f7a000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x12d000) = 0xb6f7a000
mmap2(0xb6f7d000, 9584, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb6f7d000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb6e3c000
set_tls(0xb6e3c4c0, 0xb6e3cb98, 0xb6fbb050, 0xb6e3c4c0, 0xb6fbb050) = 0
--- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRALN, si_addr=0xbeb53d7c} ---
+++ killed by SIGBUS (core dumped) +++
Bus error (core dumped)Results of gdb:
root@dm900:/media/usb/building/upx# gdb test1.upx 1
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv7l-unknown-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from test1.upx...(no debugging symbols found)...done.
Attaching to program: /media/usb/building/upx/test1.upx, process 1
Reading symbols from /lib/libcap.so.2...(no debugging symbols found)...done.
Reading symbols from /lib/libattr.so.1...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libkmod.so.2...(no debugging symbols found)...done.
Reading symbols from /lib/libmount.so.1...(no debugging symbols found)...done.
Reading symbols from /lib/librt.so.1...Reading symbols from /lib/.debug/librt-2.23.so...done.
done.
Reading symbols from /lib/libgcc_s.so.1...Reading symbols from /lib/.debug/libgcc_s.so.1...done.
done.
Reading symbols from /lib/libpthread.so.0...Reading symbols from /lib/.debug/libpthread-2.23.so...done.
done.
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
Reading symbols from /lib/libc.so.6...Reading symbols from /lib/.debug/libc-2.23.so...done.
done.
Reading symbols from /lib/ld-linux-armhf.so.3...Reading symbols from /lib/.debug/ld-2.23.so...done.
done.
Reading symbols from /lib/libz.so.1...(no debugging symbols found)...done.
Reading symbols from /lib/libblkid.so.1...(no debugging symbols found)...done.
Reading symbols from /lib/libuuid.so.1...(no debugging symbols found)...done.
0xb6c709d8 in epoll_wait () at ../sysdeps/unix/syscall-template.S:84
84 T_PSEUDO (SYSCALL_SYMBOL, SYSCALL_NAME, SYSCALL_NARGS)
(gdb) info reg
r0 0xfffffffc 4294967292
r1 0xbebbfe58 3199991384
r2 0x3a 58
r3 0xffffffff 4294967295
r4 0xb77a64c0 3078251712
r5 0x1 1
r6 0xbebbfe58 3199991384
r7 0xfc 252
r8 0xffffffff 4294967295
r9 0xffffffff 4294967295
r10 0x4 4
r11 0xbebc02cc 3199992524
r12 0x0 0
sp 0xbebbfe48 0xbebbfe48
lr 0xb6e04850 -1226815408
pc 0xb6c709d8 0xb6c709d8 <epoll_wait+72>
cpsr 0x80000010 -2147483632
(gdb) x/9i $pc-4*4
0xb6c709c8 <epoll_wait+56>: mov r12, r0
0xb6c709cc <epoll_wait+60>: pop {r0, r1, r2, r3}
0xb6c709d0 <epoll_wait+64>: mov r7, #252 ; 0xfc
0xb6c709d4 <epoll_wait+68>: svc 0x00000000
=> 0xb6c709d8 <epoll_wait+72>: mov r7, r0
0xb6c709dc <epoll_wait+76>: mov r0, r12
0xb6c709e0 <epoll_wait+80>: bl 0xb6c7df20 <__libc_disable_asynccancel>
0xb6c709e4 <epoll_wait+84>: mov r0, r7
0xb6c709e8 <epoll_wait+88>: pop {lr} ; (ldr lr, [sp], #4)
(gdb) x/32x $sp
0xbebbfe48: 0xb6e4f498 0x0000003a 0xb77a6558 0xb78109d0
0xbebbfe58: 0x00000001 0x00000090 0xb77a7600 0x00000000
0xbebbfe68: 0xb7821c60 0xb6e340b8 0x00000000 0x00000000
0xbebbfe78: 0xbebbfe58 0x00000002 0x00000000 0x00000000
0xbebbfe88: 0x00000000 0x4591c200 0xb78212b8 0xb7821c60
0xbebbfe98: 0xb78109d0 0x00000000 0x00000000 0x00000001
0xbebbfea8: 0xb6e12ce8 0x00000000 0xbebc0000 0xb6e86094
0xbebbfeb8: 0x00000001 0x00000000 0x00000000 0x00000003
(gdb) info proc
process 1
cmdline = '/sbin/init'
cwd = '/'
exe = '/lib/systemd/systemd'
(gdb) shell cat /proc/1688/maps
00010000-00439000 r-xp 00000000 b3:0a 19163 /usr/bin/gdb
00448000-00455000 rw-p 00428000 b3:0a 19163 /usr/bin/gdb
00455000-00474000 rw-p 00000000 00:00 0
018c5000-01e5d000 rw-p 00000000 00:00 0 [heap]
b5cb2000-b5df5000 r--p 0068b000 b3:0a 496 /lib/.debug/libc-2.23.so
b5df5000-b5e19000 r--p 00636000 b3:0a 496 /lib/.debug/libc-2.23.so
b5e19000-b5e24000 r--p 000f1000 b3:0a 23129 /lib/.debug/libgcc_s.so.1
b5e24000-b5e3a000 r--p 00064000 b3:0a 613 /lib/.debug/ld-2.23.so
b5e3a000-b5e41000 r--p 0009e000 b3:0a 613 /lib/.debug/ld-2.23.so
b5e41000-b5e4c000 r--p 0005a000 b3:0a 613 /lib/.debug/ld-2.23.so
b5e4c000-b5ea7000 r--p 00000000 b3:0a 613 /lib/.debug/ld-2.23.so
b5ea7000-b5f0e000 rw-p 00000000 00:00 0
b5f0e000-b5f37000 r--p 007cd000 b3:0a 496 /lib/.debug/libc-2.23.so
b5f37000-b6062000 r--p 0050c000 b3:0a 496 /lib/.debug/libc-2.23.so
b6062000-b6105000 r--p 0046a000 b3:0a 496 /lib/.debug/libc-2.23.so
b6105000-b6564000 r--p 0000c000 b3:0a 496 /lib/.debug/libc-2.23.so
b6564000-b6616000 rw-p 00000000 00:00 0
b6617000-b664a000 r--p 00659000 b3:0a 496 /lib/.debug/libc-2.23.so
b664a000-b6692000 rw-p 00000000 00:00 0
b6692000-b6698000 r-xp 00000000 b3:0a 14703 /lib/libthread_db-1.0.so
b6698000-b66a7000 ---p 00006000 b3:0a 14703 /lib/libthread_db-1.0.so
b66a7000-b66a8000 r--p 00005000 b3:0a 14703 /lib/libthread_db-1.0.so
b66a8000-b66a9000 rw-p 00006000 b3:0a 14703 /lib/libthread_db-1.0.so
b66ab000-b66b2000 r--p 0007b000 b3:0a 613 /lib/.debug/ld-2.23.so
b66b2000-b66bc000 r--p 000cc000 b3:0a 663 /lib/.debug/libpthread-2.23.so
b66bc000-b66e5000 r--p 000a1000 b3:0a 663 /lib/.debug/libpthread-2.23.so
b66e5000-b66ea000 r--p 000ed000 b3:0a 663 /lib/.debug/libpthread-2.23.so
b66ea000-b6701000 r--p 0008b000 b3:0a 663 /lib/.debug/libpthread-2.23.so
b6701000-b678c000 r--p 00001000 b3:0a 663 /lib/.debug/libpthread-2.23.so
b678c000-b67c0000 rw-p 00000000 00:00 0
b67c0000-b67c7000 r--p 000fb000 b3:0a 23129 /lib/.debug/libgcc_s.so.1
b67c7000-b67f5000 r--p 000c4000 b3:0a 23129 /lib/.debug/libgcc_s.so.1
b67f5000-b6822000 r--p 00098000 b3:0a 23129 /lib/.debug/libgcc_s.so.1
b6822000-b68af000 r--p 0000c000 b3:0a 23129 /lib/.debug/libgcc_s.so.1
b68af000-b68f7000 rw-p 00000000 00:00 0
b68f7000-b6900000 r--p 00020000 b3:0a 528 /lib/.debug/librt-2.23.so
b6900000-b691d000 r--p 00000000 b3:0a 528 /lib/.debug/librt-2.23.so
b691d000-b6920000 r-xp 00000000 b3:0a 986 /usr/lib/python2.7/lib-dynload/_heapq.so
b6920000-b692f000 ---p 00003000 b3:0a 986 /usr/lib/python2.7/lib-dynload/_heapq.so
b692f000-b6931000 rw-p 00002000 b3:0a 986 /usr/lib/python2.7/lib-dynload/_heapq.so
b6931000-b6937000 r-xp 00000000 b3:0a 951 /usr/lib/python2.7/lib-dynload/operator.so
b6937000-b6946000 ---p 00006000 b3:0a 951 /usr/lib/python2.7/lib-dynload/operator.so
b6946000-b6948000 rw-p 00005000 b3:0a 951 /usr/lib/python2.7/lib-dynload/operator.so
b6948000-b694e000 r-xp 00000000 b3:0a 994 /usr/lib/python2.7/lib-dynload/_collections.so
b694e000-b695e000 ---p 00006000 b3:0a 994 /usr/lib/python2.7/lib-dynload/_collections.so
b695e000-b695f000 rw-p 00006000 b3:0a 994 /usr/lib/python2.7/lib-dynload/_collections.so
b695f000-b6968000 r-xp 00000000 b3:0a 959 /usr/lib/python2.7/lib-dynload/itertools.so
b6968000-b6978000 ---p 00009000 b3:0a 959 /usr/lib/python2.7/lib-dynload/itertools.so
b6978000-b697b000 rw-p 00009000 b3:0a 959 /usr/lib/python2.7/lib-dynload/itertools.so
b697b000-b69fb000 rw-p 00000000 00:00 0
b69fb000-b6a30000 r-xp 00000000 b3:0a 835 /usr/lib/libreadline.so.6.3
b6a30000-b6a40000 ---p 00035000 b3:0a 835 /usr/lib/libreadline.so.6.3
b6a40000-b6a44000 rw-p 00035000 b3:0a 835 /usr/lib/libreadline.so.6.3
b6a44000-b6a45000 rw-p 00000000 00:00 0
b6a45000-b6a49000 r-xp 00000000 b3:0a 993 /usr/lib/python2.7/lib-dynload/readline.so
b6a49000-b6a59000 ---p 00004000 b3:0a 993 /usr/lib/python2.7/lib-dynload/readline.so
b6a59000-b6a5a000 rw-p 00004000 b3:0a 993 /usr/lib/python2.7/lib-dynload/readline.so
b6a5a000-b6a5d000 r-xp 00000000 b3:0a 956 /usr/lib/python2.7/lib-dynload/_locale.so
b6a5d000-b6a6d000 ---p 00003000 b3:0a 956 /usr/lib/python2.7/lib-dynload/_locale.so
b6a6d000-b6a6e000 rw-p 00003000 b3:0a 956 /usr/lib/python2.7/lib-dynload/_locale.so
b6a6e000-b6b2e000 rw-p 00000000 00:00 0
b6b2e000-b6b4b000 r-xp 00000000 b3:0a 222 /lib/libgcc_s.so.1
b6b4b000-b6b5a000 ---p 0001d000 b3:0a 222 /lib/libgcc_s.so.1
b6b5a000-b6b5b000 rw-p 0001c000 b3:0a 222 /lib/libgcc_s.so.1
b6b5b000-b6c88000 r-xp 00000000 b3:0a 189 /lib/libc-2.23.so
b6c88000-b6c98000 ---p 0012d000 b3:0a 189 /lib/libc-2.23.so
b6c98000-b6c9a000 r--p 0012d000 b3:0a 189 /lib/libc-2.23.so
b6c9a000-b6c9b000 rw-p 0012f000 b3:0a 189 /lib/libc-2.23.so
b6c9b000-b6c9e000 rw-p 00000000 00:00 0
b6c9e000-b6cbe000 r-xp 00000000 b3:0a 727 /usr/lib/liblzma.so.5.2.2
b6cbe000-b6cbf000 rw-p 00020000 b3:0a 727 /usr/lib/liblzma.so.5.2.2
b6cbf000-b6cdf000 r-xp 00000000 b3:0a 841 /usr/lib/libexpat.so.1.6.0
b6cdf000-b6cee000 ---p 00020000 b3:0a 841 /usr/lib/libexpat.so.1.6.0
b6cee000-b6cf0000 rw-p 0001f000 b3:0a 841 /usr/lib/libexpat.so.1.6.0
b6cf0000-b6e43000 r-xp 00000000 b3:0a 605 /usr/lib/libpython2.7.so.1.0
b6e43000-b6e53000 ---p 00153000 b3:0a 605 /usr/lib/libpython2.7.so.1.0
b6e53000-b6e7f000 rw-p 00153000 b3:0a 605 /usr/lib/libpython2.7.so.1.0
b6e7f000-b6e88000 rw-p 00000000 00:00 0
b6e88000-b6ef6000 r-xp 00000000 b3:0a 219 /lib/libm-2.23.so
b6ef6000-b6f05000 ---p 0006e000 b3:0a 219 /lib/libm-2.23.so
b6f05000-b6f06000 r--p 0006d000 b3:0a 219 /lib/libm-2.23.so
b6f06000-b6f07000 rw-p 0006e000 b3:0a 219 /lib/libm-2.23.so
b6f07000-b6f09000 r-xp 00000000 b3:0a 215 /lib/libutil-2.23.so
b6f09000-b6f18000 ---p 00002000 b3:0a 215 /lib/libutil-2.23.so
b6f18000-b6f19000 r--p 00001000 b3:0a 215 /lib/libutil-2.23.so
b6f19000-b6f1a000 rw-p 00002000 b3:0a 215 /lib/libutil-2.23.so
b6f1a000-b6f30000 r-xp 00000000 b3:0a 235 /lib/libpthread-2.23.so
b6f30000-b6f3f000 ---p 00016000 b3:0a 235 /lib/libpthread-2.23.so
b6f3f000-b6f40000 r--p 00015000 b3:0a 235 /lib/libpthread-2.23.so
b6f40000-b6f41000 rw-p 00016000 b3:0a 235 /lib/libpthread-2.23.so
b6f41000-b6f43000 rw-p 00000000 00:00 0
b6f43000-b6f5f000 r-xp 00000000 b3:0a 210 /lib/libtinfo.so.5.9
b6f5f000-b6f6e000 ---p 0001c000 b3:0a 210 /lib/libtinfo.so.5.9
b6f6e000-b6f71000 rw-p 0001b000 b3:0a 210 /lib/libtinfo.so.5.9
b6f71000-b6f8e000 r-xp 00000000 b3:0a 209 /lib/libncurses.so.5.9
b6f8e000-b6f9d000 ---p 0001d000 b3:0a 209 /lib/libncurses.so.5.9
b6f9d000-b6f9e000 rw-p 0001c000 b3:0a 209 /lib/libncurses.so.5.9
b6f9e000-b6fa0000 r-xp 00000000 b3:0a 60 /lib/libdl-2.23.so
b6fa0000-b6faf000 ---p 00002000 b3:0a 60 /lib/libdl-2.23.so
b6faf000-b6fb0000 r--p 00001000 b3:0a 60 /lib/libdl-2.23.so
b6fb0000-b6fb1000 rw-p 00002000 b3:0a 60 /lib/libdl-2.23.so
b6fb1000-b6fd2000 r-xp 00000000 b3:0a 207 /lib/ld-2.23.so
b6fd3000-b6fd6000 rw-p 00000000 00:00 0
b6fda000-b6fdf000 r--p 0001c000 b3:0a 528 /lib/.debug/librt-2.23.so
b6fdf000-b6fe0000 rw-p 00000000 00:00 0
b6fe0000-b6fe1000 r-xp 00000000 00:00 0 [sigpage]
b6fe1000-b6fe2000 r--p 00020000 b3:0a 207 /lib/ld-2.23.so
b6fe2000-b6fe3000 rw-p 00021000 b3:0a 207 /lib/ld-2.23.so
bedde000-bedff000 rw-p 00000000 00:00 0 [stack]
ffff0000-ffff1000 r-xp 00000000 00:00 0 [vectors]
(gdb) quit
A debugging session is active.
Inferior 1 [process 1] will be detached.
Quit anyway? (y or n) y
Detaching from program: /media/usb/building/upx/test1.upx, process 1If I start the programm without paramter:
root@dm900:/media/usb/building/upx# gdb test1.upx
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv7l-unknown-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from test1.upx...(no debugging symbols found)...done.
(gdb) run
Starting program: /media/usb/building/upx/test1.upx
[Inferior 1 (process 1783) exited with code 02]
(gdb) info reg
The program has no registers now.
(gdb) quitHow can I find out the correct "PID", I used to discover "1688" which I used above:
root@dm900:~# ps axf | grep test1
1688 pts/0 S+ 0:00 \_ gdb test1.upx 1
1743 pts/1 S+ 0:00 \_ grep test1PS: uncompressed file works:
root@dm900:/media/usb/building/upx# ./test1
root@dm900:/media/usb/building/upx# ./test1 1Unfortunately the command
root@dm900:/media/usb/building/upx# gdb test1.upx 1says "use test1.upx as the program, and process 1 [the /sbin/init process] as the memory image". This is not what we want. Instead please use
$ gdb test1.upx ## only the program name here
(gdb) run 1 ## arguments herewhere the "command line parameters" are specified on the line for the 'run' command. This can be remembered as "the program being debugged remains the same, but the command-line parameters may change for each successive invocation of a 'run' command by the same instance of gdb."
mcpat-it
commented
7 years ago sorry, first time use of gdb, here the result:
root@dm900:/media/usb/building/upx# gdb test1.upx
GNU gdb (GDB) 7.12.1
Copyright (C) 2017 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "armv7l-unknown-linux-gnueabihf".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from test1.upx...(no debugging symbols found)...done.
(gdb) run 1
Starting program: /media/usb/building/upx/test1.upx 1
Program received signal SIGBUS, Bus error.
0xb6fd92fc in ?? ()
(gdb) info reg
r0 0xb6fcc650 3070019152
r1 0xb6fcc808 3070019592
r2 0xbeff7d7c 3204414844
r3 0xb6fbef88 3069964168
r4 0x0 0
r5 0xb6ffe568 3070223720
r6 0x1 1
r7 0xb6ffe000 3070222336
r8 0xb6ffdcf0 3070221552
r9 0x3 3
r10 0xb6fcc650 3070019152
r11 0xbeff7dc0 3204414912
r12 0xb6ffdce8 3070221544
sp 0xbeff7d04 0xbeff7d04
lr 0xb6fd0580 -1224931968
pc 0xb6fd92fc 0xb6fd92fc
cpsr 0xa0010010 -1610547184
(gdb) x/9i $pc-4*4
0xb6fd92ec: sub r2, r11, #68 ; 0x44
0xb6fd92f0: str r2, [r11, #-120] ; 0xffffff88
0xb6fd92f4: cmp r3, #0
0xb6fd92f8: vst1.8 {d16-d17}, [r2 :64]
=> 0xb6fd92fc: vstr d16, [r11, #-52] ; 0xffffffcc
0xb6fd9300: vstr d16, [r11, #-44] ; 0xffffffd4
0xb6fd9304: beq 0xb6fda0c4
0xb6fd9308: ldr r1, [r10, #104] ; 0x68
0xb6fd930c: ldr r2, [r10, #188] ; 0xbc
(gdb) x/32x $sp
0xbeff7d04: 0x00000000 0xb6ffe568 0x00000000 0xb6fdf03c
0xbeff7d14: 0xb6ffe568 0x00000001 0x00000000 0x00000000
0xbeff7d24: 0x00000000 0xb6ffdfb4 0x00000003 0x00000000
0xbeff7d34: 0xb6ffe050 0xb6e93650 0x00000000 0xb6ffe884
0xbeff7d44: 0x0000000c 0xbeff7d7c 0x00000000 0x00000001
0xbeff7d54: 0xb6e8c790 0x00000002 0x00000000 0x00000001
0xbeff7d64: 0xb6fcc808 0xb6ffe568 0x00000000 0x00000001
0xbeff7d74: 0x00000000 0x00001000 0x00000b90 0x0000000f
(gdb) info proc
process 18472
warning: target file /proc/18472/cmdline contained unexpected null characters
cmdline = '/media/usb/building/upx/test1.upx'
cwd = '/media/usb/building/upx'
exe = '/media/usb/building/upx/test1.upx'
(gdb) shell cat /proc/18472/maps
00010000-0001b000 r-xp 00000000 00:00 0
0002a000-0002b000 rwxp 00000000 00:00 0 [heap]
b6e7f000-b6e80000 rwxp 00000000 00:00 0
b6e80000-b6fad000 r-xp 00000000 b3:0a 189 /lib/libc-2.23.so
b6fad000-b6fbd000 ---p 0012d000 b3:0a 189 /lib/libc-2.23.so
b6fbd000-b6fc0000 rwxp 0012d000 b3:0a 189 /lib/libc-2.23.so
b6fc0000-b6fc3000 rwxp 00000000 00:00 0
b6fc3000-b6fcc000 r-xp 00000000 b3:0a 358 /etc/ld.so.cache
b6fcc000-b6fcd000 rwxp 00000000 00:00 0
b6fcd000-b6fee000 r-xp 00000000 b3:0a 207 /lib/ld-2.23.so
b6fee000-b6ffd000 ---p 00000000 00:00 0
b6ffd000-b6fff000 rwxp 00020000 b3:0a 207 /lib/ld-2.23.so
b6fff000-b7000000 r-xp 00000000 00:00 0 [sigpage]
bef77000-beff8000 rwxp 00000000 00:00 0 [stack:18472]
beff8000-beff9000 r-xp 00000000 08:01 679491 /media/usb/building/upx/test1.upx
beffa000-bf000000 rwxp 00000000 00:00 0
ffff0000-ffff1000 r-xp 00000000 00:00 0 [vectors]
(gdb) quit
A debugging session is active.
Inferior 1 [process 18472] will be killed.
Quit anyway? (y or n) y@pwallner Thank you for the gdb output. It identified the SIGBUS as a misalignment: storing a 8-byte vector register at an address that was aligned to 4 mod 8. Fixed by commit https://github.com/upx/upx/commit/483db31acd0a3319623068eeb0f170bd8a9c5ece on devel branch. I believe all three problems have been fixed: the reported length at decompression, lzma on 32-bit PowerPC, lzma on ARM.
mcpat-it
commented
7 years ago @jreiser Thank you! It seems to be solved (I checked most of the above files)!!!! File size is now correct! Great work!
What's the problem (or question)?
Compiled UPX from source, compressed program doesn't work anymore (>3.91)
What should have happened?
programm should work like compressed programms with my patched version 3.91 with latest lzma SDK
Do you have an idea for a solution?
Compiled upx 3.91 from source on the same way with latest lzma SDK, result is working program
As you can see, the file size (1712348) is correct during compression, with decompression the file size isn't correct (it shows 1715372, but in fact it is 1712348). But it works. You can see "linux/armel"
With UPX 3.92 (and 3.93):
Differences with 3.92/3.93 to version 3.91:
Bus error (core dumped)How can we reproduce the issue?
see steps above
Please tell us details about your environment.
upx --version): 3.93 (UCL data compr. lib 1.03, zlib data compr. lib 1.2.8, LZMA SDK version 4.43)