Some knowledge about vdso

As we can learn about linux gate or virtual dynamic shared object (VDSO) or linux-gate.so.1 or linux-vdso.so.1 by following page :
http://www.trilithium.com/johan/2005/08/linux-gate/
A lot of things explained in the above page, but when tried things, I faced some issues and solved as following :

1. Looking at ELF Auxiliary Vector
     --> One can see all the ELF Auxiliary vectors on say 'true' binary as :
              LD_SHOW_AUXV=1 /bin/true
          This will actually execute the binary, and will show its ELF Auxilliary vector values.
2. It states that
a shared object exposed by the kernel at a fixed address in every process’ memory
Unfortunately, its no longer the case. When I tried getting the maps of vdso a couple of times :
cat /proc/self/maps | grep vdso
I always got the different address

3. Getting vdso segment.
     As the above link says, dumping vdso can be done as :
Assuming the fixed mapping at 0xffffe000, the post tells you to use dd to extract the relevant information by accessing the process' pages through /proc/self/mem.
(Note that 0xffffe000/4096 = 1048574)

dd if=/proc/self/mem of=linux-gate.dso bs=4096 skip=1048574 count=1

but you will be surprised to get the following errors :
-- reading /proc/self/mem : I/O error
 And no output..
Well, the reason of this error is stated beautifully in the following link :
http://unix.stackexchange.com/questions/6301/how-do-i-read-from-proc-pid-mem-under-linux
A good point made here is :
" since the first page in a process is never mapped (so that dereferencing a NULL pointer fails cleanly rather than unintendedly accessing actual memory), reading the first byte of /proc/$pid/mem always yield an I/O error."

Now then how should we dump vdso.... I then googled around ... found out the following post facing and solved  the same issue I am facing :
http://anomit.com/2010/04/18/examining-the-linux-vdso/
He has actually created the following python script to get the vdso map of the current process, and seek to it in /proc/self/mem, and write down the required bytes to new file . Following is the script :
---------

#! /usr/bin/env python

from __future__ import with_statement
import re
import os

## regex pattern for finding out the memory address range from the output line
pattern = re.compile(r'[\w\d]+-[\w\d]+')

with open('/proc/self/maps', 'r') as file:
 for line in file:
  line = line.rstrip()
         if '[vdso]' in line:
   addr_range = pattern.findall(line)[0]
              start_addr, end_addr = [int(addr, 16) 
                                     for addr in addr_range.split('-')]
   break

file.close()
fd = os.open('/proc/self/mem', os.O_RDONLY)
os.lseek(fd, start_addr, os.SEEK_SET)
buf = os.read(fd, (end_addr-start_addr))
with open('linux-gate.dso.1', 'w') as file:
    file.write(buf)
    file.close()
os.close(fd)
------------------------

Another way to dump vdso, is to seek to address specified by ELF auxiliary vector AT_SYSINFO_EHDR, and dump 1 page (4096 bytes). Something like this :
-----------

#include 
#include 
#include 
#include 

static void *getsys(char **envp) 
{
   Elf64_auxv_t *auxv;
   
   /* walk past all env pointers */
   while (*envp++ != NULL);

   /* and find ELF auxiliary vectors (if this was an ELF binary) */
   auxv = (Elf64_auxv_t *) envp;
   
   for ( ; auxv->a_type != AT_NULL; auxv++)
     if (auxv->a_type == AT_SYSINFO_EHDR)
       return (void *)auxv->a_un.a_val;
   
   fprintf(stderr, "no AT_SYSINFO_EHDR auxv entry found\n");
   exit(1);
}

int main(int argc, char *argv[], char **envp)
{
   unsigned char buffer[4096];
   void *p;
   
   p=getsys(envp);
   fprintf(stderr, "AT_SYSINFO_EHDR at %p\n",p);
   memcpy(buffer, p, 4096);
   write(1, buffer, 4096);
}

What’s the Difference Between JPG, PNG, and GIF?

Came across this really crispy knowledgeable article about various types of image files :
http://www.howtogeek.com/howto/30941/whats-the-difference-between-jpg-png-and-gif/

ubuntu and debugging abilities

Today I came across following article by "KSplice" :
http://blog.ksplice.com/2010/06/attack-of-the-cosmic-rays/

Its a very nicely explained article for debugging a simple but ended in a complex problem.
There are lot of things to learn in the article -
First and foremost thing is .. Every single issue (big or small) has a reason, you just need to dig into the right direction.
- Ubuntu's work towards software debugging is going great. First time I have seen s/w management tools are helping so much in s/w debugging.
Do not ever ignore a small bit of details during debugging... It was just a bit flipping issue, but created a good amount of mess..

Aha! I just love systems programming/debugging and programmers ...

Nice piece of advice !!

Wise people say we should always keep our eyes and ears open... I have been trying to do that a lot.... And heard a very nice piece of advice, when I was walking down the road saw an old fellow met with a young chap who probably just joined a job :
"You should never come out of your student mode. Should never sleep without reading at least for half an hour"..
What a thought it was, and how true.. Very practical and applicable to everybody.
On the similar lines, and old thought is  -- "One should try to learn something daily" ..

Make a PDF book out of wikipedia

I always was thinking of getting such a feature from wikipedia.. And here it is now. You can actually save the wikipedia pages as a pdf book and use it offline :

The steps are very very simple :

1. Log in to your Wikipedia account and activate the beta interface.

2. Once the new version is active, start the book creator tool inside Wikipedia.

3. Now open any Wikipedia page that would like to include in your PDF book and click the “Add this page to your book” link. Repeat this step until all the page have been added to the print basket.

4. Once you are done collecting Wikipedia articles, click “Show Book”, give it a title and hit the download button to save your book as PDF.

All PDF books created with Wikipedia are available under the Creative Commons License. And if you have no plans of printing Wikipedia pages, you may still use this trick to quickly download multiple pages from the world’s largest encyclopedia and read them offline on your mobile phone or your iPad.


Well, once you are at it, you can browse through your favourite pages, which wikipedia will find for you, and add them as you want and form your own book (the way you like it)... 


I am sure people are going to luv this feature..

Reversing the roles...

This is one of the most memorable and fun moment I had with my son...
Today when I was just lying near my kid who was eating Papad. Suddenly he started making very small pieces of papad and started putting on my mouth. It was exactly the same thing I used to do with him. The fun just started. Suddenly I thought of something, and started behaving exactly as he used to do, ie. started nagging about asking something and this and that and messing up things .. Then he started saying me "no no no" and waving his finger.. It was exactly the same way I do with him... Ufff.. what a fun!
   I am amazed to see the kind of memory these kids have..

Running ubuntu on VirtualBox

Thanks to one of my colleague, we got a very simple steps to install and run Ubuntu on virtual-box. This way one doesn't need to do a lot of jugglery to play with Linux system, be it kernel space programming or satisfying just simple Linux needs.
The benefits of running Ubuntu or any OS for that matter on virtual-box/vmWare or any other visualization equivalent are many. To name a few -
1. You can simultaneously access your windows box for using windows apps. Hence get most of both Unix and windows world.
2. No need to burn the CD to install ubuntu.
3. No need to worry about partitioning thingy (primary/secondary or extended or blah blah)
4. No mess up with MBR which gets rewritten when you install another OS.
5. It becomes very handy for showing software demo in linux, while parallely running much-tested-still-buggy MS solutions.
===================================================
I am yet to explore a few things on such a linux installation :
- Run a customized kernel.
- KERNEL Debugging ;)
- How would I access the files in windows drives ? [Solved: Explained after the installation part]
- Though I checked the sound which works, but I need to see if I can play a movie also, I dont
think there should be an issue, but just for completeness ;).
- I did try installing a couple of kernel modules and doing some stupid playing, and it worked
flawlessly till now.
===================================================

So here are the steps :

Prerequisites:

Will help if the machine has:

• a processor with at least two cores
• two-four Gb RAM
• minimum of 40 Gb disk space (you can do with 20 - 30 too)

Since the guest uses networking etc from the host, you should not face installation issues.

Install VirtualBox

Head over to http://www.virtualbox.org, go to the Downloads sections and download/install VirtualBox for windows hosts. Once the install finishes you are ready to run Virtualbox and install your guest OS.

Once installed, run Virtualbox as Start->Programs->Sun Virtualbox->Virtualbox.

By default, Virtualbox will come up with no machines installed. And the only icon enabled will be the "New" icon in the pane on the left side of the UI.

Create Virtual Machine

Why use Ubuntu instead of the official supported RHEL? Well, Ubuntu is far simpler to install and beautiful, easier to run. Besides, virtuoso built on RHEL 4 works fine with Ubuntu 9.10. We will use the 32 bit version of the Ubuntu 9.10 here.

Let's create the machine.

• Click New and follow the Wizard.

• VM Name and OS Type page:

Name: Ubuntu_9_10
 OS Type
   Operating System: Linux
   Version: Ubuntu

• Memory page:

Allocate half your RAM (or what you think you will need to run the virtual
 machine + your software).

• Virtual Hard Disk page

Select Create new hard disk in Boot Hard Disk
 Alternatively, if you have an image created by somebody else
 (eg Tapan), select Use existing hard disk and browse/select that image.

• Hard Disk Storage Type page

Select Dynamically expanding storage, it is the default anyways.

• Virtual Disk Location and Size page

Here, browse and select the location of the hard disk image. For
 example, if D: has the requisite space, select D:\Ubuntu_9_10.vdi

• At the end, you will be shown a Summary page.

Click Finish and the virtual machine will be created.

Install Ubuntu

Download latest ubuntu ISO image from http://www.ubuntu.com/getubuntu/download 

Put this image somewhere on your windows hard drives.

Right click the virtual machine you just created and select Settings.

Click Storage in left pane.

On the right, a Storage page appears.

Select the CD image from the Storage Tree tree. The CD/DVD Device on the extreme right should be Empty.

Select the Browse folder icon.

In the Virtual Media Manager, navigate to the CD/DVD Images tab and click Add toolbar icon.

Browse to the Ubuntu iso and select it.

OK all the dialogs until you are back to the main UI.

Start the machine.

At this point, you will boot into normal Ubuntu.

Install the OS.

This includes installation and creation of a user. If you choose to create a user name same as your cadence login, be sure to edit the user info and match the uid/gid (after the OS is installed and you are running it).

Note: You always sudo in ubuntu. There's no root user by default.

Bring the OS up-to-date

Few useful commands are :

apt-get update

apt-get dist-upgrade

apt-get install

You will also need a couple of utilities.

$ sudo apt-get install gawk ksh
$ cd /bin
$ sudo ln -s /usr/bin/awk .

Run ubuntu on full screen 

Once you have ubuntu running, you need to use the "Install guest addition.." option under the device menu to install the proper drivers on the guest and reboot the guest. Then do a Host+F and resize your guest using the "Display properties" to the res you like.


Share Windows drive to guest OS ie. ubuntu

0. Suppose you want to add "C:\shared" as the shared folder to your ubuntu.
1. Add folder(s) to shared folder menu.
       In ubuntu, Devices->shared folder      add the shared folder name of the windows folder.
     Caution : 1. It should be the folder name, and not the drive only... as probably you cant share the complete drive.
        2. Have a different name than the shared folder name, otherwise you will get protocol error.


       Give "C:\shared" for windows shared folder, and give "my_share" in name box.


2. In ubuntu terminal :
       mkdir /mnt/windowsShare
       mount.vboxsf my_share /mnt/windowsShare
And you are done.

Running through creating tiny ELF executables. ...

Came across these two wonderful posts mentioning about libc/gcc/linker and lot of interesting stuff . ....

http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html

http://blog.ksplice.com/2010/03/libc-free-world/

These are worth reading for any programmer or system programmers at the least.

Hooking a syscall in linux >2.6.24 kernel..

Just got hold of this while following some questions around.

It seems sometime since linux 2.6.24, the system call table in linux is been made read only, and one can not simply hook the system call table, just by loading the module. He will either have to recompile the whole kernel with the hook, or do the following

(Well, before that, in 2.6 kernel sys_call_table is no longer exported, so getting the address at run time is again another issue. Well, one can look at /boot/System.map file and find out the address of the system call, better to verify this address though)

So, since 2.6.24, following module will give kernel Ooops :

#include 
#include 
#include 
#include 

void **sys_call_table;

asmlinkage int (*original_call) (const char*, int, int);

asmlinkage int our_sys_open(const char* file, int flags, int mode)
{
   printk("A file was opened\n");
   return original_call(file, flags, mode);
}

int init_module()
{
    // sys_call_table address in System.map
    sys_call_table = (void*)0xc061e4e0;
    original_call = sys_call_table[__NR_open];

    // Hook: Crashes here
    sys_call_table[__NR_open] = our_sys_open;
}

void cleanup_module()
{
   // Restore the original call
   sys_call_table[__NR_open] = original_call;
}

The reason is same, the syscall table is read only. So either rebuild the whole kernel (bad option for regular dev.), or make the memory writable as following (Credit to somebody else, I am just copying their code ;)) :

#include 
#ifdef KERN_2_6_24
#include 
int set_page_rw(long unsigned int _addr)
{
    struct page *pg;
    pgprot_t prot;
    pg = virt_to_page(_addr);
    prot.pgprot = VM_READ | VM_WRITE;
    return change_page_attr(pg, 1, prot);
}

int set_page_ro(long unsigned int _addr)
{
    struct page *pg;
    pgprot_t prot;
    pg = virt_to_page(_addr);
    prot.pgprot = VM_READ;
    return change_page_attr(pg, 1, prot);
}

#else
#include 
int set_page_rw(long unsigned int _addr)
{
    return set_memory_rw(_addr, 1);
}

int set_page_ro(long unsigned int _addr)
{
    return set_memory_ro(_addr, 1);
}

Now Modify your code as :

void **sys_call_table;

asmlinkage int (*original_call) (const char*, int, int);

asmlinkage int our_sys_open(const char* file, int flags, int mode)
{
   printk("A file was opened\n");
   return original_call(file, flags, mode);
}

int init_module()
{
    // sys_call_table address in System.map
    sys_call_table = (void*)0xc061e4e0;
    original_call = sys_call_table[__NR_open];

    set_page_rw(sys_call_table);
    sys_call_table[__NR_open] = our_sys_open;

    set_page_ro(sys_call_table);
}

void cleanup_module()
{
   // Restore the original call

   set_page_rw(sys_call_table);
   sys_call_table[__NR_open] = original_call;

   set_page_ro(sys_call_table);
}