Multi-thread application hangs in printf? - c
I have a multi-thread windows console application. In the application, some threads' priority are set to THREAD_PRIORITY_LOWEST (-2) and the rest are set to THREAD_PRIORITY_NORMAL (0). Sometimes, the application hangs when outputting logs to console. I use Windbg to debug the application and found the hang was caused by the printf fucntion in C run-time library, as shown below. The thread 0 ,1 and 2 have priority 0 and the others have priority -2. Thread 2 is the main startup thread and the thread 1 is created by Symantec Endpoint Protection (UMEngx86.dll).
0:015> !locks
CritSec MSVCR120D!lclcritsects+120 at 0f3ead80
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread 2fe8
EntryCount 0
ContentionCount 0
*** Locked
CritSec MSVCR120D!lclcritsects + 138 at 0f3ead98
WaiterWoken No
LockCount 1
RecursionCount 1
OwningThread 21c4
EntryCount 0
ContentionCount 6
* ** Locked
CritSec + 435da4 at 00435da4
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread 2fe8
EntryCount 0
ContentionCount 0
* ** Locked
CritSec + 435de4 at 00435de4
WaiterWoken No
LockCount 0
RecursionCount 1
OwningThread 21c4
EntryCount 0
ContentionCount 0
* ** Locked
Scanned 186 critical sections
0:015> !cs 0f3ead98
-----------------------------------------
Critical section = 0x0f3ead98 (MSVCR120D!lclcritsects+0x138)
DebugInfo = 0x00439878
LOCKED
LockCount = 0x1
WaiterWoken = No
OwningThread = 0x000021c4
RecursionCount = 0x1
LockSemaphore = 0xA4
SpinCount = 0x00000fa0
0:015> ~* kb
0 Id: 2af8.e9c Suspend: 1 Teb: 7efdd000 Unfrozen
ChildEBP RetAddr Args to Child
002bf460 74e715ce 0000004c 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
002bf4cc 76631194 0000004c ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
002bf4e4 76631148 0000004c ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
002bf4f8 011c533d 0000004c ffffffff 002bf6a8
kernel32!WaitForSingleObject+0x12
002bf5d4 011c024a 002bf6ac 002bf6b0 7efde000
demo_threadx!_tx_thread_schedule+0x16d [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_schedule.c # 180]
002bf6a8 010e10ee 002bf850 00000000 7efde000
demo_threadx!_tx_initialize_kernel_enter+0x6a [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_initialize_kernel_enter.c
# 186]
002bf77c 010e1023 00000000 00000000 7efde000 demo_threadx!optimus_main+0xae
[c:\cc-views\optimus_r11_ti\optimus\src\sys\main_os.c # 218]
002bf850 011b87c9 00000001 00437c78 00438c40 demo_threadx!main+0x23 [c:\cc-
views\optimus_r11_ti\optimus\src\win32\demo_optimus.c # 67]
002bf8a0 011b890d 002bf8b4 7663336a 7efde000
demo_threadx!__tmainCRTStartup+0x199
[f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c # 626]
002bf8a8 7663336a 7efde000 002bf8f4 77269902 demo_threadx!mainCRTStartup+0xd
[f:\dd\vctools\crt\crtw32\dllstuff\crtexe.c # 466]
002bf8b4 77269902 7efde000 6218bd9d 00000000
kernel32!BaseThreadInitThunk+0xe
002bf8f4 772698d5 011b8900 7efde000 00000000 ntdll!__RtlUserThreadStart+0x70
002bf90c 00000000 011b8900 7efde000 00000000 ntdll!_RtlUserThreadStart+0x1b
1 Id: 2af8.2934 Suspend: 1 Teb: 7efda000 Unfrozen
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
00b0f7e8 7663336a 00130000 00b0f834 77269902 0x903a3
00b0f7f4 77269902 00130000 6283bd5d 00000000
kernel32!BaseThreadInitThunk+0xe
00b0f834 772698d5 00130064 00130000 00000000 ntdll!__RtlUserThreadStart+0x70
00b0f84c 00000000 00130064 00130000 00000000 ntdll!_RtlUserThreadStart+0x1b
2 Id: 2af8.2e44 Suspend: 1 Teb: 7efd7000 Unfrozen
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
00e0f5fc 69663fd2 80006043 00e0f640 00000010 0x90154
00e0f674 696640d5 69665ef3 00e0f6e0 00e0f6d4 UMEngx86+0x3fd2
00e0f6d8 74e73c8f 00000068 00e0f6f0 00e0f7cc UMEngx86+0x40d5
00e0f6e8 011c7609 00000068 00e0f8a0 00e0f7d4 KERNELBASE!SuspendThread+0x12
00e0f7cc 011c4c2d 00000000 00000000 00437d08
demo_threadx!_tx_thread_context_save+0x79 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_context_save.c #
133]
00e0f8a0 0f2a3651 00000000 164b464c 00000000
demo_threadx!_tx_win32_timer_interrupt+0x3d [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_initialize_low_level.c #
439]
00e0f8dc 0f2a3861 00475d00 00e0f8f4 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
00e0f8e8 7663336a 00475d00 00e0f934 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
00e0f8f4 77269902 00437d08 62d3bc5d 00000000
kernel32!BaseThreadInitThunk+0xe
00e0f934 772698d5 0f2a37b0 00437d08 00000000 ntdll!__RtlUserThreadStart+0x70
00e0f94c 00000000 0f2a37b0 00437d08 00000000 ntdll!_RtlUserThreadStart+0x1b
3 Id: 2af8.2fe8 Suspend: 1 Teb: 7efaf000 Unfrozen
ChildEBP RetAddr Args to Child
00c9f3ac 766d7b49 00000003 0f3ec700 00001000
kernel32!ReadConsoleInternal+0x15
00c9f434 7665f1f2 00000003 0f3ec700 00001000 kernel32!ReadConsoleA+0x40
00c9f47c 0f370cad 00000003 0f3ec700 00001000
kernel32!ReadFileImplementation+0x75
00c9f530 0f370473 00000000 0f3ec700 00001000 MSVCR120D!_read_nolock+0x7bd
[f:\dd\vctools\crt\crtw32\lowio\read.c # 256]
00c9f588 0f2b62f6 00000000 0f3ec700 00001000 MSVCR120D!_read+0x253
[f:\dd\vctools\crt\crtw32\lowio\read.c # 92]
00c9f5b8 0f32aef9 0f3e72f0 00000000 ffffffff MSVCR120D!_filbuf+0x126
[f:\dd\vctools\crt\crtw32\stdio\_filbuf.c # 158]
00c9f5cc 0f32cc3a 0f3e72f0 00000064 00c9f864 MSVCR120D!_inc+0x49
[f:\dd\vctools\crt\crtw32\stdio\input.c # 1421]
00c9f5dc 0f32b67e 00c9f6d4 0f3e72f0 00c9f5f8 MSVCR120D!_whiteout+0x1a
[f:\dd\vctools\crt\crtw32\stdio\input.c # 1438]
00c9f864 0f2bdb7d 0f3e72f0 011c83b9 00000000 MSVCR120D!_input_l+0x76e
[f:\dd\vctools\crt\crtw32\stdio\input.c # 609]
00c9f8b0 0f2bda2e 0f32af10 011c83b8 00000000 MSVCR120D!vscanf_fn+0xed
[f:\dd\vctools\crt\crtw32\stdio\scanf.c # 54]
00c9f8cc 010e11af 011c83b8 00c9f9bc 00000000 MSVCR120D!scanf+0x1e
[f:\dd\vctools\crt\crtw32\stdio\scanf.c # 88]
00c9f9d0 0f2a3651 00000000 1662449c 00000000
demo_threadx!thread_user_input+0x9f [c:\cc-
views\optimus_r11_ti\optimus\src\sys\main_os.c # 541]
00c9fa0c 0f2a3861 00475918 00c9fa24 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
00c9fa18 7663336a 00475918 00c9fa64 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
00c9fa24 77269902 004380f0 62fabf0d 00000000
kernel32!BaseThreadInitThunk+0xe
00c9fa64 772698d5 0f2a37b0 004380f0 00000000 ntdll!__RtlUserThreadStart+0x70
00c9fa7c 00000000 0f2a37b0 004380f0 00000000 ntdll!_RtlUserThreadStart+0x1b
4 Id: 2af8.2d84 Suspend: 1 Teb: 7efac000 Unfrozen
ChildEBP RetAddr Args to Child
0102f1e8 74e715ce 0000005c 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
0102f254 76631194 0000005c ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
0102f26c 76631148 0000005c ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
0102f280 011c67a8 0000005c ffffffff 0102f4f0
kernel32!WaitForSingleObject+0x12
0102f3a4 011c5a65 0102f634 0102f4fc 004384d8
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
0102f4f0 011c79ec 01230580 0102f730 0102f640
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
0102f634 011c5ee2 4154494d 0102f810 0102f738
demo_threadx!_tx_timer_thread_entry+0x23c [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_timer_thread_entry.c #
496]
0102f730 011c6121 00000000 00000000 004384d8
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
0102f810 0f2a3651 01230580 17a946dc 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
0102f84c 0f2a3861 004725e0 0102f864 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
0102f858 7663336a 004725e0 0102f8a4 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
0102f864 77269902 004384d8 6331bdcd 00000000
kernel32!BaseThreadInitThunk+0xe
0102f8a4 772698d5 0f2a37b0 004384d8 00000000 ntdll!__RtlUserThreadStart+0x70
0102f8bc 00000000 0f2a37b0 004384d8 00000000 ntdll!_RtlUserThreadStart+0x1b
5 Id: 2af8.2e18 Suspend: 1 Teb: 7efa9000 Unfrozen
ChildEBP RetAddr Args to Child
013df4e4 74e715ce 00000064 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
013df550 76631194 00000064 ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
013df568 76631148 00000064 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
013df57c 011c67a8 00000064 ffffffff 013df7ec
kernel32!WaitForSingleObject+0x12
013df6a0 011c5a65 013df954 013df970 00471fe8
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
013df7ec 011c0de5 01262e20 013dfa4c 013df970
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
013df954 010e5b54 01262a80 00000018 00000001
demo_threadx!_tx_event_flags_get+0x205 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_event_flags_get.c # 402]
013dfa4c 011c5ee2 00000000 013dfc28 013dfb50 demo_threadx!ERR_Task+0x64
[c:\cc-views\optimus_r11_ti\optimus\src\err\errmanager.c # 482]
013dfb48 011c6121 00000000 00000000 00471fe8
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
013dfc28 0f2a3651 01262e20 179642f4 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
013dfc64 0f2a3861 004729c8 013dfc7c 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
013dfc70 7663336a 004729c8 013dfcbc 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
013dfc7c 77269902 00471fe8 630eb9d5 00000000
kernel32!BaseThreadInitThunk+0xe
013dfcbc 772698d5 0f2a37b0 00471fe8 00000000 ntdll!__RtlUserThreadStart+0x70
013dfcd4 00000000 0f2a37b0 00471fe8 00000000 ntdll!_RtlUserThreadStart+0x1b
6 Id: 2af8.1b28 Suspend: 1 Teb: 7efa6000 Unfrozen
ChildEBP RetAddr Args to Child
0167f028 7727ebae 000000a4 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
0167f08c 7727ea92 00000000 00000000 00471fe8
ntdll!RtlpWaitOnCriticalSection+0x13e
0167f0b4 0f29f4db 0f3ead98 0167f0cc 0f2b68a5
ntdll!RtlEnterCriticalSection+0x150
0167f0c0 0f2b68a5 00000011 0167f118 0f2bcf3d MSVCR120D!_lock+0x3b
[f:\dd\vctools\crt\crtw32\startup\mlock.c # 341]
0167f0cc 0f2bcf3d 00000001 0f3e7310 17cc4f88 MSVCR120D!_lock_file2+0x15
[f:\dd\vctools\crt\crtw32\stdio\_file.c # 256]
0167f118 01160eda 011d2968 0167f2d0 0167f3c8 MSVCR120D!printf+0xcd
[f:\dd\vctools\crt\crtw32\stdio\printf.c # 58]
0167f1f4 01134cb8 012396c0 0167f3b4 0167f3c8
demo_threadx!dsysIsaProcessNewMode+0x4aa [c:\cc-
views\optimus_r11_ti\optimus\src\isa\isasys\dsys0isa.c # 386]
0167f2d0 011344a5 0167f4e8 0167f3c8 00471fe8
demo_threadx!kerHookNoCycExec+0x28 [c:\cc-
views\optimus_r11_ti\optimus\src\isa\isasys\dsys0uhk.c # 460]
0167f3b4 01120ebb 0167f4a7 0167f4b3 0167f4bc
demo_threadx!kerHookBegScan+0x195 [c:\cc-
views\optimus_r11_ti\optimus\src\isa\isasys\dsys0uhk.c # 617]
0167f4e8 010e5e2e 00000000 00000000 0167f6c0 demo_threadx!dkerMain+0x1db
[c:\cc-views\optimus_r11_ti\optimus\src\isa\isaker\dker0mai.c # 1087]
0167f5c4 011c5ee2 00000000 0167f7a0 0167f6c8 demo_threadx!ISA_Task+0x5e
[c:\cc-views\optimus_r11_ti\optimus\src\isa\isamanager.c # 192]
0167f6c0 011c6121 00000000 00000000 00471fe8
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
0167f7a0 0f2a3651 01263078 17cc494c 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
0167f7dc 0f2a3861 00473198 0167f7f4 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
0167f7e8 7663336a 00473198 0167f834 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
0167f7f4 77269902 00471fe8 6354bd5d 00000000
kernel32!BaseThreadInitThunk+0xe
0167f834 772698d5 0f2a37b0 00471fe8 00000000 ntdll!__RtlUserThreadStart+0x70
0167f84c 00000000 0f2a37b0 00471fe8 00000000 ntdll!_RtlUserThreadStart+0x1b
7 Id: 2af8.2f74 Suspend: 1 Teb: 7efa3000 Unfrozen
ChildEBP RetAddr Args to Child
0187f6c0 74e715ce 00000074 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
0187f72c 76631194 00000074 ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
0187f744 76631148 00000074 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
0187f758 011c67a8 00000074 ffffffff 0187f9c8
kernel32!WaitForSingleObject+0x12
0187f87c 011c5a65 0187fb30 0187fb4c 00472db0
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
0187f9c8 011c0de5 01262bc8 0187fc24 0187fb4c
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
0187fb30 010e396a 011d7688 00000005 00000001
demo_threadx!_tx_event_flags_get+0x205 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_event_flags_get.c # 402]
0187fc24 011c5ee2 00446ba0 0187fe00 0187fd28 demo_threadx!COM_Task+0xba
[c:\cc-views\optimus_r11_ti\optimus\src\com\commanager.c # 1677]
0187fd20 011c6121 00000000 00000000 00472db0
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
0187fe00 0f2a3651 01262bc8 172c40ac 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
0187fe3c 0f2a3861 00473790 0187fe54 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
0187fe48 7663336a 00473790 0187fe94 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
0187fe54 77269902 00472db0 63b4bbfd 00000000
kernel32!BaseThreadInitThunk+0xe
0187fe94 772698d5 0f2a37b0 00472db0 00000000 ntdll!__RtlUserThreadStart+0x70
0187feac 00000000 0f2a37b0 00472db0 00000000 ntdll!_RtlUserThreadStart+0x1b
8 Id: 2af8.1edc Suspend: 1 Teb: 7efa0000 Unfrozen
ChildEBP RetAddr Args to Child
01a7f280 74e715ce 0000007c 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
01a7f2ec 76631194 0000007c ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
01a7f304 76631148 0000007c ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
01a7f318 011c67a8 0000007c ffffffff 01a7f588
kernel32!WaitForSingleObject+0x12
01a7f43c 011c5a65 01a7f6f0 01a7f70c 00471fe8
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
01a7f588 011c0de5 01262c90 01a7f7e4 01a7f70c
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
01a7f6f0 010e4338 011d76b0 00000001 00000003
demo_threadx!_tx_event_flags_get+0x205 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_event_flags_get.c # 402]
01a7f7e4 011c5ee2 0044a3a8 01a7f9c0 01a7f8e8 demo_threadx!COM_TimerTask+0x98
[c:\cc-views\optimus_r11_ti\optimus\src\com\commanager.c # 1739]
01a7f8e0 011c6121 00000000 00000000 00471fe8
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
01a7f9c0 0f2a3651 01262c90 170c476c 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
01a7f9fc 0f2a3861 00473b78 01a7fa14 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
01a7fa08 7663336a 00473b78 01a7fa54 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
01a7fa14 77269902 00471fe8 6394bf3d 00000000
kernel32!BaseThreadInitThunk+0xe
01a7fa54 772698d5 0f2a37b0 00471fe8 00000000 ntdll!__RtlUserThreadStart+0x70
01a7fa6c 00000000 0f2a37b0 00471fe8 00000000 ntdll!_RtlUserThreadStart+0x1b
9 Id: 2af8.29c8 Suspend: 1 Teb: 7ef9d000 Unfrozen
ChildEBP RetAddr Args to Child
014ef6a8 74e715ce 00000084 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
014ef714 76631194 00000084 ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
014ef72c 76631148 00000084 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
014ef740 011c67a8 00000084 ffffffff 014ef9b0
kernel32!WaitForSingleObject+0x12
014ef864 011c5a65 014efaf4 014efb08 00471fe8
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
014ef9b0 011c261b 01262d58 014efbf4 014efb08
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
014efaf4 010e6077 011d76f0 014efbd8 ffffffff
demo_threadx!_tx_queue_receive+0x4db [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_queue_receive.c # 499]
014efbf4 011c5ee2 0044adb0 014efdd0 014efcf8
demo_threadx!ComDeferred_Task+0x97 [c:\cc-
views\optimus_r11_ti\optimus\src\com\cip\cipapp.c # 90]
014efcf0 011c6121 00000000 00000000 00471fe8
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
014efdd0 0f2a3651 01262d58 17e5409c 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
014efe0c 0f2a3861 00474170 014efe24 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
014efe18 7663336a 00474170 014efe64 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
014efe24 77269902 00471fe8 637dbb0d 00000000
kernel32!BaseThreadInitThunk+0xe
014efe64 772698d5 0f2a37b0 00471fe8 00000000 ntdll!__RtlUserThreadStart+0x70
014efe7c 00000000 0f2a37b0 00471fe8 00000000 ntdll!_RtlUserThreadStart+0x1b
10 Id: 2af8.21c4 Suspend: 2 Teb: 7ef9a000 Unfrozen
ChildEBP RetAddr Args to Child
01bbb8f0 76631314 00000007 01bbcdc8 00000002
kernel32!WriteConsoleInternal+0x15
01bbb90c 766312f5 00000007 01bbcdc8 00000002 kernel32!WriteConsoleA+0x18
01bbb928 0f37234c 00000007 01bbcdc8 00000002
kernel32!WriteFileImplementation+0x6f
01bbf5d8 0f3719bc 00000001 01bbf660 00000001 MSVCR120D!_write_nolock+0x90c
[f:\dd\vctools\crt\crtw32\lowio\write.c # 334]
01bbf628 0f2b6c12 00000001 01bbf660 00000001 MSVCR120D!_write+0x1cc
[f:\dd\vctools\crt\crtw32\lowio\write.c # 73]
01bbf658 0f330718 0000000a 0f3e7310 01bbf9bc MSVCR120D!_flsbuf+0x2a2
[f:\dd\vctools\crt\crtw32\stdio\_flsbuf.c # 188]
01bbf670 0f32f54a 0000000a 0f3e7310 01bbf798 MSVCR120D!write_char+0x78
[f:\dd\vctools\crt\crtw32\stdio\output.c # 2430]
01bbf9bc 0f2bcf81 0f3e7310 011c86d4 00000000 MSVCR120D!_output_l+0x57a
[f:\dd\vctools\crt\crtw32\stdio\output.c # 1166]
01bbfa10 010e24e4 011c86ac fffffffe 01bbfc00 MSVCR120D!printf+0x111
[f:\dd\vctools\crt\crtw32\stdio\printf.c # 62]
01bbfb04 011c5ee2 0044e1b8 01bbfce0 01bbfc08 demo_threadx!SYS_Task+0x74
[c:\cc-views\optimus_r11_ti\optimus\src\sys\sysmanager.c # 1501]
01bbfc00 011c6121 00000000 00000000 00474558
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
01bbfce0 0f2a3651 01262b00 1710438c 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
01bbfd1c 0f2a3861 00474b50 01bbfd34 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
01bbfd28 7663336a 00474b50 01bbfd74 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
01bbfd34 77269902 00474558 6388b81d 00000000
kernel32!BaseThreadInitThunk+0xe
01bbfd74 772698d5 0f2a37b0 00474558 00000000 ntdll!__RtlUserThreadStart+0x70
01bbfd8c 00000000 0f2a37b0 00474558 00000000 ntdll!_RtlUserThreadStart+0x1b
11 Id: 2af8.296c Suspend: 1 Teb: 7ef97000 Unfrozen
ChildEBP RetAddr Args to Child
01d0f4f8 74e715ce 00000094 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
01d0f564 76631194 00000094 ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
01d0f57c 76631148 00000094 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
01d0f590 011c67a8 00000094 ffffffff 01d0f800
kernel32!WaitForSingleObject+0x12
01d0f6b4 011c5a65 01d0f8fc 01d0f9e0 00471fe8
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
01d0f800 011c3e12 01263398 01d0f9d4 01d0f9e0
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
01d0f8fc 010e7dbf 0000000a 01d0fad0 01d0f9e0
demo_threadx!_tx_thread_sleep+0xf2 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_sleep.c # 215]
01d0f9d4 011c5ee2 004521c0 01d0fbb0 01d0fad8
demo_threadx!win_ethernet_task_entry+0x3f [c:\cc-
views\optimus_r11_ti\optimus\src\com\ethernet\enroottask.c # 2414]
01d0fad0 011c6121 00000000 00000000 00471fe8
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
01d0fbb0 0f2a3651 01263398 177b457c 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
01d0fbec 0f2a3861 00475148 01d0fc04 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
01d0fbf8 7663336a 00475148 01d0fc44 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
01d0fc04 77269902 00471fe8 63e3b92d 00000000
kernel32!BaseThreadInitThunk+0xe
01d0fc44 772698d5 0f2a37b0 00471fe8 00000000 ntdll!__RtlUserThreadStart+0x70
01d0fc5c 00000000 0f2a37b0 00471fe8 00000000 ntdll!_RtlUserThreadStart+0x1b
12 Id: 2af8.29d8 Suspend: 1 Teb: 7ef94000 Unfrozen
ChildEBP RetAddr Args to Child
01f6f3f8 74e715ce 0000009c 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
01f6f464 76631194 0000009c ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
01f6f47c 76631148 0000009c ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
01f6f490 011c67a8 0000009c ffffffff 01f6f700
kernel32!WaitForSingleObject+0x12
01f6f5b4 011c5a65 01f6f868 01f6fb70 00474558
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
01f6f700 011c0de5 01263208 01f6f95c 01f6fb70
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
01f6f868 010e6d19 012629a0 00000001 00000003
demo_threadx!_tx_event_flags_get+0x205 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_event_flags_get.c # 402]
01f6f95c 01122943 01f6fb64 01f6fb70 00474558
demo_threadx!ENroot_Event_GetEndOfScan_Event+0x39 [c:\cc-
views\optimus_r11_ti\optimus\src\com\ethernet\enroottask.c # 2378]
01f6fa30 010e7938 01262800 01f6fc60 01f6fb70
demo_threadx!EN_Start_EthernetApplication+0x23 [c:\cc-
views\optimus_r11_ti\optimus\src\com\ethernet\enapplicationmanger.c # 133]
01f6fb64 011c5ee2 004529c8 01f6fd40 01f6fc68 demo_threadx!ENroot_Task+0x6e8
[c:\cc-views\optimus_r11_ti\optimus\src\com\ethernet\enroottask.c # 2157]
01f6fc60 011c6121 00000000 00000000 00474558
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
01f6fd40 0f2a3651 01263208 175d43ec 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
01f6fd7c 0f2a3861 00475530 01f6fd94 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
01f6fd88 7663336a 00475530 01f6fdd4 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
01f6fd94 77269902 00474558 63c5b8bd 00000000
kernel32!BaseThreadInitThunk+0xe
01f6fdd4 772698d5 0f2a37b0 00474558 00000000 ntdll!__RtlUserThreadStart+0x70
01f6fdec 00000000 0f2a37b0 00474558 00000000 ntdll!_RtlUserThreadStart+0x1b
14 Id: 2af8.2978 Suspend: 1 Teb: 7ef8e000 Unfrozen
ChildEBP RetAddr Args to Child
0197f57c 74e715ce 000000d0 00000000 00000000
ntdll!ZwWaitForSingleObject+0x15
0197f5e8 76631194 000000d0 ffffffff 00000000
KERNELBASE!WaitForSingleObjectEx+0x98
0197f600 76631148 000000d0 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
0197f614 011c67a8 000000d0 ffffffff 0197f884
kernel32!WaitForSingleObject+0x12
0197f738 011c5a65 0197f980 0197fa70 004a1a88
demo_threadx!_tx_thread_system_return+0x168 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_return.c #
201]
0197f884 011c3e12 01262888 0197fa64 0197fa70
demo_threadx!_tx_thread_system_suspend+0x5a5 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_system_suspend.c #
615]
0197f980 0111e6a9 0000000a 0197fb60 0197fa70
demo_threadx!_tx_thread_sleep+0xf2 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_sleep.c # 215]
0197fa64 011c5ee2 01262800 0197fc40 0197fb68
demo_threadx!win_ip_thread_entry+0x39 [c:\cc-
views\optimus_r11_ti\optimus\src\win32\tcp_ip\src\opt_win_netx_wrapper.c #
648]
0197fb60 011c6121 00000000 00000000 004a1a88
demo_threadx!_tx_thread_shell_entry+0x72 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_shell_entry.c #
164]
0197fc40 0f2a3651 01262888 173c42ec 00000000
demo_threadx!_tx_win32_thread_entry+0x41 [c:\cc-
views\optimus_r11_ti\optimus\ext\threadx_win32\tx_thread_stack_build.c #
186]
0197fc7c 0f2a3861 0049fd78 0197fc94 7663336a
MSVCR120D!_callthreadstartex+0x51
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 376]
0197fc88 7663336a 0049fd78 0197fcd4 77269902 MSVCR120D!_threadstartex+0xb1
[f:\dd\vctools\crt\crtw32\startup\threadex.c # 359]
0197fc94 77269902 004a1a88 63a4b9bd 00000000
kernel32!BaseThreadInitThunk+0xe
0197fcd4 772698d5 0f2a37b0 004a1a88 00000000 ntdll!__RtlUserThreadStart+0x70
0197fcec 00000000 0f2a37b0 004a1a88 00000000 ntdll!_RtlUserThreadStart+0x1b
The problem isn't in printf. Only threads 6 and 10 are making calls to printf; thread 10 is suspended, and thread 6 is waiting on thread 10 to release the CRT lock.
The most likely cause is a logic error in your program causing it to leave thread 10 suspended, although it is also possible that Symantec Endpoint Protection is causing your program to malfunction. It is also possible that you are deadlocking due to the inherent risks of suspending threads in-process, although I can find no obvious signs of this problem in this particular case.
If you find you are still unable to resolve the problem yourself and want assistance, please post a new question including a Minimal, Complete, and Verifiable Example.
See also:
Why you should never suspend a thread
The SuspendThread function suspends a thread, but it does so asynchronously
Related
ELF Binary: why symbol value is different from actual symbol address? [duplicate]
readelf output of the object file: Symbol table '.symtab' contains 15 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FILE LOCAL DEFAULT ABS fp16.c 2: 00000000 0 SECTION LOCAL DEFAULT 1 3: 00000000 0 SECTION LOCAL DEFAULT 3 4: 00000000 0 SECTION LOCAL DEFAULT 4 5: 00000000 0 NOTYPE LOCAL DEFAULT 1 $t 6: 00000001 194 FUNC LOCAL DEFAULT 1 __gnu_f2h_internal 7: 00000010 0 NOTYPE LOCAL DEFAULT 5 $d 8: 00000000 0 SECTION LOCAL DEFAULT 5 9: 00000000 0 SECTION LOCAL DEFAULT 7 10: 000000c5 78 FUNC GLOBAL HIDDEN 1 __gnu_h2f_internal 11: 00000115 4 FUNC GLOBAL HIDDEN 1 __gnu_f2h_ieee 12: 00000119 4 FUNC GLOBAL HIDDEN 1 __gnu_h2f_ieee 13: 0000011d 4 FUNC GLOBAL HIDDEN 1 __gnu_f2h_alternative 14: 00000121 4 FUNC GLOBAL HIDDEN 1 __gnu_h2f_alternative Section Headers: [Nr] Name Type Addr Off Size ES Flg Lk Inf Al [ 0] NULL 00000000 000000 000000 00 0 0 0 [ 1] .text PROGBITS 00000000 000034 000124 00 AX 0 0 4 [ 2] .rel.text REL 00000000 00058c 000010 08 9 1 4 [ 3] .data PROGBITS 00000000 000158 000000 00 WA 0 0 1 [ 4] .bss NOBITS 00000000 000158 000000 00 WA 0 0 1 [ 5] .debug_frame PROGBITS 00000000 000158 00008c 00 0 0 4 [ 6] .rel.debug_frame REL 00000000 00059c 000060 08 9 5 4 [ 7] .ARM.attributes ARM_ATTRIBUTES 00000000 0001e4 00002f 00 0 0 1 [ 8] .shstrtab STRTAB 00000000 000213 000051 00 0 0 1 [ 9] .symtab SYMTAB 00000000 00041c 0000f0 10 10 10 4 [10] .strtab STRTAB 00000000 00050c 00007e 00 0 0 1 Relocation section '.rel.text' at offset 0x58c contains 2 entries: Offset Info Type Sym.Value Sym. Name 0000011a 00000a66 R_ARM_THM_JUMP11 000000c5 __gnu_h2f_internal 00000122 00000a66 R_ARM_THM_JUMP11 000000c5 __gnu_h2f_internal Relocation section '.rel.debug_frame' at offset 0x59c contains 12 entries: Offset Info Type Sym.Value Sym. Name 00000014 00000802 R_ARM_ABS32 00000000 .debug_frame 00000018 00000202 R_ARM_ABS32 00000000 .text 00000040 00000802 R_ARM_ABS32 00000000 .debug_frame 00000044 00000202 R_ARM_ABS32 00000000 .text 00000050 00000802 R_ARM_ABS32 00000000 .debug_frame 00000054 00000202 R_ARM_ABS32 00000000 .text 00000060 00000802 R_ARM_ABS32 00000000 .debug_frame 00000064 00000202 R_ARM_ABS32 00000000 .text 00000070 00000802 R_ARM_ABS32 00000000 .debug_frame 00000074 00000202 R_ARM_ABS32 00000000 .text 00000080 00000802 R_ARM_ABS32 00000000 .debug_frame 00000084 00000202 R_ARM_ABS32 00000000 .text .text section structure as I understand it: .text section has size of 0x124 0x0: unknown byte 0x1-0xC3: __gnu_f2h_internal 0xC3-0xC5: two unknown bytes between those functions (btw what are those?) 0xC5-0x113: __gnu_h2f_internal 0x113-0x115: two unknown bytes between those functions 0x115-0x119: __gnu_f2h_ieee 0x119-0x11D: __gnu_h2f_ieee 0x11D-0x121: __gnu_f2h_alternative 0x121-0x125: __gnu_h2f_alternative // section is only 0x124, what happened to the missing byte? Notice that the section size is 0x124 and the last function end in 0x125, what happend to the missing byte? Thanks.
Technically, your "missing byte" is the one right there at 0x0. Note that you're looking at the value of the symbol, i.e. the runtime function address (this would be a lot clearer if your .text section VMA wasn't 0). Since they're Thumb functions, the addresses have bit 0 set such that the processor will switch to Thumb mode when calling them; the actual locations of those instructions are still halfword-aligned, i.e. 0x0, 0xc4, 0x114, etc. since they couldn't be executed otherwise (you'd take a fault for a misaligned PC). Strip off bit 0 as per what the ARM ELF spec says about STT_FUNC symbols to get the actual VMA of the instruction corresponding to that symbol, then subtract the start of the section and you should have the same relative offset as within the object file itself. <offset in section> = (<symbol value> & ~1) - <section VMA> The extra halfword padding after some functions just ensures each symbol is word-aligned - there are probably various reasons for this, but the first one that comes to mind is that the adr instruction wouldn't work properly if they weren't.
Incorrect function size inside ARM ELF object
readelf output of the object file: Symbol table '.symtab' contains 15 entries: Num: Value Size Type Bind Vis Ndx Name 0: 00000000 0 NOTYPE LOCAL DEFAULT UND 1: 00000000 0 FILE LOCAL DEFAULT ABS fp16.c 2: 00000000 0 SECTION LOCAL DEFAULT 1 3: 00000000 0 SECTION LOCAL DEFAULT 3 4: 00000000 0 SECTION LOCAL DEFAULT 4 5: 00000000 0 NOTYPE LOCAL DEFAULT 1 $t 6: 00000001 194 FUNC LOCAL DEFAULT 1 __gnu_f2h_internal 7: 00000010 0 NOTYPE LOCAL DEFAULT 5 $d 8: 00000000 0 SECTION LOCAL DEFAULT 5 9: 00000000 0 SECTION LOCAL DEFAULT 7 10: 000000c5 78 FUNC GLOBAL HIDDEN 1 __gnu_h2f_internal 11: 00000115 4 FUNC GLOBAL HIDDEN 1 __gnu_f2h_ieee 12: 00000119 4 FUNC GLOBAL HIDDEN 1 __gnu_h2f_ieee 13: 0000011d 4 FUNC GLOBAL HIDDEN 1 __gnu_f2h_alternative 14: 00000121 4 FUNC GLOBAL HIDDEN 1 __gnu_h2f_alternative Section Headers: [Nr] Name Type Addr Off Size ES Flg Lk Inf Al [ 0] NULL 00000000 000000 000000 00 0 0 0 [ 1] .text PROGBITS 00000000 000034 000124 00 AX 0 0 4 [ 2] .rel.text REL 00000000 00058c 000010 08 9 1 4 [ 3] .data PROGBITS 00000000 000158 000000 00 WA 0 0 1 [ 4] .bss NOBITS 00000000 000158 000000 00 WA 0 0 1 [ 5] .debug_frame PROGBITS 00000000 000158 00008c 00 0 0 4 [ 6] .rel.debug_frame REL 00000000 00059c 000060 08 9 5 4 [ 7] .ARM.attributes ARM_ATTRIBUTES 00000000 0001e4 00002f 00 0 0 1 [ 8] .shstrtab STRTAB 00000000 000213 000051 00 0 0 1 [ 9] .symtab SYMTAB 00000000 00041c 0000f0 10 10 10 4 [10] .strtab STRTAB 00000000 00050c 00007e 00 0 0 1 Relocation section '.rel.text' at offset 0x58c contains 2 entries: Offset Info Type Sym.Value Sym. Name 0000011a 00000a66 R_ARM_THM_JUMP11 000000c5 __gnu_h2f_internal 00000122 00000a66 R_ARM_THM_JUMP11 000000c5 __gnu_h2f_internal Relocation section '.rel.debug_frame' at offset 0x59c contains 12 entries: Offset Info Type Sym.Value Sym. Name 00000014 00000802 R_ARM_ABS32 00000000 .debug_frame 00000018 00000202 R_ARM_ABS32 00000000 .text 00000040 00000802 R_ARM_ABS32 00000000 .debug_frame 00000044 00000202 R_ARM_ABS32 00000000 .text 00000050 00000802 R_ARM_ABS32 00000000 .debug_frame 00000054 00000202 R_ARM_ABS32 00000000 .text 00000060 00000802 R_ARM_ABS32 00000000 .debug_frame 00000064 00000202 R_ARM_ABS32 00000000 .text 00000070 00000802 R_ARM_ABS32 00000000 .debug_frame 00000074 00000202 R_ARM_ABS32 00000000 .text 00000080 00000802 R_ARM_ABS32 00000000 .debug_frame 00000084 00000202 R_ARM_ABS32 00000000 .text .text section structure as I understand it: .text section has size of 0x124 0x0: unknown byte 0x1-0xC3: __gnu_f2h_internal 0xC3-0xC5: two unknown bytes between those functions (btw what are those?) 0xC5-0x113: __gnu_h2f_internal 0x113-0x115: two unknown bytes between those functions 0x115-0x119: __gnu_f2h_ieee 0x119-0x11D: __gnu_h2f_ieee 0x11D-0x121: __gnu_f2h_alternative 0x121-0x125: __gnu_h2f_alternative // section is only 0x124, what happened to the missing byte? Notice that the section size is 0x124 and the last function end in 0x125, what happend to the missing byte? Thanks.
Technically, your "missing byte" is the one right there at 0x0. Note that you're looking at the value of the symbol, i.e. the runtime function address (this would be a lot clearer if your .text section VMA wasn't 0). Since they're Thumb functions, the addresses have bit 0 set such that the processor will switch to Thumb mode when calling them; the actual locations of those instructions are still halfword-aligned, i.e. 0x0, 0xc4, 0x114, etc. since they couldn't be executed otherwise (you'd take a fault for a misaligned PC). Strip off bit 0 as per what the ARM ELF spec says about STT_FUNC symbols to get the actual VMA of the instruction corresponding to that symbol, then subtract the start of the section and you should have the same relative offset as within the object file itself. <offset in section> = (<symbol value> & ~1) - <section VMA> The extra halfword padding after some functions just ensures each symbol is word-aligned - there are probably various reasons for this, but the first one that comes to mind is that the adr instruction wouldn't work properly if they weren't.
Linux ps command core randomly
I am observing segmentation fault randomly when doing a ps of a particular process id. THe process to which the pid is pointing was up and running during the time ps {pid} was executed
Backtrace :
(gdb) bt
#0 reset_global () at ps/global.c:362
#1 0x0000000000402456 in main (argc=2, argv=0x7ffe02d33fa8) at ps/display.c:578 (gdb)
at ps/global.c:362 there is a call to look_up_our_self(&p);
359 void reset_global(void){
360 static proc_t p;
361 reset_selection_list();
362 look_up_our_self(&p);
363 set_screen_size();
364 set_personality();
365 int fd;
366 char *buf[BUFFSIZE];
disassemble out put.
gdb) disassemble
0x000000000040315a <+74>: callq 0x401930 <free#plt>
0x000000000040315f <+79>: test %rbp,%rbp
0x0000000000403162 <+82>: jne 0x403148 <reset_global+56>
0x0000000000403164 <+84>: lea 0x10(%rsp),%rbx
0x0000000000403169 <+89>: mov $0x635860,%edi
0x000000000040316e <+94>: movq $0x0,0x21253f(%rip) # 0x6156b8 <selection_list>
=> 0x0000000000403179 <+105>: callq 0x401a60 <look_up_our_self#plt>
0x000000000040317e <+110>: xor %eax,%eax
0x0000000000403180 <+112>: mov %rbx,%rdx
0x0000000000403183 <+115>: mov $0x5413,%esi
0x0000000000403188 <+120>: mov $0x1,%edi
0x000000000040318d <+125>: callq 0x4017f0 <ioctl#plt>
0x0000000000403192 <+130>: cmp $0xffffffffffffffff,%eax
Registers
(gdb) info registers
rax 0xdeadbeef 3735928559
rbx 0x7ffe02cb3d50 140728945294672
rcx 0x0 0
rdx 0x0 0
rsi 0x7ffe02d33ce0 140728945818848
rdi 0x635860 6510688
rbp 0x7ffe02d33df0 0x7ffe02d33df0
rsp 0x7ffe02cb3d40 0x7ffe02cb3d40
r8 0x0 0
r9 0x1 1
r10 0x8 8
r11 0x206 518
r12 0x2 2
r13 0x7ffe02d33fa8 140728945819560
r14 0x0 0
r15 0x0 0
rip 0x403179 0x403179 <reset_global+105>
eflags 0x10246 [ PF ZF IF RF ]
cs 0x33 51
ss 0x2b 43
ds 0x0 0
es 0x0 0
fs 0x0 0
gs 0x0 0
(gdb)
update: maps output:
00400000-00416000 r-xp 00000000 00:11 6116
/bin/ps 00615000-00616000 rw-p 00015000 00:11 6116
/bin/ps 00616000-00636000 rw-p 00000000 00:00 0 7ffe0258d000-7ffe026e1000 r-xp 00000000 00:11 8166
/lib64/libc-2.11.1.so 7ffe026e1000-7ffe028e1000 ---p 00154000 00:11 8166 /lib64/libc-2.11.1.so 7ffe028e1000-7ffe028e5000 r--p 00154000 00:11 8166
/lib64/libc-2.11.1.so 7ffe028e5000-7ffe028e6000 rw-p 00158000 00:11 8166 /lib64/libc-2.11.1.so 7ffe028e6000-7ffe028eb000 rw-p 00000000 00:00 0 7ffe028eb000-7ffe028ed000 r-xp 00000000 00:11 8175
/lib64/libdl-2.11.1.so 7ffe028ed000-7ffe02aed000 ---p 00002000 00:11 8175 /lib64/libdl-2.11.1.so 7ffe02aed000-7ffe02aee000 r--p 00002000 00:11 8175
/lib64/libdl-2.11.1.so 7ffe02aee000-7ffe02aef000 rw-p 00003000 00:11 8175 /lib64/libdl-2.11.1.so 7ffe02aef000-7ffe02afe000 r-xp 00000000 00:11 8213
/lib64/libproc-3.2.8.so 7ffe02afe000-7ffe02cfe000 ---p 0000f000 00:11 8213 /lib64/libproc-3.2.8.so 7ffe02cfe000-7ffe02cff000 rw-p 0000f000 00:11 8213
/lib64/libproc-3.2.8.so 7ffe02cff000-7ffe02d13000 rw-p 00000000 00:00 0 7ffe02d14000-7ffe02d35000 rw-p 00000000 00:00 0
[stack] 7ffe02d7f000-7ffe02d80000 r-xp 00000000 00:00 0
[vdso] 7ffe02eaa000-7ffe02ec8000 r-xp 00000000 00:11 8156
/lib64/ld-2.11.1.so 7ffe030b9000-7ffe030bc000 rw-p 00000000 00:00 0 7ffe030c6000-7ffe030c7000 rw-p 00000000 00:00 0 7ffe030c7000-7ffe030c8000 r--p 0001d000 00:11 8156
/lib64/ld-2.11.1.so 7ffe030c8000-7ffe030c9000 rw-p 0001e000 00:11 8156 /lib64/ld-2.11.1.so 7ffe030c9000-7ffe030ca000 rw-p 00000000 00:00 0 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0
[vsyscall]
Please find the proc/map file contents below for the above segmentation fault: On behalf of Guruswamy Basavaiah 00400000-00416000 r-xp 00000000 00:11 6116 /bin/ps 00615000-00616000 rw-p 00015000 00:11 6116 /bin/ps 00616000-00636000 rw-p 00000000 00:00 0 7ffe0258d000-7ffe026e1000 r-xp 00000000 00:11 8166 /lib64/libc-2.11.1.so 7ffe026e1000-7ffe028e1000 ---p 00154000 00:11 8166 /lib64/libc-2.11.1.so 7ffe028e1000-7ffe028e5000 r--p 00154000 00:11 8166 /lib64/libc-2.11.1.so 7ffe028e5000-7ffe028e6000 rw-p 00158000 00:11 8166 /lib64/libc-2.11.1.so 7ffe028e6000-7ffe028eb000 rw-p 00000000 00:00 0 7ffe028eb000-7ffe028ed000 r-xp 00000000 00:11 8175 /lib64/libdl-2.11.1.so 7ffe028ed000-7ffe02aed000 ---p 00002000 00:11 8175 /lib64/libdl-2.11.1.so 7ffe02aed000-7ffe02aee000 r--p 00002000 00:11 8175 /lib64/libdl-2.11.1.so 7ffe02aee000-7ffe02aef000 rw-p 00003000 00:11 8175 /lib64/libdl-2.11.1.so 7ffe02aef000-7ffe02afe000 r-xp 00000000 00:11 8213 /lib64/libproc-3.2.8.so 7ffe02afe000-7ffe02cfe000 ---p 0000f000 00:11 8213 /lib64/libproc-3.2.8.so 7ffe02cfe000-7ffe02cff000 rw-p 0000f000 00:11 8213 /lib64/libproc-3.2.8.so 7ffe02cff000-7ffe02d13000 rw-p 00000000 00:00 0 7ffe02d14000-7ffe02d35000 rw-p 00000000 00:00 0 [stack] 7ffe02d7f000-7ffe02d80000 r-xp 00000000 00:00 0 [vdso] 7ffe02eaa000-7ffe02ec8000 r-xp 00000000 00:11 8156 /lib64/ld-2.11.1.so 7ffe030b9000-7ffe030bc000 rw-p 00000000 00:00 0 7ffe030c6000-7ffe030c7000 rw-p 00000000 00:00 0 7ffe030c7000-7ffe030c8000 r--p 0001d000 00:11 8156 /lib64/ld-2.11.1.so 7ffe030c8000-7ffe030c9000 rw-p 0001e000 00:11 8156 /lib64/ld-2.11.1.so 7ffe030c9000-7ffe030ca000 rw-p 00000000 00:00 0 ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Seg Fault in ARM Assembly
So, I am trying to learn ARM assembly and basically what I want to do is turn on the LEDs of my BeagleBone Black using pure assembly. I know how to program in C very well, but I am new to ARM assembly if that makes any difference.
Basically I am just trying to modify a character in a string, but it doesn't seem to be working. Maybe it is because I do not fully understand the memory management instructions.
When I run the code it gives me a segmentation fault.
Here is my code:
.syntax unified
.global main
main:
push {ip, lr}
mov r0, beagle_bone_0
mov r1, #0x65
strb r1, [r0]
ldr r0, =beagle_bone_0
bl printf
pop {ip, pc}
beagle_bone_0:
.asciz "/sys/class/leds/beaglebone:green:usr0/brightness"
objdump -x output:
helloworld: file format elf32-littlearm
helloworld
architecture: arm, flags 0x00000112:
EXEC_P, HAS_SYMS, D_PAGED
start address 0x00008325
Program Header:
0x70000001 off 0x00000444 vaddr 0x00008444 paddr 0x00008444 align 2**2
filesz 0x00000008 memsz 0x00000008 flags r--
PHDR off 0x00000034 vaddr 0x00008034 paddr 0x00008034 align 2**2
filesz 0x00000100 memsz 0x00000100 flags r-x
INTERP off 0x00000134 vaddr 0x00008134 paddr 0x00008134 align 2**0
filesz 0x00000019 memsz 0x00000019 flags r--
LOAD off 0x00000000 vaddr 0x00008000 paddr 0x00008000 align 2**15
filesz 0x00000450 memsz 0x00000450 flags r-x
LOAD off 0x00000450 vaddr 0x00010450 paddr 0x00010450 align 2**15
filesz 0x00000124 memsz 0x00000128 flags rw-
DYNAMIC off 0x0000045c vaddr 0x0001045c paddr 0x0001045c align 2**2
filesz 0x000000f0 memsz 0x000000f0 flags rw-
NOTE off 0x00000150 vaddr 0x00008150 paddr 0x00008150 align 2**2
filesz 0x00000044 memsz 0x00000044 flags r--
STACK off 0x00000000 vaddr 0x00000000 paddr 0x00000000 align 2**2
filesz 0x00000000 memsz 0x00000000 flags rwx
Dynamic Section:
NEEDED libc.so.6
INIT 0x000082d1
FINI 0x00008439
INIT_ARRAY 0x00010450
INIT_ARRAYSZ 0x00000004
FINI_ARRAY 0x00010454
FINI_ARRAYSZ 0x00000004
HASH 0x00008194
GNU_HASH 0x000081bc
STRTAB 0x00008238
SYMTAB 0x000081e8
STRSZ 0x00000043
SYMENT 0x00000010
DEBUG 0x00000000
PLTGOT 0x0001054c
PLTRELSZ 0x00000020
PLTREL 0x00000011
JMPREL 0x000082b0
REL 0x000082a8
RELSZ 0x00000008
RELENT 0x00000008
VERNEED 0x00008288
VERNEEDNUM 0x00000001
VERSYM 0x0000827c
Version References:
required from libc.so.6:
0x0d696914 0x00 02 GLIBC_2.4
private flags = 5000002: [Version5 EABI] [has entry point]
Sections:
Idx Name Size VMA LMA File off Algn
0 .interp 00000019 00008134 00008134 00000134 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
1 .note.ABI-tag 00000020 00008150 00008150 00000150 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
2 .note.gnu.build-id 00000024 00008170 00008170 00000170 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
3 .hash 00000028 00008194 00008194 00000194 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
4 .gnu.hash 0000002c 000081bc 000081bc 000001bc 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
5 .dynsym 00000050 000081e8 000081e8 000001e8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
6 .dynstr 00000043 00008238 00008238 00000238 2**0
CONTENTS, ALLOC, LOAD, READONLY, DATA
7 .gnu.version 0000000a 0000827c 0000827c 0000027c 2**1
CONTENTS, ALLOC, LOAD, READONLY, DATA
8 .gnu.version_r 00000020 00008288 00008288 00000288 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
9 .rel.dyn 00000008 000082a8 000082a8 000002a8 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
10 .rel.plt 00000020 000082b0 000082b0 000002b0 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
11 .init 0000000a 000082d0 000082d0 000002d0 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
12 .plt 00000048 000082dc 000082dc 000002dc 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
13 .text 00000114 00008324 00008324 00000324 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
14 .fini 00000006 00008438 00008438 00000438 2**2
CONTENTS, ALLOC, LOAD, READONLY, CODE
15 .rodata 00000004 00008440 00008440 00000440 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
16 .ARM.exidx 00000008 00008444 00008444 00000444 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
17 .eh_frame 00000004 0000844c 0000844c 0000044c 2**2
CONTENTS, ALLOC, LOAD, READONLY, DATA
18 .init_array 00000004 00010450 00010450 00000450 2**2
CONTENTS, ALLOC, LOAD, DATA
19 .fini_array 00000004 00010454 00010454 00000454 2**2
CONTENTS, ALLOC, LOAD, DATA
20 .jcr 00000004 00010458 00010458 00000458 2**2
CONTENTS, ALLOC, LOAD, DATA
21 .dynamic 000000f0 0001045c 0001045c 0000045c 2**2
CONTENTS, ALLOC, LOAD, DATA
22 .got 00000020 0001054c 0001054c 0000054c 2**2
CONTENTS, ALLOC, LOAD, DATA
23 .data 00000008 0001056c 0001056c 0000056c 2**2
CONTENTS, ALLOC, LOAD, DATA
24 .bss 00000004 00010574 00010574 00000574 2**0
ALLOC
25 .comment 0000001d 00000000 00000000 00000574 2**0
CONTENTS, READONLY
26 .ARM.attributes 00000031 00000000 00000000 00000591 2**0
CONTENTS, READONLY
SYMBOL TABLE:
00008134 l d .interp 00000000 .interp
00008150 l d .note.ABI-tag 00000000 .note.ABI-tag
00008170 l d .note.gnu.build-id 00000000 .note.gnu.build-id
00008194 l d .hash 00000000 .hash
000081bc l d .gnu.hash 00000000 .gnu.hash
000081e8 l d .dynsym 00000000 .dynsym
00008238 l d .dynstr 00000000 .dynstr
0000827c l d .gnu.version 00000000 .gnu.version
00008288 l d .gnu.version_r 00000000 .gnu.version_r
000082a8 l d .rel.dyn 00000000 .rel.dyn
000082b0 l d .rel.plt 00000000 .rel.plt
000082d0 l d .init 00000000 .init
000082dc l d .plt 00000000 .plt
00008324 l d .text 00000000 .text
00008438 l d .fini 00000000 .fini
00008440 l d .rodata 00000000 .rodata
00008444 l d .ARM.exidx 00000000 .ARM.exidx
0000844c l d .eh_frame 00000000 .eh_frame
00010450 l d .init_array 00000000 .init_array
00010454 l d .fini_array 00000000 .fini_array
00010458 l d .jcr 00000000 .jcr
0001045c l d .dynamic 00000000 .dynamic
0001054c l d .got 00000000 .got
0001056c l d .data 00000000 .data
00010574 l d .bss 00000000 .bss
00000000 l d .comment 00000000 .comment
00000000 l d .ARM.attributes 00000000 .ARM.attributes
0000835c l F .text 00000000 call_gmon_start
00000000 l df *ABS* 00000000 crtstuff.c
00010458 l O .jcr 00000000 __JCR_LIST__
00008374 l F .text 00000000 __do_global_dtors_aux
00010574 l O .bss 00000001 completed.5637
00010454 l O .fini_array 00000000 __do_global_dtors_aux_fini_array_entry
00008384 l F .text 00000000 frame_dummy
00010450 l O .init_array 00000000 __frame_dummy_init_array_entry
000083b8 l .text 00000000 beagle_bone_0
00000000 l df *ABS* 00000000 crtstuff.c
0000844c l O .eh_frame 00000000 __FRAME_END__
00010458 l O .jcr 00000000 __JCR_END__
00010454 l .init_array 00000000 __init_array_end
0001045c l O .dynamic 00000000 _DYNAMIC
00010450 l .init_array 00000000 __init_array_start
0001054c l O .got 00000000 _GLOBAL_OFFSET_TABLE_
00008434 g F .text 00000002 __libc_csu_fini
0001056c w .data 00000000 data_start
000082f0 F *UND* 00000000 printf##GLIBC_2.4
00010574 g *ABS* 00000000 __bss_start__
00010578 g *ABS* 00000000 _bss_end__
00010574 g *ABS* 00000000 _edata
00008438 g F .fini 00000000 _fini
00010578 g *ABS* 00000000 __bss_end__
0001056c g .data 00000000 __data_start
000082fc F *UND* 00000000 __libc_start_main##GLIBC_2.4
00000000 w *UND* 00000000 __gmon_start__
00010570 g O .data 00000000 .hidden __dso_handle
00008440 g O .rodata 00000004 _IO_stdin_used
000083f0 g F .text 00000044 __libc_csu_init
00010578 g *ABS* 00000000 _end
00008324 g F .text 00000000 _start
00010578 g *ABS* 00000000 __end__
00010574 g *ABS* 00000000 __bss_start
0000839c g .text 00000000 main
00000000 w *UND* 00000000 _Jv_RegisterClasses
00008318 F *UND* 00000000 abort##GLIBC_2.4
000082d0 g F .init 00000000 _init
The answer to my question was actually really simple. Since ldr r0, =beagle_bone_0 loads the address of beagle_bone_0 into register 0 I can just manipulate beagle_bone_0 with that address.
Working test code:
.syntax unified
.data
beagle_bone_0: .ascii "Hello, world\n"
.text
.global main
main:
push {ip, lr}
ldr r0, =beagle_bone_0
mov r1, #0x65
strb r1, [r0]
bl printf
pop {ip, pc}
I ran and debugged your code. The line mov r0, beagle_bone_0 didn't even compile (on my compiler, at least). You want to load in r0 the address of beagle_bone. For this, you should use the adr pseudo-instruction, that is translated by the compiler in a pc-relative move (something like mov r0, [pc, #8]. You cannot use it this way. Probably your compiler translated it into something different. So, to fix it, just replace the line mov r0, beagle_bone_0 by adr r0, beagle_bone_0. Also the string was in the .text section which we cannot edit. So, I put beagle_bone_0 in the .data section.
Converting ARM to C
Given, for example, the following ARM assembly code, are there any straightforward ways to convert it directly to C, using whatever appropriate variable names? ADD $2 $0 #9 ADD $3 $0 #3 ADD $1 $0 $0 loop: ADD $1 $1 #1 ADD $3 $0 $3, LSL #1 SUB $2 $2 $1 CMP $2 $1 BNE loop Also, as I'm still learning ARM, how many times will the loop execute say, SUB or ADD? Are there straightforward ways to determine this? Thanks for the help! Any other insight not particularly aimed at answering the question would also be great.
In short, BNE - Branch Not Equal, could suggest either a do{...}while loop or the other way while (...){...}, even possibly a for( ...; ... < ....; ...){...} loop, that's about far as it can go.
As for reading the addition/subtraction from some registers (read, memory variables in the context of C), you will have to play by reading it and come up with a near equivalent.
A decompiler may not help you at this stage, play with a couple of C code to practice and compile it to assembler language using the -S command parameter passed to the C compiler and see what you get, mostly trial and error am afraid, that is, if you're looking for the exact replica of that code in the above question.
unsigned int r0,r1,r2,r3;
r2=r0+9;
r3=r0+3;
r1=r0+r0;
do
{
r1=r1+1;
r3=r0+(r3<<1);
r2=r2-r1;
} while(r2!=r1);
not knowing what r0 is going in the loop can happen a few times or many times (like millions? billions?) r2 is decreasing, r1 is increasing if they dont collide with an equals the first time they pass they will have to roll around. every loop r1 gets bigger so r2 gets smaller that much faster. should be very easy to add a printf and some test values for r0 and see what happens.
say for example r0 is a 0 before entering this code. r2 is r0+9 = 9; and r1 is double r0 which is 0.
The first so many loops would go like this with the four variables r0,r1,r2,r3
00000000 00000001 00000008 00000006
00000000 00000002 00000007 0000000C
00000000 00000003 00000006 00000018
00000000 00000004 00000005 00000030
00000000 00000005 00000004 00000060
00000000 00000006 00000003 000000C0
00000000 00000007 00000002 00000180
00000000 00000008 00000001 00000300
00000000 00000009 00000000 00000600
00000000 0000000A FFFFFFFF 00000C00
00000000 0000000B FFFFFFFE 00001800
r2 and r1 are not going to collide.
but if r0 was a 1 going in then
00000001 00000003 00000009 00000009
00000001 00000004 00000008 00000013
00000001 00000005 00000007 00000027
00000001 00000006 00000006 0000004F
r0 = 3
00000003 00000007 0000000B 0000000F
00000003 00000008 0000000A 00000021
00000003 00000009 00000009 00000045
r0 needs to be odd so far. but when you make r0 a 9 then
00000009 00000013 00000011 00000021
00000009 00000014 00000010 0000004B
00000009 00000015 0000000F 0000009F
00000009 00000016 0000000E 00000147
00000009 00000017 0000000D 00000297
00000009 00000018 0000000C 00000537
00000009 00000019 0000000B 00000A77
00000009 0000001A 0000000A 000014F7
00000009 0000001B 00000009 000029F7
00000009 0000001C 00000008 000053F7
00000009 0000001D 00000007 0000A7F7
00000009 0000001E 00000006 00014FF7
00000009 0000001F 00000005 00029FF7
00000009 00000020 00000004 00053FF7
00000009 00000021 00000003 000A7FF7
00000009 00000022 00000002 0014FFF7
00000009 00000023 00000001 0029FFF7
00000009 00000024 00000000 0053FFF7
00000009 00000025 FFFFFFFF 00A7FFF7
00000009 00000026 FFFFFFFE 014FFFF7
basically it is a little deterministic with some rules, but if the comparison doesnt happen then the loop may run forever or at least many many cycles.