Develop Reference

Find functions names in .init_array section in unstripped library

Is it possible to find out all instances of static initialization in a elf dynamic library. I can dump the array of function pointers in .init_array section via objdump command like this.
objdump -s -j .init_array <libname.so>
Is there a way to map these function pointers back to function names. I have unstripped library with debug symbols. I want to eliminate static initialization as much as possible to improve my library load time.

On x86-64, .init_array contains a list of 8-byte little-endian pointers to static initializers/constructors. The example below has 4 initializers with the addresses - 0x1160, 0x11a7, 0x1231 and 0x12bb:
$ objdump -s -j .init_array a.out
a.out: file format elf64-x86-64
Contents of section .init_array:
3d88 60110000 00000000 a7110000 00000000 `...............
3d98 31120000 00000000 bb120000 00000000 1...............
You can find the initializer function by providing an address from .init_array to objdump. E.g. the address 0x11a7 points to the special function _GLOBAL__sub_I_a (static initializer for the global variable a):
$ objdump -S --start-address=0x11a7 a.out | head
a.out: file format elf64-x86-64
Disassembly of section .text:
00000000000011a7 <_GLOBAL__sub_I_a>:
11a7: f3 0f 1e fa endbr64
11ab: 55 push %rbp
11ac: 48 89 e5 mov %rsp,%rbp

How do I decompile this Lua bytecode?

So I have some Lua bytecode, and now I would like to re-compile it into human readable code:
\27\76\117\97\81\0\1\4\8\4\8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\2\4\0\0\0\5\0\0\0\65\64\0\0\28\64\0\1\30\0\128\0\2\0\0\0\4\6\0\0\0\0\0\0\0\112\114\105\110\116\0\4\9\0\0\0\0\0\0\0\72\105\32\116\104\101\114\101\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0
How would I achieve this? I have tried using LuaDec, but I get the following error:
bad header in precompiled chunk
If anyone could help me that would be excellent.

Step 1
Write your bytecode into a file
local str = '\27\76\117\97\81\0\1\4\8\4\8\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\2\2\4\0\0\0\5\0\0\0\65\64\0\0\28\64\0\1\30\0\128\0\2\0\0\0\4\6\0\0\0\0\0\0\0\112\114\105\110\116\0\4\9\0\0\0\0\0\0\0\72\105\32\116\104\101\114\101\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0'
local file = io.open("bytecode.lua", "wb")
file:write(str)
file:close()
Step 2
Install Lua 5.1 (see lua.org for details)
Step 3
Run luac to view the content of bytecode
$ ~/lua-5.1.5/src/luac -l -l -p bytecode.lua
main <?:0,0> (4 instructions, 16 bytes at 0x19fd550)
0+ params, 2 slots, 0 upvalues, 0 locals, 2 constants, 0 functions
1 [-] GETGLOBAL 0 -1 ; print
2 [-] LOADK 1 -2 ; "Hi there"
3 [-] CALL 0 2 1
4 [-] RETURN 0 1
constants (2) for 0x19fd550:
1 "print"
2 "Hi there"
locals (0) for 0x19fd550:
upvalues (0) for 0x19fd550:
Step 4
Convert bytecode instructions manually into Lua source text :-)
print("Hi there")
Decompilation complete.

NASM example throws memory violation

I am new to NASM assembler, and would like to just compile a small example.
global _start
section .text
_start:
mov EAX,1
Compiling it with
$ nasm -f elf64 code.asm ; ld code.o ; ./a.out
Naruszenie ochrony pamięci (zrzut pamięci)
Building works fine but running yields memory access violation.

FSL (preprocessing BedPostX) Error: Error in logfile. What does this mean?

When I do BedpostX FSL preprocessing I get this message:
----- Bedpostx Monitor -----
1 slices processed out of 62
2 slices processed out of 62
.
.
.
59 slices processed out of 62
60 slices processed out of 62
An error ocurred. Please check file /Users/...../bedpostx.bedpostX/logs/bpx_postproc.e68944
/Users/..../bedpostx.bedpostX/monitor: line 15: kill: (9187) - No such process
logout
[Process completed]
So I checked the log file:
Error in logfile: *File "/Applications/FSL/bin/imglob", line 78
print "Usage: $0 [-extension/extensions] <list of names>"
^
SyntaxError: Missing parentheses in call to 'print'
File "/Applications/FSL/bin/imglob", line 78
print "Usage: $0 [-extension/extensions] <list of names>"
^
SyntaxError: Missing parentheses in call to 'print'
File "/Applications/FSL/bin/imglob", line 78
print "Usage: $0 [-extension/extensions] <list of names>"
^
SyntaxError: Missing parentheses in call to 'print'
File "/Applications/FSL/bin/imglob", line 78
print "Usage: $0 [-extension/extensions] <list of names>"
^
SyntaxError: Missing parentheses in call to 'print'*
But I dont know really what it means. It is really strange cause the process was almost done (see above at 61 it stopped). I got almost every outputs. So my questions are:
What does the error mean?
Is the process still completed? (see above there it is said)
If not what can I do to fix the problem?
Here is another screenshot:

So finally I got a tip from another forum. the bedpostx command is a shell script which uses sometimes python environment itself. Due to the fact that I on my system python 3.5 was installed the error occurs. So I just started the bedpostx command again but this time in a python 2.7 environment terminal.
cheers
manun

Debug error in fortran for the array negtivel index

I have a test program here:
program test
implicit none
integer(4) :: indp
integer(4) :: t1(80)
indp = -3
t1(indp) = 1
write(*,*) t1(indp)
end program test
in line 8 it is wrong, because the indp is negative number. but when I compile it use 'ifort' or 'gfortran' both of them cannot find this error.
and even use valgrind to debug this program it also cannot find this error.
do you have any idea find this kind of problem?

Fortran compilers aren't required to give you warnings about things like this; and in general, t1(-3) = 1 could be a perfectly reasonable statement if you set the lower bound of your fortran array to something equal to or less than -3, eg
integer(kind=4), dimension(-5:74) :: t1(80)
would certainly allow setting and reading t1(-3).
If you want to make sure these sorts of errors are checked at runtime, you can compile with -fbounds-check with gfortran:
$ gfortran -o foo foo.f90 -fcheck=bounds
$ ./foo
At line 8 of file foo.f90
Fortran runtime error: Array reference out of bounds for array 't1', lower bound of dimension 1 exceeded (-3 < 1)
or -check bounds in ifort:
ifort -o foo foo.f90 -check bounds
$ ifort -o foo foo.f90 -check bounds
$ ./foo
forrtl: severe (408): fort: (3): Subscript #1 of the array T1 has value -3 which is less than the lower bound of 1
Image PC Routine Line Source
foo 000000000046A8DA Unknown Unknown Unknown
The reason valgrind doesn't catch this is a little subtle, but note that it would if the array were allocated:
program test
implicit none
integer(kind=4) :: indp
integer(kind=4), allocatable :: t1(:)
indp = -3
allocate(t1(80))
t1(indp) = 1
write(*,*) t1(indp)
deallocate(t1)
end program test
$ gfortran -o foo foo.f90 -g
$ valgrind ./foo
==18904== Memcheck, a memory error detector
==18904== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==18904== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==18904== Command: ./foo
==18904==
==18904== Invalid write of size 4
==18904== at 0x400931: MAIN__ (foo.f90:9)
==18904== by 0x400A52: main (foo.f90:13)
==18904== Address 0x5bb3420 is 16 bytes before a block of size 320 alloc'd
==18904== at 0x4C264B2: malloc (vg_replace_malloc.c:236)
==18904== by 0x400904: MAIN__ (foo.f90:8)
==18904== by 0x400A52: main (foo.f90:13)
==18904==
==18904== Invalid read of size 4
==18904== at 0x4F07368: extract_int (write.c:450)
==18904== by 0x4F08171: write_integer (write.c:1260)
==18904== by 0x4F0BBAE: _gfortrani_list_formatted_write (write.c:1553)
==18904== by 0x40099F: MAIN__ (foo.f90:10)
==18904== by 0x400A52: main (foo.f90:13)
==18904== Address 0x5bb3420 is 16 bytes before a block of size 320 alloc'd
==18904== at 0x4C264B2: malloc (vg_replace_malloc.c:236)
==18904== by 0x400904: MAIN__ (foo.f90:8)
==18904== by 0x400A52: main (foo.f90:13)

There is no error. You declared indp as an integer of a certain range and precision (of a certain KIND <- look up in help for that term), which can be either positive or negative.
After that you assigned the value of 1 to an t1(indp) and wrote it out.