[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [gforth] Decompilation not working properly.
From: |
Anton Ertl |
Subject: |
Re: [gforth] Decompilation not working properly. |
Date: |
Mon, 13 Feb 2017 17:19:34 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Mon, Feb 13, 2017 at 06:37:23AM -0500, Stéphane Fillion wrote:
> Hi.
>
> I'm using gforth 0.7.2 under lubuntu 16.04. Arch is AMD64.
>
> I installed it with this command:
>
> sudo apt-get install gforth
> >
>
> The 'see' word works correctly when trying to decompile any user-defined
> and some predefined words. By example:
>
> : inc compiled
> > 1 + ; ok
> > see inc
> > : inc
> > 1 + ; ok
> >
> see see
> >
> : see
> > parse-name find-name dup 0=
> > IF drop -13 throw
> > THEN
> > name-see ; ok
> >
...
> After installing gdb I get another, still inacurate, result. Gdb version is
> 7.11.1
>
> I first get this:
>
> see +
> > Code +
> >
>
> Nothing else happens until I press CTRL-D. I then get this:
>
> 0x00404f04: /tmp/gforthdis.Doy9BGU1EL:4: Error in sourced command
> > file:
> > Cannot access memory at address 0x404f04
> > quit
> > end-code
> > ok
This is probably due to
https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection
To check this, type
cat /proc/sys/kernel/yama/ptrace_scope
If this outputs 1, that is probably the cause of the problem.
You can change it with
echo 0 >/proc/sys/kernel/yama/ptrace_scope
as root, or permanently by editing /etc/sysctl.d/10-ptrace.conf.
If you cannot or do not want to do that, you can do
' dump is discode
in Gforth. Then, for primitives SEE will show you a hex dump of the
machine code instead of trying to disassemble it.
- anton