Which parts of ELF format does objcopy parameter --strip-all remove? - elf

I did compile and link my program and i get a format in ELF32 little endian which is build like this:
ELF Header:
Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00
Class: ELF32
Data: 2's complement, little endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: ARM
Version: 0x1
Entry point address: 0x11029000
Start of program headers: 52 (bytes into file)
Start of section headers: 6804 (bytes into file)
Flags: 0x5000002, has entry point, Version5 EABI
Size of this header: 52 (bytes)
Size of program headers: 32 (bytes)
Number of program headers: 1
Size of section headers: 40 (bytes)
Number of section headers: 16
Section header string table index: 13
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[ 0] NULL 00000000 000000 000000 00 0 0 0
[ 1] .text PROGBITS 11029000 001000 000414 00 AX 0 0 4
[ 2] .ARM.attributes ARM_ATTRIBUTES 00000000 001414 000030 00 0 0 1
[ 3] .comment PROGBITS 00000000 001444 00002a 01 MS 0 0 1
[ 4] .debug_abbrev PROGBITS 00000000 00146e 0000d8 00 0 0 1
[ 5] .debug_info PROGBITS 00000000 001546 00013c 00 0 0 1
[ 6] .debug_line PROGBITS 00000000 001682 00012f 00 0 0 1
[ 7] .debug_loc PROGBITS 00000000 0017b1 00005f 00 0 0 1
[ 8] .debug_pubnames PROGBITS 00000000 001810 000034 00 0 0 1
[ 9] .debug_aranges PROGBITS 00000000 001844 000020 00 0 0 1
[10] .debug_ranges PROGBITS 00000000 001864 000078 00 0 0 1
[11] .debug_str PROGBITS 00000000 0018dc 0000bf 01 MS 0 0 1
[12] .debug_frame PROGBITS 00000000 00199c 000048 00 0 0 4
[13] .shstrtab STRTAB 00000000 0019e4 0000b0 00 0 0 1
[14] .symtab SYMTAB 00000000 001d14 000450 10 15 55 4
[15] .strtab STRTAB 00000000 002164 000244 00 0 0 1
Key to Flags:
W (write), A (alloc), X (execute), M (merge), S (strings)
I (info), L (link order), G (group), T (TLS), E (exclude), x (unknown)
O (extra OS processing required) o (OS specific), p (processor specific)
There are no section groups in this file.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x11028000 0x11028000 0x01414 0x01414 R E 0x8000
Section to Segment mapping:
Segment Sections...
00 .text
There is no dynamic section in this file.
There are no relocations in this file.
There are no unwind sections in this file.
Symbol table '.symtab' contains 69 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 00000000 0 NOTYPE LOCAL DEFAULT UND
1: 11029000 0 SECTION LOCAL DEFAULT 1
2: 00000000 0 SECTION LOCAL DEFAULT 2
3: 00000000 0 SECTION LOCAL DEFAULT 3
4: 00000000 0 SECTION LOCAL DEFAULT 4
5: 00000000 0 SECTION LOCAL DEFAULT 5
6: 00000000 0 SECTION LOCAL DEFAULT 6
7: 00000000 0 SECTION LOCAL DEFAULT 7
8: 00000000 0 SECTION LOCAL DEFAULT 8
9: 00000000 0 SECTION LOCAL DEFAULT 9
10: 00000000 0 SECTION LOCAL DEFAULT 10
11: 00000000 0 SECTION LOCAL DEFAULT 11
12: 00000000 0 SECTION LOCAL DEFAULT 12
13: 00000010 0 NOTYPE LOCAL DEFAULT ABS MODE_USR
14: 00000011 0 NOTYPE LOCAL DEFAULT ABS MODE_FIQ
15: 00000012 0 NOTYPE LOCAL DEFAULT ABS MODE_IRQ
16: 00000013 0 NOTYPE LOCAL DEFAULT ABS MODE_SVC
17: 000000d3 0 NOTYPE LOCAL DEFAULT ABS MODE_SVC_NI
18: 00000017 0 NOTYPE LOCAL DEFAULT ABS MODE_ABORT
19: 0000001b 0 NOTYPE LOCAL DEFAULT ABS MODE_UNDEF
20: 0000001f 0 NOTYPE LOCAL DEFAULT ABS MODE_SYSTEM
21: 0000001f 0 NOTYPE LOCAL DEFAULT ABS MODE_BITS
22: 00000080 0 NOTYPE LOCAL DEFAULT ABS I_MASK
23: 00000040 0 NOTYPE LOCAL DEFAULT ABS F_MASK
24: 000000c0 0 NOTYPE LOCAL DEFAULT ABS IF_MASK
25: 1201c000 0 NOTYPE LOCAL DEFAULT ABS BROM_MMU_BASE_ADDR
26: ffffeffa 0 NOTYPE LOCAL DEFAULT ABS MMU_DISABLE_MASK
27: 00001005 0 NOTYPE LOCAL DEFAULT ABS MMU_ENABLE_MASK
28: 00000080 0 NOTYPE LOCAL DEFAULT ABS FIQ_STACK_SIZE
29: 00000100 0 NOTYPE LOCAL DEFAULT ABS IRQ_STACK_SIZE
30: 00000020 0 NOTYPE LOCAL DEFAULT ABS ABORT_STACK_SIZE
31: 00000020 0 NOTYPE LOCAL DEFAULT ABS UNDEF_STACK_SIZE
32: 00000040 0 NOTYPE LOCAL DEFAULT ABS SYSTEM_STACK_SIZE
33: 11029000 0 NOTYPE LOCAL DEFAULT 1 $a
34: 11029080 0 NOTYPE LOCAL DEFAULT 1 arm926ejs_reset_handler
35: 11029004 0 NOTYPE LOCAL DEFAULT 1 $d
36: 1102901c 0 NOTYPE LOCAL DEFAULT 1 image_type
37: 11029020 0 NOTYPE LOCAL DEFAULT 1 sizeOfPermanentCode
38: 1102902c 0 NOTYPE LOCAL DEFAULT 1 bootparameter
39: 11029080 0 NOTYPE LOCAL DEFAULT 1 $a
40: 110290e8 0 NOTYPE LOCAL DEFAULT 1 inVirtMem
41: 1102915c 0 NOTYPE LOCAL DEFAULT 1 clearzi
42: 11029170 0 NOTYPE LOCAL DEFAULT 1 clearzi_exit
43: 11029170 0 NOTYPE LOCAL DEFAULT 1 load_entry
44: 1102918c 0 NOTYPE LOCAL DEFAULT 1 inval
45: 11029180 0 NOTYPE LOCAL DEFAULT 1 flushonly
46: 11029198 0 NOTYPE LOCAL DEFAULT 1 $d
47: 00000000 0 FILE LOCAL DEFAULT ABS cgu_fractional_divider.c
48: 110291b4 0 NOTYPE LOCAL DEFAULT 1 $a
49: 11029300 0 NOTYPE LOCAL DEFAULT 1 $d
50: 1102930c 0 NOTYPE LOCAL DEFAULT 1 $a
51: 110293d4 0 NOTYPE LOCAL DEFAULT 1 $d
52: 110293d8 0 NOTYPE LOCAL DEFAULT 1 $a
53: 11029410 0 NOTYPE LOCAL DEFAULT 1 $d
54: 00000010 0 NOTYPE LOCAL DEFAULT 12 $d
55: 11029414 0 NOTYPE GLOBAL DEFAULT 1 __gnu_bssend
56: 11029414 0 NOTYPE GLOBAL DEFAULT 1 __gnu_bssstart
57: 11029414 0 NOTYPE GLOBAL DEFAULT ABS __exidx_end
58: 00000600 0 NOTYPE GLOBAL DEFAULT ABS __image_size
59: 11029000 0 NOTYPE GLOBAL DEFAULT 1 __exidx_start
60: 11029000 0 NOTYPE GLOBAL DEFAULT 1 arm926ejs_reset
61: 11029000 0 NOTYPE GLOBAL DEFAULT 1 __start
62: 11029000 0 NOTYPE GLOBAL DEFAULT 1 __gnu_textstart
63: 1102930c 204 FUNC GLOBAL DEFAULT 1 adc_cgu
64: 11029178 0 NOTYPE GLOBAL DEFAULT 1 dcache_flush
65: 110291b4 344 FUNC GLOBAL DEFAULT 1 c_entry
66: 110293d8 60 FUNC GLOBAL DEFAULT 1 delay
67: 00000000 0 NOTYPE GLOBAL DEFAULT UND ea3131_init
68: 00000000 0 NOTYPE GLOBAL DEFAULT ABS __EH_FRAME_BEGIN__
No version information found in this file.
Attribute Section: aeabi
File Attributes
Tag_CPU_name: "ARM926EJ-S"
Tag_CPU_arch: v5TEJ
Tag_ARM_ISA_use: Yes
Tag_THUMB_ISA_use: Thumb-1
Tag_ABI_PCS_wchar_t: 4
Tag_ABI_FP_denormal: Needed
Tag_ABI_FP_exceptions: Needed
Tag_ABI_FP_number_model: IEEE 754
Tag_ABI_align_needed: 8-byte
Tag_ABI_enum_size: small
Tag_DIV_use: Not allowed
Then i have to use the command below to change my format into binary. That is what i ve heard it does. But can anyone tell me which parts of ELF32 format exactly does parameter "--strip-all" remove and how is binary format then different than ELF32 format?
arm-none-eabi-objcopy -I elf32-littlearm -O binary --strip-all --verbose foo1 foo2
I includded my ELF32 format details above soo you can (if it is possible) color the parts which are removed.
Thank you very much.


binary is pure data and elf is the data in some genral format that describe how to use this data.
elf got a magic, sections, some tables and etc.
binary is only the data itself/

Related

Relocation R_X86_64_PC32: why value is x-4 instead of x?

Consider this code:
int arr[4];
void foo(void)
{
arr[0] = arr[1];
}
compiled and objdumped as:
gcc t57.c -O3 -c && objdump -Dr t57.o
leading to:
0000000000000000 <foo>:
0: f3 0f 1e fa endbr64
4: 8b 05 00 00 00 00 mov 0x0(%rip),%eax # a <foo+0xa>
6: R_X86_64_PC32 arr
a: 89 05 00 00 00 00 mov %eax,0x0(%rip) # 10 <foo+0x10>
c: R_X86_64_PC32 arr-0x4
10: c3 retq
Here we see arr and arr-0x4.
Question: why not arr+0x4 and arr? Where this -0x4 comes from?

Understanding ELF TBSS and TDATA section loading

My elf file's sections are as follows
Size EntSize Flags Link Info Align
[ 0] NULL 0000000000000000 00000000
0000000000000000 0000000000000000 0 0 0
[ 1] .text PROGBITS fffffffff7e020b0 000000b0
0000000000074f50 0000000000000000 AX 0 0 16
[ 2] .rodata PROGBITS fffffffff7e77000 00075000
0000000000014000 0000000000000000 AM 0 0 16
[ 3] .eh_frame_hdr PROGBITS fffffffff7e8b000 00089000
000000000000000c 0000000000000000 A 0 0 4
[ 4] .data PROGBITS fffffffff7e8b010 00089010
0000000000001ff0 0000000000000000 WA 0 0 16
[ 5] .bss NOBITS fffffffff7e8d000 0008b000
0000000000014000 0000000000000000 WA 0 0 4096
[ 6] .got PROGBITS fffffffff7ea1000 0009f000
0000000000001000 0000000000000000 WA 0 0 8
[ 7] .tdata PROGBITS fffffffff7ea2000 000a0000
000000000000b000 0000000000000000 WAT 0 0 8
[ 8] .tbss NOBITS fffffffff7ead000 000ab000
000000000000012a 0000000000000000 WAT 0 0 8
[ 9] .debug_abbrev PROGBITS 0000000000000000 000ab000
000000000001a8d4 0000000000000000 0 0 1
[10] .debug_info PROGBITS 0000000000000000 000c58d4
000000000016c624 0000000000000000 0 0 1
[11] .debug_aranges PROGBITS 0000000000000000 00231ef8
0000000000024130 0000000000000000 0 0 1
[12] .debug_ranges PROGBITS 0000000000000000 00256028
000000000004bfa0 0000000000000000 0 0 1
[13] .debug_str PROGBITS 0000000000000000 002a1fc8
0000000000123ecd 0000000000000001 MS 0 0 1
[14] .debug_pubnames PROGBITS 0000000000000000 003c5e95
000000000005da3c 0000000000000000 0 0 1
[15] .debug_pubtypes PROGBITS 0000000000000000 004238d1
00000000000a1e07 0000000000000000 0 0 1
[16] .debug_frame PROGBITS 0000000000000000 004c56d8
0000000000056c10 0000000000000000 0 0 8
[17] .debug_line PROGBITS 0000000000000000 0051c2e8
00000000000b5c55 0000000000000000 0 0 1
[18] .debug_loc PROGBITS 0000000000000000 005d1f3d
000000000000628c 0000000000000000 0 0 1
[19] .symtab SYMTAB 0000000000000000 005d81d0
0000000000015a20 0000000000000018 21 2565 8
[20] .shstrtab STRTAB 0000000000000000 005edbf0
00000000000000da 0000000000000000 0 0 1
[21] .strtab STRTAB 0000000000000000 005edcca
000000000004783e 0000000000000000 0 0 1
and the program headers are
Elf file type is EXEC (Executable file)
Entry point 0xfffffffff7e39be0
There are 2 program headers, starting at offset 64
Program Headers:
Type Offset VirtAddr PhysAddr
FileSiz MemSiz Flags Align
LOAD 0x0000000000000000 0xfffffffff7e02000 0x0000000000000000
0x00000000000ab000 0x00000000000ab12a RWE 0x1000
TLS 0x00000000000a0000 0xfffffffff7ea2000 0x00000000000a0000
0x000000000000b000 0x000000000000b12a RW 0x8
Section to Segment mapping:
Segment Sections...
00 .text .rodata .eh_frame_hdr .data .bss .got .tdata
01 .tdata .tbss
The TLS section's total size is as expected being the size of tdata + tbss sections.
From the TLS handling document, i expect that tdata and tbss sections will be right before the fs register's pointed value and thus the total size would be 0xb12a.
But one of the variables which use thread_local have an offset of fs - 0xb130 which is outside of the expected TLS size.
I am trying to understand why the variable is not offset to at-most 0xb12a but more than that?

Although the size of TLS here is 0xb12a. The alignment of 0x8 will make the TLS pointer move to 0xb130 which is the address of variable observed here.

How to filter pandas dataframe which contains a mixture of string and float?

Data
{'G1': {0: '1927 (57.83%)',
1: '45.00 [39.00 - 51.00]',
2: '909 (27.28%)',
3: '2029 (60.89%)',
4: '393 (11.79%)',
5: '1 (0.03%)',
6: '577 (17.32%)',
7: '0 (0.00%)',
8: '0 (0.00%)',
9: '2257 (67.74%)',
10: '0 (0.00%)',
11: '0 (0.00%)',
12: '0 (0.00%)',
13: np.nan,
14: '0 (0.00%)',
15: '1019 (30.58%)',
16: '802 (24.07%)',
17: '1091 (32.74%)',
18: '420 (12.61%)',
19: np.nan,
20: '0 (0.00%)',
21: '1433 (43.01%)',
22: '1001 (30.04%)',
23: '898 (26.95%)',
24: '733 (22.00%)',
25: '0 (0.00%)',
26: '0 (0.00%)',
27: '0 (0.00%)',
28: '0 (0.00%)',
29: '0 (0.00%)',
30: '0 (0.00%)',
31: '1177 (35.32%)',
32: '0 (0.00%)',
33: '369 (11.07%)',
34: '1 (0.03%)',
35: '150 (4.50%)',
36: '0 (0.00%)',
37: '0 (0.00%)',
38: '675 (20.26%)',
39: '227 (6.81%)',
40: '0 (0.00%)',
41: np.nan,
42: '0 (0.00%)',
43: '0 (0.00%)',
44: '0 (0.00%)',
45: '0 (0.00%)',
46: '0.08 [0.05 - 0.14]',
47: '0.08 [0.05 - 0.14]',
48: '0.08 [0.05 - 0.13]',
49: '0.08 [0.05 - 0.13]',
50: '0.08 [0.05 - 0.14]',
51: '0.09 [0.05 - 0.14]',
52: '0.08 [0.05 - 0.13]',
53: '0.08 [0.05 - 0.13]',
54: '0.07 [0.04 - 0.13]',
55: '0.07 [0.05 - 0.13]',
56: '3.98 [3.63 - 4.28]',
57: '4.03 [3.73 - 4.33]',
58: '4.00 [3.68 - 4.29]',
59: '4.25 [3.91 - 4.50]',
60: '4.00 [3.64 - 4.29]',
61: '4.00 [3.62 - 4.30]',
62: '4.07 [3.79 - 4.33]',
63: '4.22 [3.92 - 4.52]',
64: '3.92 [3.58 - 4.22]',
65: '4.29 [4.00 - 4.58]',
66: '3.83 [3.50 - 4.17]',
67: '3.92 [3.55 - 4.25]',
68: '4.00 [3.67 - 4.32]',
69: '3.95 [3.63 - 4.24]',
70: '4.00 [3.61 - 4.32]',
71: '1.44 [1.14 - 1.89]'},
'p_value': {0: '0.136',
1: '<0.001',
2: '<0.001',
3: '0.015',
4: '0.132',
5: '0.634',
6: '<0.001',
7: '<0.001',
8: '<0.001',
9: '0.033',
10: '0.605',
11: '<0.001',
12: '<0.001',
13: np.nan,
14: '<0.001',
15: '<0.001',
16: '0.106',
17: '<0.001',
18: '<0.001',
19: np.nan,
20: '<0.001',
21: '<0.001',
22: '<0.001',
23: '<0.001',
24: '<0.001',
25: '<0.001',
26: '0.366',
27: '<0.001',
28: '<0.001',
29: '<0.001',
30: '<0.001',
31: '<0.001',
32: '<0.001',
33: '<0.001',
34: '<0.001',
35: '<0.001',
36: '0.002',
37: '0.221',
38: '<0.001',
39: '<0.001',
40: '<0.001',
41: np.nan,
42: '<0.001',
43: '0.221',
44: '<0.001',
45: '0.081',
46: '0.315',
47: '0.084',
48: '0.170',
49: '0.002',
50: '<0.001',
51: '0.544',
52: '<0.001',
53: '0.011',
54: '0.340',
55: '0.194',
56: '0.366',
57: '0.450',
58: '0.627',
59: '0.851',
60: '0.975',
61: '0.465',
62: '0.047',
63: '0.912',
64: '0.006',
65: '<0.001',
66: '0.220',
67: '0.923',
68: '0.038',
69: '0.610',
70: '0.259',
71: '0.021'}}
How can I filter the data above such that the result contains the p_value of <= 0.05 or equals to '<0.001'?
The result should be something like this

convert the p_value as float type first, then filter with p_value <= 0.05
p_value = df['p_value'].str.strip('<').astype(np.float)
df[p_value <= 0.05]
result:
G1 p_value
1 45.00 [39.00 - 51.00] <0.001
2 909 (27.28%) <0.001
3 2029 (60.89%) 0.015
6 577 (17.32%) <0.001
7 0 (0.00%) <0.001
8 0 (0.00%) <0.001
9 2257 (67.74%) 0.033
11 0 (0.00%) <0.001
12 0 (0.00%) <0.001
14 0 (0.00%) <0.001
15 1019 (30.58%) <0.001
17 1091 (32.74%) <0.001
18 420 (12.61%) <0.001
20 0 (0.00%) <0.001
21 1433 (43.01%) <0.001
22 1001 (30.04%) <0.001
23 898 (26.95%) <0.001
24 733 (22.00%) <0.001
25 0 (0.00%) <0.001
27 0 (0.00%) <0.001
28 0 (0.00%) <0.001
29 0 (0.00%) <0.001
30 0 (0.00%) <0.001
31 1177 (35.32%) <0.001
32 0 (0.00%) <0.001
33 369 (11.07%) <0.001
34 1 (0.03%) <0.001
35 150 (4.50%) <0.001
36 0 (0.00%) 0.002
38 675 (20.26%) <0.001
39 227 (6.81%) <0.001
40 0 (0.00%) <0.001
42 0 (0.00%) <0.001
44 0 (0.00%) <0.001
49 0.08 [0.05 - 0.13] 0.002
50 0.08 [0.05 - 0.14] <0.001
52 0.08 [0.05 - 0.13] <0.001
53 0.08 [0.05 - 0.13] 0.011
62 4.07 [3.79 - 4.33] 0.047
64 3.92 [3.58 - 4.22] 0.006
65 4.29 [4.00 - 4.58] <0.001
68 4.00 [3.67 - 4.32] 0.038
71 1.44 [1.14 - 1.89] 0.021

This could do
df[df.p_value.str.split('\<').str[-1].astype(float).between(0.001,0.05)]
G1 p_value
1 45.00 [39.00 - 51.00] <0.001
2 909 (27.28%) <0.001
3 2029 (60.89%) 0.015
6 577 (17.32%) <0.001
7 0 (0.00%) <0.001
8 0 (0.00%) <0.001
9 2257 (67.74%) 0.033
11 0 (0.00%) <0.001
12 0 (0.00%) <0.001
14 0 (0.00%) <0.001
15 1019 (30.58%) <0.001
17 1091 (32.74%) <0.001
18 420 (12.61%) <0.001
20 0 (0.00%) <0.001
21 1433 (43.01%) <0.001
22 1001 (30.04%) <0.001
23 898 (26.95%) <0.001
24 733 (22.00%) <0.001
25 0 (0.00%) <0.001
27 0 (0.00%) <0.001
28 0 (0.00%) <0.001
29 0 (0.00%) <0.001
30 0 (0.00%) <0.001
31 1177 (35.32%) <0.001
32 0 (0.00%) <0.001
33 369 (11.07%) <0.001
34 1 (0.03%) <0.001
35 150 (4.50%) <0.001
36 0 (0.00%) 0.002
38 675 (20.26%) <0.001
39 227 (6.81%) <0.001
40 0 (0.00%) <0.001
42 0 (0.00%) <0.001
44 0 (0.00%) <0.001
49 0.08 [0.05 - 0.13] 0.002
50 0.08 [0.05 - 0.14] <0.001
52 0.08 [0.05 - 0.13] <0.001
53 0.08 [0.05 - 0.13] 0.011
62 4.07 [3.79 - 4.33] 0.047
64 3.92 [3.58 - 4.22] 0.006
65 4.29 [4.00 - 4.58] <0.001
68 4.00 [3.67 - 4.32] 0.038
71 1.44 [1.14 - 1.89] 0.021

What is the format of special section in ELF

I try to write a program to generate ELF(based on Arm and execute through qemu-arm). Most format in ELF has been well illustrated
on wiki. But I can't find any spec describe the format of special section(e.g. .text .data(especially what I want to know)).
I tried to put some initialized global variable in .data section. What format should I write in ELF(.data section) if I have global statement like: int a = 10;

There is not special format for .text and .data.
When the static linker links several .o file,
it simply concatenates the .text and .data segments (while resolving relocations)
and places them in the final .so or executable file according to the linker script (see gcc -Wl,-verbose /dev/null).
The .data segment simply contains the initial values of the instanciated global variables.
The .text segment simply contains the machine code of the routines/functions.
Let's take this simple C file:
char x[5] = {0xba, 0xbb, 0xbc, 0xbd, 0xbe};
char f(int i) {
return x[i];
}
Let's compile it:
$ gcc -c -o test.o test.c
Let's dump the .data section, using elfcat:
$ elfcat test.o --section-name .data | xxd
00000000: babb bcbd be .....
We can clearly explain the content of .data section.
Let's dump the .text section:
$ elfcat test.o --section-name .text | xxd
00000000: 5548 89e5 897d fc8b 45fc 4898 488d 1500 UH...}..E.H.H...
00000010: 0000 000f b604 105d c3
Let's decompile this:
$ elfcat test.o --section-name .text > test.text
$ r2 -a x86 -b 64 -qc pd test.text
0x00000000 55 push rbp
0x00000001 4889e5 mov rbp, rsp
0x00000004 897dfc mov dword [rbp - 4], edi
0x00000007 8b45fc mov eax, dword [rbp - 4]
0x0000000a 4898 cdqe
0x0000000c 488d15000000. lea rdx, qword [0x00000013] ; 19
0x00000013 0fb60410 movzx eax, byte [rax + rdx]
0x00000017 5d pop rbp
0x00000018 c3 ret
Again, there is nothing special in the text segment: it only contains the machine code of the routines/functions of my program.
Notice however the relocation and symbol informations in other segments:
$ readelf -a test.o
[ ... ]
Relocation section '.rela.text' at offset 0x1b8 contains 1 entry:
Offset Info Type Sym. Value Sym. Name + Addend
00000000000f 000800000002 R_X86_64_PC32 0000000000000000 x - 4
Relocation section '.rela.eh_frame' at offset 0x1d0 contains 1 entry:
Offset Info Type Sym. Value Sym. Name + Addend
000000000020 000200000002 R_X86_64_PC32 0000000000000000 .text + 0
[...]
Symbol table '.symtab' contains 10 entries:
Num: Value Size Type Bind Vis Ndx Name
0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND
1: 0000000000000000 0 FILE LOCAL DEFAULT ABS test.c
2: 0000000000000000 0 SECTION LOCAL DEFAULT 1
3: 0000000000000000 0 SECTION LOCAL DEFAULT 3
4: 0000000000000000 0 SECTION LOCAL DEFAULT 4
5: 0000000000000000 0 SECTION LOCAL DEFAULT 6
6: 0000000000000000 0 SECTION LOCAL DEFAULT 7
7: 0000000000000000 0 SECTION LOCAL DEFAULT 5
8: 0000000000000000 5 OBJECT GLOBAL DEFAULT 3 x
9: 0000000000000000 25 FUNC GLOBAL DEFAULT 1 f

Microsoft Visual Studio 2017 has stopped working - after computer sleep

My visual studio keeps crashing after waking up my computer from sleep.
Spectacular is that sometimes it blocks mouse and keyboard. Mouse moves in a speed of few pixels every 5 seconds, for pressed key on the keyboard you wait like 10 seconds. Highly unusual, because mouse and keyboard have usually the highest priority no matter what happens. With parallelly installed VS2015 and VS2013 there is no problem (therefore I suppose it is not caused by Resharper).
Program and system info:
VS Community 2017, Version 15.2 (26430.12)
Using Resharper Ultimate 2017.1.2
OS: Windows 8.1 Pro, Version 6.3.9600
Edit:
By following the suggestion about writing and reading crash dump by WinDbg I got this error description (memory corruption there is frightening ...). Any further suggestion will be appreciated.
*******************************************************************************
* *
* Exception Analysis *
* *
*******************************************************************************
*** WARNING: Unable to verify checksum for mscorlib.ni.dll
*** WARNING: Unable to verify checksum for PresentationFramework.ni.dll
*** WARNING: Unable to verify checksum for WindowsBase.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.VisualStudio.Shell.15.0.ni.dll
*** WARNING: Unable to verify checksum for System.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.CodeAnalysis.Features.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.CodeAnalysis.Workspaces.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.CodeAnalysis.EditorFeatures.Text.ni.dll
*** WARNING: Unable to verify checksum for Microsoft.Build.ni.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for libleveldb.dll -
*** WARNING: Unable to verify checksum for Microsoft.CodeAnalysis.EditorFeatures.ni.dll
*** WARNING: Unable to verify checksum for System.Runtime.Remoting.ni.dll
DEBUG_FLR_EXCEPTION_CODE(80131509) and the ".exr -1" ExceptionCode(e0434352) don't match
DUMP_CLASS: 2
DUMP_QUALIFIER: 400
CONTEXT: (.ecxr)
eax=55f9e8c0 ebx=00000005 ecx=00000005 edx=00000000 esi=55f9e980 edi=00000001
eip=760f2f71 esp=55f9e8c0 ebp=55f9e918 iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000216
KERNELBASE!RaiseException+0x48:
760f2f71 8b4c2454 mov ecx,dword ptr [esp+54h] ss:002b:55f9e914=ee800b58
Resetting default scope
FAULTING_IP:
KERNELBASE!RaiseException+48
760f2f71 8b4c2454 mov ecx,dword ptr [esp+54h]
EXCEPTION_RECORD: (.exr -1)
ExceptionAddress: 760f2f71 (KERNELBASE!RaiseException+0x00000048)
ExceptionCode: e0434352 (CLR exception)
ExceptionFlags: 00000001
NumberParameters: 5
Parameter[0]: 80131509
Parameter[1]: 00000000
Parameter[2]: 00000000
Parameter[3]: 00000000
Parameter[4]: 715a0000
PROCESS_NAME: devenv.exe
ERROR_CODE: (NTSTATUS) 0xe0434352 -
EXCEPTION_CODE: (HRESULT) 0x80131509 (2148734217) -
EXCEPTION_CODE_STR: 80131509
EXCEPTION_PARAMETER1: 80131509
EXCEPTION_PARAMETER2: 00000000
EXCEPTION_PARAMETER3: 00000000
EXCEPTION_PARAMETER4: 0
WATSON_BKT_PROCSTAMP: 59275f23
WATSON_BKT_PROCVER: 15.0.26430.12
PROCESS_VER_PRODUCT: Microsoft® Visual Studio®
WATSON_BKT_MODULE: KERNELBASE.dll
WATSON_BKT_MODSTAMP: 53eeb460
WATSON_BKT_MODOFFSET: 12f71
WATSON_BKT_MODVER: 6.3.9600.17278
MODULE_VER_PRODUCT: Microsoft® Windows® Operating System
BUILD_VERSION_STRING: 6.3.9600.17056 (winblue_gdr.140319-1520)
DETOURED_IMAGE: 1
MODLIST_WITH_TSCHKSUM_HASH: fb123f85e82dc66a6aaa47baaf54a8d6c688d06a
MODLIST_SHA1_HASH: 5d338567fc7fda41c0d3a856681d67a8a2273337
NTGLOBALFLAG: 0
PROCESS_BAM_CURRENT_THROTTLED: 0
PROCESS_BAM_PREVIOUS_THROTTLED: 0
APPLICATION_VERIFIER_FLAGS: 0
CHKIMG_EXTENSION: !chkimg -lo 50 -d !KERNELBASE
760ed598-760ed59c 5 bytes - KERNELBASE!GetModuleHandleW
[ 8b ff 55 8b ec:e9 20 3c 57 eb ]
760edbce-760edbd2 5 bytes - KERNELBASE!GetModuleHandleExW (+0x636)
[ 8b ff 55 8b ec:e9 41 34 57 eb ]
760f1bc6-760f1bca 5 bytes - KERNELBASE!RegCloseKey (+0x3ff8)
[ 8b ff 55 8b ec:e9 84 47 94 8a ]
760f213e-760f2142 5 bytes - KERNELBASE!RegQueryValueExW (+0x578)
[ 8b ff 55 8b ec:e9 8c 42 94 8a ]
760f2441-760f2445 5 bytes - KERNELBASE!RegOpenKeyExW (+0x303)
[ 8b ff 55 8b ec:e9 2d 3a 94 8a ]
760f30c6-760f30ca 5 bytes - KERNELBASE!FreeLibrary (+0xc85)
[ 8b ff 55 8b ec:e9 9c e1 56 eb ]
760f30f4-760f30f8 5 bytes - KERNELBASE!LoadLibraryExW (+0x2e)
[ 8b ff 55 8b ec:e9 52 e4 56 eb ]
760f772e-760f7732 5 bytes - KERNELBASE!RegOpenKeyExA (+0x463a)
[ 8b ff 55 8b ec:e9 e8 f1 93 8a ]
760f7e99-760f7e9d 5 bytes - KERNELBASE!RegQueryValueExA (+0x76b)
[ 8b ff 55 8b ec:e9 1c ea 93 8a ]
760fa5b1-760fa5b5 5 bytes - KERNELBASE!RegCreateKeyExW (+0x2718)
[ 8b ff 55 8b ec:e9 45 c4 93 8a ]
760fe5b7-760fe5bb 5 bytes - KERNELBASE!RegCreateKeyExA (+0x4006)
[ 8b ff 55 8b ec:e9 75 e7 93 8a ]
76100273-76100279 7 bytes - KERNELBASE!RegQueryInfoKeyW (+0x1cbc)
[ 6a 48 68 d0 03 10 76:e9 2d 65 93 8a cc cc ]
7610049e-761004a4 7 bytes - KERNELBASE!RegDeleteValueW (+0x22b)
[ 6a 20 68 28 05 10 76:e9 e6 83 93 8a cc cc ]
76100fd0-76100fd6 7 bytes - KERNELBASE!RegEnumValueW (+0xb32)
[ 6a 38 68 f8 10 10 76:e9 7d 58 93 8a cc cc ]
76102ad4-76102ad8 5 bytes - KERNELBASE!RegEnumKeyExA (+0x1b04)
[ 68 58 02 00 00:e9 09 6e 93 8a ]
76106c9a-76106c9e 5 bytes - KERNELBASE!RegEnumKeyExW (+0x41c6)
[ 8b ff 55 8b ec:e9 45 fb 92 8a ]
7610b27e-7610b284 7 bytes - KERNELBASE!RegEnumValueA (+0x45e4)
[ 6a 60 68 08 b5 10 76:e9 21 fe 96 8a cc cc ]
7611f3f4-7611f3fa 7 bytes - KERNELBASE!RegQueryInfoKeyA (+0x14176)
[ 6a 60 68 88 f5 11 76:e9 1b bd 95 8a cc cc ]
7612107a-7612107e 5 bytes - KERNELBASE!RegDeleteKeyExW (+0x1c86)
[ 8b ff 55 8b ec:e9 5f 66 91 8a ]
7612489c-761248a2 7 bytes - KERNELBASE!RegDeleteValueA (+0x3822)
[ 6a 20 68 30 49 12 76:e9 c6 67 95 8a cc cc ]
7617240a-7617240e 5 bytes - KERNELBASE!RegDeleteKeyExA (+0x4db6e)
[ 8b ff 55 8b ec:e9 ed 8b 90 8a ]
117 errors : !KERNELBASE (760ed598-7617240e)
PRODUCT_TYPE: 1
SUITE_MASK: 272
DUMP_FLAGS: 8000c07
DUMP_TYPE: 3
MISSING_CLR_SYMBOL: 0
MANAGED_EXCEPTION_HRESULT: 80131509
ANALYSIS_SESSION_HOST: KOMP
ANALYSIS_SESSION_TIME: 06-11-2017 08:17:44.0657
ANALYSIS_VERSION: 10.0.15063.400 x86fre
MANAGED_CODE: 1
MANAGED_ENGINE_MODULE: clr
MANAGED_ANALYSIS_PROVIDER: SOS
MANAGED_THREAD_ID: c44
MANAGED_EXCEPTION_ADDRESS: 905fdb68
LAST_CONTROL_TRANSFER: from 716f0245 to 760f2f71
THREAD_ATTRIBUTES:
FAULTING_THREAD: ffffffff
THREAD_SHA1_HASH_MOD_FUNC: 8b084063f74c10f14fd5a9c68991db600ea504a6
THREAD_SHA1_HASH_MOD_FUNC_OFFSET: ba90ca3a69862e0865ec0206bec2d1add0fdbffe
ADDITIONAL_DEBUG_TEXT: SOS.DLL is not loaded for managed code. Analysis might be incomplete ; Followup set based on attribute [Is_ChosenCrashFollowupThread] from Frame:[0] on thread:[PSEUDO_THREAD]
OS_LOCALE: ENU
PROBLEM_CLASSES:
ID: [0n237]
Type: [CLR_EXCEPTION]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [0xc44]
Frame: [0] : KERNELBASE!RaiseException
ID: [0n235]
Type: [#ManagedObjectName]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Omit
Data: Add
String: [System.InvalidOperationException]
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
ID: [0n203]
Type: [MEMORY_CORRUPTION]
Class: Primary
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x988]
TID: [0xc44]
Frame: [Unspecified]
ID: [0n151]
Type: [PATCH]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [0x988]
TID: [0xc44]
Frame: [Unspecified]
ID: [0n234]
Type: [NOSOS]
Class: Addendum
Scope: DEFAULT_BUCKET_ID (Failure Bucket ID prefix)
BUCKET_ID
Name: Add
Data: Omit
PID: [Unspecified]
TID: [Unspecified]
Frame: [0]
BUGCHECK_STR: CLR_EXCEPTION_System.InvalidOperationException_NOSOS_MEMORY_CORRUPTION_PATCH
DEFAULT_BUCKET_ID: CLR_EXCEPTION_System.InvalidOperationException_NOSOS_MEMORY_CORRUPTION_PATCH
PRIMARY_PROBLEM_CLASS: CLR_EXCEPTION
STACK_TEXT:
00000000 00000000 memory_corruption!KERNELBASE+0x0
STACK_COMMAND: !sos.pe 0x905fdb68 ; ** Pseudo Context ** ; kb
THREAD_SHA1_HASH_MOD: 7da7fbec386ce361a40d03d69a994bc4836f03e8
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: memory_corruption!KERNELBASE
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: memory_corruption
DEBUG_FLR_IMAGE_TIMESTAMP: 0
FAILURE_BUCKET_ID: CLR_EXCEPTION_System.InvalidOperationException_NOSOS_MEMORY_CORRUPTION_PATCH_80131509_memory_corruption!KERNELBASE
BUCKET_ID: CLR_EXCEPTION_System.InvalidOperationException_NOSOS_MEMORY_CORRUPTION_PATCH_DETOURED_memory_corruption!KERNELBASE
FAILURE_EXCEPTION_CODE: 80131509
IMAGE_NAME: memory_corruption
FAILURE_IMAGE_NAME: memory_corruption
BUCKET_ID_IMAGE_STR: memory_corruption
FAILURE_MODULE_NAME: memory_corruption
BUCKET_ID_MODULE_STR: memory_corruption
FAILURE_FUNCTION_NAME: KERNELBASE
BUCKET_ID_FUNCTION_STR: KERNELBASE
BUCKET_ID_OFFSET: 0
BUCKET_ID_MODTIMEDATESTAMP: 0
BUCKET_ID_MODCHECKSUM: 0
BUCKET_ID_MODVER_STR: 0.0.0.0
BUCKET_ID_PREFIX_STR: CLR_EXCEPTION_System.InvalidOperationException_NOSOS_
FAILURE_PROBLEM_CLASS: CLR_EXCEPTION
FAILURE_SYMBOL_NAME: memory_corruption!KERNELBASE
WATSON_STAGEONE_URL: http://watson.microsoft.com/StageOne/devenv.exe/15.0.26430.12/59275f23/KERNELBASE.dll/6.3.9600.17278/53eeb460/80131509/00012f71.htm?Retriage=1
TARGET_TIME: 2017-06-10T19:22:40.000Z
OSBUILD: 9600
OSSERVICEPACK: 17056
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
OSPLATFORM_TYPE: x86
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt SingleUserTS
USER_LCID: 0
OSBUILD_TIMESTAMP: 2014-03-20 00:55:24
BUILDDATESTAMP_STR: 140319-1520
BUILDLAB_STR: winblue_gdr
BUILDOSVER_STR: 6.3.9600.17056
ANALYSIS_SESSION_ELAPSED_TIME: 9ad5
ANALYSIS_SOURCE: UM
FAILURE_ID_HASH_STRING: um:clr_exception_system.invalidoperationexception_nosos_memory_corruption_patch_80131509_memory_corruption!kernelbase
FAILURE_ID_HASH: {1100017e-170d-400c-940f-f475e873df74}
Followup: MachineOwner
---------