My linux-3.0 kernel was panicking saying ERROR: Failed to allocate 0x1000 bytes below 0x0. while booting. So I changed the bootargs and added a boot parameter mem = 16M. Now it boots fine but it takes a lot of time to boot. I have tried with higher mem value also but it does not work. Below are the logs:
`Machine: KZM9D
arm_add_memory: 0 0x40000000 0x1000000
Memory policy: ECC disabled, Data cache writealloc
bootmem_init: max_low=0x266240, max_high=0x266240
<6>Section 8256 and 8250 (node 0)<c> have a circular dependency on usemap and pgdat allocations
<7>On node 0 totalpages: 0
<7>On node 1 totalpages: 0
<7>On node 2 totalpages: 0
<7>On node 3 totalpages: 0
<7>On node 4 totalpages: 0
<7>On node 5 totalpages: 0
<7>On node 6 totalpages: 0
<7>On node 7 totalpages: 0
high_memory: e0000000
Zone PFN ranges:
Normal 0x00040000 -> 0x00041000
Movable zone start PFN for each node
early_node_map[1] active PFN ranges
0: 0x00040000 -> 0x00041000
<7>On node 0 totalpages: 4096
<7> Normal zone: 36 pages used for memmap
<7> Normal zone: 0 pages reserved
<7> Normal zone: 4060 pages, LIFO batch:0
<6>boottime: reserved memory at 0x40002000 size 0x2000
mm_init_owner
<6>PERCPU: Embedded 8 pages/cpu #c087f000 s9824 r8192 d14752 u32768
<7>pcpu-alloc: s9824 r8192 d14752 u32768 alloc=8*4096
<7>pcpu-alloc: [0] 0 [0] 1
build_all_zonelists
Built 1 zonelists in Node order, mobility grouping on. Total pages: 4060
Policy zone: Normal
page_alloc_init
<5>Kernel command line: console=ttyS1,115200n8 root=/dev/nfs ip=9.8.7.6 nfsroot=1.2.3.7:/tftpboot/arm/ rootwait rw mem=16M
parse_early_param
<6>PID hash table entries: 64 (order: -4, 256 bytes)
<6>Dentry cache hash table entries: 2048 (order: 2, 24576 bytes)
<6>Inode-cache hash table entries: 1024 (order: 0, 4096 bytes)
<6>Memory: 16MB = 16MB total
<5>Memory: 7824k/7824k available, 8560k reserved, 0K highmem
<5>Virtual kernel memory layout:
vector : 0xffff0000 - 0xffff1000 ( 4 kB)
fixmap : 0xfff00000 - 0xfffe0000 ( 896 kB)
DMA : 0xffc00000 - 0xffe00000 ( 2 MB)
vmalloc : 0xe0800000 - 0xf0000000 ( 248 MB)
lowmem : 0xc0000000 - 0xe0000000 ( 512 MB)
modules : 0xbf000000 - 0xc0000000 ( 16 MB)
.text : 0xc0008000 - 0xc0704024 (7153 kB)
.init : 0xc0705000 - 0xc0740660 ( 238 kB)
.data : 0xc0742000 - 0xc078dc18 ( 304 kB)
.bss : 0xc078dc18 - 0xc07f2950 ( 404 kB)
<6>Preemptible hierarchical RCU implementation.
<6>NR_IRQS:374`
Related
Trying to determine the amount of executable free space within a process.
For example, the chrome.exe process with its loaded DLL's has 236,105 bytes available.
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ---> Free space: 331 bytes
C:\WINDOWS\SYSTEM32\ntdll.dll ---> Free space: 818 bytes
C:\WINDOWS\System32\KERNEL32.DLL ---> Free space: 4067 bytes
C:\WINDOWS\System32\KERNELBASE.dll ---> Free space: 2951 bytes
C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\chrome_elf.dll ---> Free space: 318 bytes
C:\WINDOWS\SYSTEM32\VERSION.dll ---> Free space: 1456 bytes
C:\WINDOWS\System32\msvcrt.dll ---> Free space: 2513 bytes
C:\WINDOWS\System32\ADVAPI32.dll ---> Free space: 153 bytes
C:\WINDOWS\System32\sechost.dll ---> Free space: 979 bytes
C:\WINDOWS\System32\RPCRT4.dll ---> Free space: 1397 bytes
C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL ---> Free space: 1789 bytes
C:\WINDOWS\System32\bcryptPrimitives.dll ---> Free space: 2612 bytes
C:\WINDOWS\system32\ntmarta.dll ---> Free space: 416 bytes
C:\WINDOWS\System32\ucrtbase.dll ---> Free space: 2715 bytes
C:\WINDOWS\System32\SHELL32.dll ---> Free space: 2011 bytes
C:\WINDOWS\System32\msvcp_win.dll ---> Free space: 382 bytes
C:\WINDOWS\System32\USER32.dll ---> Free space: 1754 bytes
C:\WINDOWS\System32\win32u.dll ---> Free space: 1450 bytes
C:\WINDOWS\System32\GDI32.dll ---> Free space: 3799 bytes
C:\WINDOWS\System32\gdi32full.dll ---> Free space: 2442 bytes
C:\WINDOWS\System32\IMM32.DLL ---> Free space: 3066 bytes
C:\WINDOWS\SYSTEM32\windows.storage.dll ---> Free space: 1507 bytes
C:\WINDOWS\System32\combase.dll ---> Free space: 2548 bytes
C:\WINDOWS\SYSTEM32\wintypes.dll ---> Free space: 3462 bytes
C:\WINDOWS\System32\SHCORE.dll ---> Free space: 1390 bytes
C:\WINDOWS\System32\shlwapi.dll ---> Free space: 3171 bytes
C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\chrome.dll ---> Free space: 112 bytes
C:\WINDOWS\System32\OLEAUT32.dll ---> Free space: 2177 bytes
C:\WINDOWS\System32\WS2_32.dll ---> Free space: 1488 bytes
C:\WINDOWS\System32\WINTRUST.dll ---> Free space: 3277 bytes
C:\WINDOWS\System32\CRYPT32.dll ---> Free space: 2225 bytes
C:\WINDOWS\SYSTEM32\WINMM.dll ---> Free space: 345 bytes
C:\WINDOWS\SYSTEM32\dbghelp.dll ---> Free space: 1112 bytes
C:\WINDOWS\SYSTEM32\IPHLPAPI.DLL ---> Free space: 1915 bytes
C:\WINDOWS\SYSTEM32\USERENV.dll ---> Free space: 3232 bytes
C:\WINDOWS\SYSTEM32\Secur32.dll ---> Free space: 3651 bytes
C:\WINDOWS\SYSTEM32\UIAutomationCore.DLL ---> Free space: 1286 bytes
C:\WINDOWS\SYSTEM32\WINHTTP.dll ---> Free space: 2313 bytes
C:\WINDOWS\SYSTEM32\DWrite.dll ---> Free space: 2475 bytes
C:\WINDOWS\SYSTEM32\WINSPOOL.DRV ---> Free space: 982 bytes
C:\WINDOWS\SYSTEM32\dhcpcsvc.DLL ---> Free space: 2241 bytes
C:\WINDOWS\SYSTEM32\SSPICLI.DLL ---> Free space: 3889 bytes
C:\WINDOWS\System32\MSASN1.dll ---> Free space: 1607 bytes
C:\WINDOWS\system32\uxtheme.dll ---> Free space: 2272 bytes
C:\WINDOWS\SYSTEM32\gpapi.dll ---> Free space: 77 bytes
C:\WINDOWS\SYSTEM32\wkscli.dll ---> Free space: 3885 bytes
C:\WINDOWS\SYSTEM32\netutils.dll ---> Free space: 1998 bytes
C:\WINDOWS\System32\profapi.dll ---> Free space: 2005 bytes
C:\WINDOWS\System32\ole32.dll ---> Free space: 3835 bytes
C:\WINDOWS\SYSTEM32\kernel.appcore.dll ---> Free space: 3242 bytes
C:\WINDOWS\System32\MSCTF.dll ---> Free space: 831 bytes
C:\WINDOWS\SYSTEM32\powrprof.dll ---> Free space: 516 bytes
C:\WINDOWS\SYSTEM32\UMPDC.dll ---> Free space: 2732 bytes
C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22621.608_none_a9444ca7c10bb01d\COMCTL32.dll ---> Free space: 906 bytes
C:\WINDOWS\System32\DPAPI.dll ---> Free space: 2906 bytes
C:\WINDOWS\system32\nlansp_c.dll ---> Free space: 3021 bytes
C:\WINDOWS\System32\NSI.dll ---> Free space: 522 bytes
C:\WINDOWS\SYSTEM32\dhcpcsvc6.DLL ---> Free space: 950 bytes
C:\WINDOWS\SYSTEM32\DNSAPI.dll ---> Free space: 4070 bytes
C:\WINDOWS\System32\clbcatq.dll ---> Free space: 2980 bytes
C:\WINDOWS\SYSTEM32\textinputframework.dll ---> Free space: 2081 bytes
C:\Windows\System32\Windows.UI.dll ---> Free space: 2690 bytes
C:\WINDOWS\SYSTEM32\WTSAPI32.dll ---> Free space: 3071 bytes
C:\WINDOWS\SYSTEM32\mscms.dll ---> Free space: 176 bytes
C:\WINDOWS\SYSTEM32\WINSTA.dll ---> Free space: 3879 bytes
C:\WINDOWS\System32\SETUPAPI.dll ---> Free space: 1656 bytes
C:\WINDOWS\SYSTEM32\DEVOBJ.dll ---> Free space: 1043 bytes
C:\WINDOWS\SYSTEM32\cfgmgr32.dll ---> Free space: 2106 bytes
C:\WINDOWS\System32\MMDevApi.dll ---> Free space: 152 bytes
C:\Windows\System32\wpnapps.dll ---> Free space: 1320 bytes
C:\Windows\System32\OneCoreUAPCommonProxyStub.dll ---> Free space: 147 bytes
C:\Windows\System32\FirewallAPI.dll ---> Free space: 3741 bytes
C:\Windows\System32\fwbase.dll ---> Free space: 3686 bytes
C:\WINDOWS\SYSTEM32\PROPSYS.dll ---> Free space: 502 bytes
C:\WINDOWS\SYSTEM32\LINKINFO.dll ---> Free space: 1837 bytes
C:\WINDOWS\system32\twinapi.dll ---> Free space: 406 bytes
C:\WINDOWS\system32\dataexchange.dll ---> Free space: 1487 bytes
C:\WINDOWS\system32\twinapi.appcore.dll ---> Free space: 1915 bytes
C:\WINDOWS\SYSTEM32\dwmapi.dll ---> Free space: 2035 bytes
C:\Windows\System32\Windows.Media.dll ---> Free space: 3790 bytes
C:\WINDOWS\SYSTEM32\atlthunk.dll ---> Free space: 1317 bytes
C:\WINDOWS\SYSTEM32\OLEACC.dll ---> Free space: 1106 bytes
C:\WINDOWS\system32\directmanipulation.dll ---> Free space: 2731 bytes
C:\WINDOWS\SYSTEM32\CoreMessaging.dll ---> Free space: 655 bytes
C:\WINDOWS\SYSTEM32\CoreUIComponents.dll ---> Free space: 125 bytes
C:\WINDOWS\System32\CRYPTSP.dll ---> Free space: 1636 bytes
C:\WINDOWS\system32\rsaenh.dll ---> Free space: 4062 bytes
C:\Windows\System32\Windows.System.Launcher.dll ---> Free space: 786 bytes
C:\Windows\System32\msvcp110_win.dll ---> Free space: 580 bytes
C:\WINDOWS\SYSTEM32\windows.staterepositorycore.dll ---> Free space: 902 bytes
C:\WINDOWS\system32\explorerframe.dll ---> Free space: 74 bytes
C:\WINDOWS\system32\mswsock.dll ---> Free space: 2290 bytes
C:\WINDOWS\SYSTEM32\sxs.dll ---> Free space: 2578 bytes
C:\WINDOWS\SYSTEM32\wlanapi.dll ---> Free space: 405 bytes
C:\WINDOWS\SYSTEM32\MobileNetworking.dll ---> Free space: 3530 bytes
C:\Windows\System32\Windows.Devices.Radios.dll ---> Free space: 1869 bytes
C:\Program Files (x86)\Google\Chrome\Application\109.0.5414.120\optimization_guide_internal.dll ---> Free space: 287 bytes
C:\Windows\System32\DevDispItemProvider.dll ---> Free space: 2760 bytes
C:\WINDOWS\SYSTEM32\ncrypt.dll ---> Free space: 3045 bytes
C:\WINDOWS\SYSTEM32\NTASN1.dll ---> Free space: 3067 bytes
C:\WINDOWS\SYSTEM32\bcrypt.dll ---> Free space: 1319 bytes
C:\WINDOWS\system32\PCPKsp.dll ---> Free space: 951 bytes
C:\WINDOWS\SYSTEM32\tbs.dll ---> Free space: 2259 bytes
C:\WINDOWS\System32\Speech\Common\sapi.dll ---> Free space: 3428 bytes
C:\WINDOWS\System32\WTDSENSOR.dll ---> Free space: 1488 bytes
C:\Windows\System32\Windows.Media.MediaControl.dll ---> Free space: 2711 bytes
C:\WINDOWS\system32\windowscodecs.dll ---> Free space: 1830 bytes
C:\WINDOWS\SYSTEM32\edputil.dll ---> Free space: 3234 bytes
C:\Windows\System32\Windows.Security.Credentials.UI.UserConsentVerifier.dll ---> Free space: 804 bytes
C:\Windows\System32\cryptngc.dll ---> Free space: 1633 bytes
C:\WINDOWS\SYSTEM32\apphelp.dll ---> Free space: 3107 bytes
C:\WINDOWS\system32\NetworkExplorer.dll ---> Free space: 3241 bytes
C:\WINDOWS\SYSTEM32\ntshrui.dll ---> Free space: 1964 bytes
C:\WINDOWS\SYSTEM32\srvcli.dll ---> Free space: 2209 bytes
C:\WINDOWS\SYSTEM32\cscapi.dll ---> Free space: 1654 bytes
C:\WINDOWS\SYSTEM32\policymanager.dll ---> Free space: 1842 bytes
C:\Windows\System32\TaskFlowDataEngine.dll ---> Free space: 112 bytes
C:\Windows\System32\MsSpellCheckingFacility.dll ---> Free space: 1077 bytes
C:\Windows\System32\Bcp47Langs.dll ---> Free space: 1964 bytes
C:\Windows\System32\Windows.Devices.Sensors.dll ---> Free space: 1652 bytes
C:\Windows\System32\BiWinrt.dll ---> Free space: 706 bytes
C:\Windows\System32\BitsProxy.dll ---> Free space: 2131 bytes
C:\WINDOWS\SYSTEM32\webauthn.dll ---> Free space: 2692 bytes
Total Free Space: 236105 bytes
The output was produced by this code
#include <windows.h>
#include <psapi.h>
#include <tchar.h>
#include <stdio.h>
#include <intrin.h>
#include <math.h>
int total_free_space = 0;
int ModuleFreeSpace(const char* file_path) {
HANDLE hFile = CreateFileA(file_path, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
printf("Could not open file %s\n", file_path);
return 1;
}
HANDLE hFileMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, NULL);
if (hFileMapping == NULL) {
printf("Could not create file mapping for %s\n", file_path);
CloseHandle(hFile);
return 1;
}
LPVOID lpFileBase = MapViewOfFile(hFileMapping, FILE_MAP_READ, 0, 0, 0);
if (lpFileBase == NULL) {
printf("Could not map view of file for %s\n", file_path);
CloseHandle(hFileMapping);
CloseHandle(hFile);
return 1;
}
PIMAGE_DOS_HEADER dos_header = (PIMAGE_DOS_HEADER)lpFileBase;
PIMAGE_NT_HEADERS nt_headers = (PIMAGE_NT_HEADERS)((LPBYTE)lpFileBase + dos_header->e_lfanew);
PIMAGE_SECTION_HEADER section_header = IMAGE_FIRST_SECTION(nt_headers);
for (int i = 0; i < nt_headers->FileHeader.NumberOfSections; i++, section_header++) {
if (strcmp((char*)section_header->Name, ".text") == 0) {
DWORD section_size = section_header->Misc.VirtualSize;
DWORD section_used_space = section_header->SizeOfRawData;
DWORD section_free_space = section_size - section_used_space;
total_free_space += abs((int)section_free_space);
printf("Free space: %d bytes\n", abs((int)section_free_space));
//LPVOID start_address = (LPVOID)((LPBYTE)lpFileBase + section_header->VirtualAddress + section_used_space);
//printf("Start address of free space: %p\n", start_address);
break;
}
}
UnmapViewOfFile(lpFileBase);
CloseHandle(hFileMapping);
CloseHandle(hFile);
}
void ListProcessModules(DWORD dwPID) {
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, dwPID);
if (NULL == hProcess) {
_tprintf(TEXT("\n[ERROR] Could not open process (pid: %d)\n"), dwPID);
return;
}
if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded)) {
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) {
CHAR szModName[MAX_PATH];
if (GetModuleFileNameExA(hProcess, hMods[i], szModName,
sizeof(szModName) / sizeof(CHAR))) {
printf("%s ---> ", szModName);
ModuleFreeSpace(szModName);
}
}
}
CloseHandle(hProcess);
}
int main(int argc, char* argv[]) {
// Get the target PID
if (argc < 2) {
printf("Usage: %s <target PID>\n", argv[0]);
return 1;
}
DWORD targetPID = atoi(argv[1]);
ListProcessModules(targetPID);
printf("Total Free Space: %d bytes\n", total_free_space);
return 0;
}
Question
Is it possible to inject large shellcode into a process using some kind of jump/call chaining between these various executable free spaces in memory?
I have implemented my own device mapper target and I am able to create a mapped device with dmsetup create command.
The problem is that the sector size for this device becomes the default 512 bytes, and I would like to change it to 4096 bytes similar to dm-verity targets.
For instance, below is the sector size for a dm-verity device, and fdisk reports 4096 bytes:
$sudo fdisk -l /dev/mapper/dmv
Disk /dev/mapper/dmv: 8 KiB, 8192 bytes, 2 sectors
Units: sectors of 1 * 4096 = 4096 bytes
Sector size (logical/physical): 4096 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Below is the sector size for my own target, and fdisk reports 512 bytes:
sudo fdisk -l /dev/mapper/my-target
Disk /dev/mapper/my-target: 8 KiB, 8192 bytes, 16 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
How can I set the sector size for my own device mapper target? I couldn't find where this is done in libdevmapper or cryptsetup source for the dm-verity case.
Cheers!
Problem:
I need to install Qt Creator for my university course on my mac and it doesn't open. I've tried reinstalling different versions a lot of times but it gives me a Segmentation Fault everytime.
Everything else is updated to the latest Version and i don't know what to try anymore.
Any tips and solutions would be appreciated.
This is one of the error messages:
DebuggerItem \"/Applications/Xcode.app/Contents/Developer/usr/bin/lldb\" ({8999bbd1-bcb9-4fd1-843a-47fec36eb8b6}) read from \"/Users/Samy/.config/QtProject/qtcreator/debuggers.xml\" dropped since the command is not executable."
zsh: segmentation fault /Applications/Qt\ Creator.app/Contents/MacOS/Qt\ Creator
Here is the Report if I try opening the App:
Process: Qt Creator [54924]
Path: /Applications/Qt Creator.app/Contents/MacOS/Qt Creator
Identifier: org.qt-project.qtcreator
Version: 4.11.0 (4.11.0)
Code Type: X86-64 (Native)
Parent Process: ??? [1]
Responsible: Qt Creator [54924]
User ID: 501
Date/Time: 2020-01-08 22:12:42.699 +0100
OS Version: Mac OS X 10.15 (19A602)
Report Version: 12
Anonymous UUID: 103F9158-D5E0-F1B8-BA89-222AB7C6F587
Sleep/Wake UUID: 3FB53B09-90D6-4FB8-AB3A-2D663E75701E
Time Awake Since Boot: 170000 seconds
Time Since Wake: 15000 seconds
System Integrity Protection: enabled
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [54924]
VM Regions Near 0:
-->
__TEXT 000000010d082000-000000010d096000 [ 80K] r-x/rwx SM=COW /Applications/Qt Creator.app/Contents/MacOS/Qt Creator
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 libUtils.4.11.0.dylib 0x000000010d1ab7b0 QtPrivate::QFunctorSlotObject<Utils::FancyMainWindowPrivate::FancyMainWindowPrivate(Utils::FancyMainWindow*)::$_2, 1, QtPrivate::List<bool>, void>::impl(int, QtPrivate::QSlotObjectBase*, QObject*, void**, bool*) + 48
1 org.qt-project.QtCore 0x000000010e3369b5 0x10e10f000 + 2259381
2 org.qt-project.QtWidgets 0x000000010d3f040e QAction::setChecked(bool) + 174
3 libDebugger.dylib 0x0000000114a1a2ef Utils::DebuggerMainWindow::restorePersistentSettings() + 1151
4 libDebugger.dylib 0x0000000114a19c5d Utils::DebuggerMainWindow::DebuggerMainWindow() + 925
5 libDebugger.dylib 0x0000000114a218fb Utils::Perspective::Perspective(QString const&, QString const&, QString const&, QString const&) + 267
6 libDebugger.dylib 0x0000000114a24d25 Debugger::Internal::DebuggerPluginPrivate::DebuggerPluginPrivate(QStringList const&) + 1781
7 libDebugger.dylib 0x0000000114a36747 Debugger::Internal::DebuggerPlugin::initialize(QStringList const&, QString*) + 39
8 libExtensionSystem.4.11.0.dylib 0x000000010d0cbecb ExtensionSystem::Internal::PluginSpecPrivate::initializePlugin() + 107
9 libExtensionSystem.4.11.0.dylib 0x000000010d0be6a0 ExtensionSystem::Internal::PluginManagerPrivate::loadPlugin(ExtensionSystem::PluginSpec*, ExtensionSystem::PluginSpec::State) + 656
10 libExtensionSystem.4.11.0.dylib 0x000000010d0b6f90 ExtensionSystem::Internal::PluginManagerPrivate::loadPlugins() + 592
11 org.qt-project.qtcreator 0x000000010d08de28 main + 14520
12 libdyld.dylib 0x00007fff6e91b405 start + 1
Thread 1:
0 libsystem_pthread.dylib 0x00007fff6eb245b4 start_wqthread + 0
Thread 2:
0 libsystem_pthread.dylib 0x00007fff6eb245b4 start_wqthread + 0
Thread 3:
0 libsystem_pthread.dylib 0x00007fff6eb245b4 start_wqthread + 0
Thread 4:
0 libsystem_pthread.dylib 0x00007fff6eb245b4 start_wqthread + 0
Thread 5:
0 libsystem_pthread.dylib 0x00007fff6eb245b4 start_wqthread + 0
Thread 6:: com.apple.CFSocket.private
0 libsystem_kernel.dylib 0x00007fff6ea6b7c6 __select + 10
1 com.apple.CoreFoundation 0x00007fff3764a92a __CFSocketManager + 632
2 libsystem_pthread.dylib 0x00007fff6eb27d76 _pthread_start + 125
3 libsystem_pthread.dylib 0x00007fff6eb245d7 thread_start + 15
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x0000000000000000 rbx: 0x0000000000000000 rcx: 0x00007ffee2b7cf50 rdx: 0x0000600000d5a3c0
rdi: 0x0000000000000000 rsi: 0x000060000184bba0 rbp: 0x00007ffee2b7ce70 rsp: 0x00007ffee2b7ce60
r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x000000011c7d7be0 r11: 0x000000010d5461d0
r12: 0x0000600003c9bea0 r13: 0x000000011c805d40 r14: 0x0000000000000001 r15: 0x0000600000d5a3c0
rip: 0x000000010d1ab7b0 rfl: 0x0000000000010246 cr2: 0x0000000000000000
Logical CPU: 2
Error Code: 0x00000004 (no mapping for user data write)
Trap Number: 14
[Number jibberish]`enter code here`
External Modification Summary:
Calls made by other processes targeting this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by this process:
task_for_pid: 0
thread_create: 0
thread_set_state: 0
Calls made by all processes on this machine:
task_for_pid: 114998
thread_create: 0
thread_set_state: 0
VM Region Summary:
ReadOnly portion of Libraries: Total=780.0M resident=0K(0%) swapped_out_or_unallocated=780.0M(100%)
Writable regions: Total=573.9M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=573.9M(100%)
VIRTUAL REGION
REGION TYPE SIZE COUNT (non-coalesced)
=========== ======= =======
Accelerate framework 128K 1
Activity Tracing 256K 1
CG backing stores 248K 2
CoreImage 8K 2
CoreUI image data 72K 1
JS VM register file 4360K 4
JS VM register file (reserved) 2040K 1 reserved VM address space (unallocated)
Kernel Alloc Once 8K 1
MALLOC 167.2M 43
MALLOC guard page 16K 4
MALLOC_NANO (reserved) 384.0M 1 reserved VM address space (unallocated)
STACK GUARD 56.0M 7
Stack 11.0M 7
VM_ALLOCATE 132K 9
WebAssembly memory 4096K 1
__DATA 39.4M 428
__DATA_CONST 41K 3
__FONT_DATA 4K 1
__GLSLBUILTINS 5176K 1
__LINKEDIT 382.9M 106
__OBJC_RO 31.8M 1
__OBJC_RW 1764K 2
__TEXT 397.2M 410
__UNICODE 564K 1
mapped file 332.3M 43
shared memory 640K 15
=========== ======= =======
TOTAL 1.8G 1096
TOTAL, minus reserved VM space 1.4G 1096
Model: MacBookAir7,2, BootROM 190.0.0.0.0, 2 processors, Dual-Core Intel Core i5, 1,6 GHz, 8 GB, SMC 2.27f2
Graphics: kHW_IntelHDGraphics6000Item, Intel HD Graphics 6000, spdisplays_builtin
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1600 MHz, 0x02FE, -
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1600 MHz, 0x02FE, -
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x117), Broadcom BCM43xx 1.0 (7.77.105.1 AirPortDriverBrcmNIC-1429)
Bluetooth: Version 7.0.0f8, 3 services, 18 devices, 1 incoming serial ports
Network Service: Wi-Fi, AirPort, en0
Serial ATA Device: APPLE SSD SM0128G, 121,33 GB
USB Device: USB 3.0 Bus
USB Device: BRCM20702 Hub
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus: MacBook Air, Apple Inc., 27.2
Based on my (self-answered) question here Muxing AVPackets into mp4 file - revisited, I have to ask, what could be the reason why there are no values written for pts/dts in the resulting mp4 container.
I examined the container file with the tool MediaInfo.
I observe that only the very first Frame contains a value for pts in the container. After that, pts is not even shown in the mp4 file anymore, but dts is, with a value of all zeros.
This is the output from MediaInfo for the first 3 frames:
0000A2 slice_layer_without_partitioning (IDR) - 0 (0x0) - Frame 0 - slice_type I - frame_num 0 - DTS 00:00:00.000 - PTS 00:00:00.017 (141867 bytes)
0000A2 Header (5 bytes)
0000A2 zero_byte: 0 (0x00)
0000A3 start_code_prefix_one_3bytes: 1 (0x000001)
0000A6 nal_ref_idc: 3 (0x3) - (2 bits)
0000A6 nal_unit_type: 5 (0x05) - (5 bits)
0000A7 slice_header (3 bytes)
0000A7 first_mb_in_slice: 0 (0x0)
0000A7 slice_type: 7 (0x07) - I
0000A8 pic_parameter_set_id: 0 (0x0)
0000A8 frame_num: 0 (0x0)
0000A8 idr_pic_id: 0 (0x0)
0000A8 no_output_of_prior_pics_flag: No
0000A8 long_term_reference_flag: No
0000A9 slice_qp_delta: -5 (0xFFFFFFFB)
0000AA disable_deblocking_filter_idc: 0 (0x0)
0000AA slice_alpha_c0_offset_div2: 0 (0x0)
0000AA slice_beta_offset_div2: 0 (0x0)
0000AA slice_data (141856 bytes)
0000AA (ToDo): (Data)
022ACD slice_layer_without_partitioning (IDR) - 0 (0x0) - Frame 0 - slice_type I - frame_num 0 - DTS 00:00:00.000 - PTS 00:00:00.017 - first_mb_in_slice 8040 (2248 bytes)
022ACD Header (5 bytes)
022ACD zero_byte: 0 (0x00)
022ACE start_code_prefix_one_3bytes: 1 (0x000001)
022AD1 nal_ref_idc: 3 (0x3) - (2 bits)
022AD1 nal_unit_type: 5 (0x05) - (5 bits)
022AD2 slice_header (6 bytes)
022AD2 first_mb_in_slice: 8040 (0x001F68)
022AD5 slice_type: 7 (0x07) - I
022AD6 pic_parameter_set_id: 0 (0x0)
022AD6 frame_num: 0 (0x0)
022AD6 idr_pic_id: 0 (0x0)
022AD6 no_output_of_prior_pics_flag: No
022AD6 long_term_reference_flag: No
022AD7 slice_qp_delta: -5 (0xFFFFFFFB)
022AD8 disable_deblocking_filter_idc: 0 (0x0)
022AD8 slice_alpha_c0_offset_div2: 0 (0x0)
022AD8 slice_beta_offset_div2: 0 (0x0)
022AD8 slice_data (2237 bytes)
022AD8 (ToDo): (Data)
023395 1 (36212 bytes)
023395 slice_layer_without_partitioning (non-IDR) - 2 (0x2) - Frame 1 - slice_type P - frame_num 1 - DTS 00:00:00.000 (36017 bytes)
023395 Header (5 bytes)
023395 zero_byte: 0 (0x00)
023396 start_code_prefix_one_3bytes: 1 (0x000001)
023399 nal_ref_idc: 3 (0x3) - (2 bits)
023399 nal_unit_type: 1 (0x01) - (5 bits)
02339A slice_header (3 bytes)
02339A first_mb_in_slice: 0 (0x0)
02339A slice_type: 5 (0x5) - P
02339A pic_parameter_set_id: 0 (0x0)
02339A frame_num: 1 (0x1)
02339B num_ref_idx_active_override_flag (0 bytes)
02339B num_ref_idx_active_override_flag: Yes
02339B num_ref_idx_l0_active_minus1: 0 (0x0)
02339B ref_pic_list_modification_flag_l0: No
02339B adaptive_ref_pic_marking_mode_flag: No
02339C cabac_init_idc: 0 (0x0)
02339C slice_qp_delta: -3 (0xFFFFFFFD)
02339C disable_deblocking_filter_idc: 0 (0x0)
02339C slice_alpha_c0_offset_div2: 0 (0x0)
02339D slice_beta_offset_div2: 0 (0x0)
02339D slice_data (36012 bytes)
02339D (ToDo): (Data)
02C046 slice_layer_without_partitioning (non-IDR) - 2 (0x2) - Frame 1 - slice_type P - frame_num 1 - DTS 00:00:00.000 - first_mb_in_slice 8040 (195 bytes)
02C046 Header (5 bytes)
02C046 zero_byte: 0 (0x00)
02C047 start_code_prefix_one_3bytes: 1 (0x000001)
02C04A nal_ref_idc: 3 (0x3) - (2 bits)
02C04A nal_unit_type: 1 (0x01) - (5 bits)
02C04B slice_header (6 bytes)
02C04B first_mb_in_slice: 8040 (0x001F68)
02C04E slice_type: 5 (0x5) - P
02C04E pic_parameter_set_id: 0 (0x0)
02C04E frame_num: 1 (0x1)
02C04F num_ref_idx_active_override_flag (0 bytes)
02C04F num_ref_idx_active_override_flag: Yes
02C04F num_ref_idx_l0_active_minus1: 0 (0x0)
02C04F ref_pic_list_modification_flag_l0: No
02C04F adaptive_ref_pic_marking_mode_flag: No
02C050 cabac_init_idc: 0 (0x0)
02C050 slice_qp_delta: -3 (0xFFFFFFFD)
02C050 disable_deblocking_filter_idc: 0 (0x0)
02C050 slice_alpha_c0_offset_div2: 0 (0x0)
02C051 slice_beta_offset_div2: 0 (0x0)
02C051 slice_data (190 bytes)
02C051 (ToDo): (Data)
02C109 1 (26280 bytes)
02C109 slice_layer_without_partitioning (non-IDR) - 4 (0x4) - Frame 2 - slice_type P - frame_num 2 - DTS 00:00:00.000 (26157 bytes)
02C109 Header (5 bytes)
02C109 zero_byte: 0 (0x00)
02C10A start_code_prefix_one_3bytes: 1 (0x000001)
02C10D nal_ref_idc: 3 (0x3) - (2 bits)
02C10D nal_unit_type: 1 (0x01) - (5 bits)
02C10E slice_header (3 bytes)
02C10E first_mb_in_slice: 0 (0x0)
02C10E slice_type: 5 (0x5) - P
02C10E pic_parameter_set_id: 0 (0x0)
02C10E frame_num: 2 (0x2)
02C10F num_ref_idx_active_override_flag (0 bytes)
02C10F num_ref_idx_active_override_flag: Yes
02C10F num_ref_idx_l0_active_minus1: 0 (0x0)
02C10F ref_pic_list_modification_flag_l0: No
02C10F adaptive_ref_pic_marking_mode_flag: No
02C110 cabac_init_idc: 0 (0x0)
02C110 slice_qp_delta: -2 (0xFFFFFFFE)
02C110 disable_deblocking_filter_idc: 0 (0x0)
02C110 slice_alpha_c0_offset_div2: 0 (0x0)
02C111 slice_beta_offset_div2: 0 (0x0)
02C111 slice_data (26152 bytes)
02C111 (ToDo): (Data)
032736 slice_layer_without_partitioning (non-IDR) - 4 (0x4) - Frame 2 - slice_type P - frame_num 2 - DTS 00:00:00.000 - first_mb_in_slice 8040 (123 bytes)
032736 Header (5 bytes)
032736 zero_byte: 0 (0x00)
032737 start_code_prefix_one_3bytes: 1 (0x000001)
03273A nal_ref_idc: 3 (0x3) - (2 bits)
03273A nal_unit_type: 1 (0x01) - (5 bits)
03273B slice_header (6 bytes)
03273B first_mb_in_slice: 8040 (0x001F68)
03273E slice_type: 5 (0x5) - P
03273E pic_parameter_set_id: 0 (0x0)
03273E frame_num: 2 (0x2)
03273F num_ref_idx_active_override_flag (0 bytes)
03273F num_ref_idx_active_override_flag: Yes
03273F num_ref_idx_l0_active_minus1: 0 (0x0)
03273F ref_pic_list_modification_flag_l0: No
03273F adaptive_ref_pic_marking_mode_flag: No
032740 cabac_init_idc: 0 (0x0)
032740 slice_qp_delta: -2 (0xFFFFFFFE)
032740 disable_deblocking_filter_idc: 0 (0x0)
032740 slice_alpha_c0_offset_div2: 0 (0x0)
032741 slice_beta_offset_div2: 0 (0x0)
032741 slice_data (118 bytes)
032741 (ToDo): (Data)
0327B1 1 (21125 bytes)
It goes on like that, even though I set pts and dts. The settings may not be correct already (I do some calculations like (1 / framerate) * FrameNumber), but I would expect at least some numbers in pts and dts, when I set the according fields in the avPacket structure and write that via av_interleaved_write_frame(outFmtCtx, &avPacket); to the file.
What could be wrong here?
Edit:
(please see below in the comments the download to my testdata and source file)
One thing that bugs me is the fact, if I compare the output of MediaInfo from my file and that of the muxing.c generated is, that in the header, the muxing.c generated already mentions the duration of the file as 9960 ms, whereas mine is only 40 ms.
muxing.c also does call avformat_write_header before even one frame is drawn. Yes, I suppose that the header will be updated, when the either av_interleaved_write_frame or av_write_trailer is called, but I totally not understand the mechanics behind it.
Maybe somebody can enlighten me with some background information of any kind.
Additionally, I think it could be necessarry to extract some SPS and PPS from my raw data (preceding the I-slice), and give that as extra data to the avformat_write_header call. But I just cannot figure out myself if I have to do that at all and if so, how to do it.
So I'm writing a simple ETW logger to provide a trigger-event state machine to wake up whenever a new USB device is connected. Using microsoft's Messages analyzer I managed to trace and receive USB "new usb device information" traces using the following filter Microsoft_Windows_USB_USBHUB3.Summary == "New USB Device Information"
However, after examining the packet, there is no way for me to differentiate between USB mass storage devices and other USB devices(camera?)
Available values from the trace:
Name Value Bit Offset Bit Length Type
pointerValue 132972247379928 64 64 UInt64
Fid_HubDevice 0x000078F011FC3CC8 0 64 Etw.EtwPointer
pointerValue 132972489227464 0 64 UInt64
Fid_UsbDevice 0x000078F00391EFD8 64 64 Etw.EtwPointer
Fid_PortNumber 1 128 32 UInt32
Fid_DeviceDescription USB Mass Storage Device 160 384 String
Fid_DeviceInterfacePath \??\USB#VID_0781&PID_5567#200602669107DD62F0E0#{a5dcbf10-6530-11d2-901f-00c04fb951ed} 544 1376 String
Fid_DeviceDescriptor fid_DeviceDescriptor{Fid_bLength=18,Fid_bDescriptorType=1,Fid_bcdUSB=512,Fid_bDeviceClass=0,Fid_bDeviceSubClass=0,Fid_bDeviceProtocol=0,Fid_bMaxPacketSize0=64,Fid_idVendor=1921,Fid_idProduct=21863,Fid_bcdDevice=295,Fid_iManufacturer=1,Fid_iProduct=2,Fid_iSerialNumber=3,Fid_bNumConfigurations=1} 1920 144 Microsoft_Windows_USB_USBHUB3.fid_DeviceDescriptor
Fid_bLength 18 1920 8 Byte
Fid_bDescriptorType 1 1928 8 Byte
Fid_bcdUSB 0x0200 1936 16 UInt16
Fid_bDeviceClass 0 1952 8 Byte
Fid_bDeviceSubClass 0 1960 8 Byte
Fid_bDeviceProtocol 0 1968 8 Byte
Fid_bMaxPacketSize0 64 1976 8 Byte
Fid_idVendor 0x0781 1984 16 UInt16
Fid_idProduct 0x5567 2000 16 UInt16
Fid_bcdDevice 0x0127 2016 16 UInt16
Fid_iManufacturer 1 2032 8 Byte
Fid_iProduct 2 2040 8 Byte
Fid_iSerialNumber 3 2048 8 Byte
Fid_bNumConfigurations 1 2056 8 Byte
Fid_ConfigurationDescriptorLength 0x0020 2064 16 UInt16
Fid_ConfigurationDescriptor [9,2,32,0,1,1,0,128,100,9,4,0,0,2,8,6,80,0,7,5,129,2,0,2,0,7,5,2,2,0,2,1] 2080 256 ArrayValue`1
Fid_PdoName \Device\USBPDO-13 2336 288 String
Fid_Suspended 1 2624 8 Byte
Fid_PortPathDepth 1 2632 32 UInt32
Fid_PortPath [1,0,0,0,0,0] 2664 192 ArrayValue`1
Fid_PciBus 0x00000000 2856 32 UInt32
Fid_PciDevice 0x00000014 2888 32 UInt32
Fid_PciFunction 0x00000000 2920 32 UInt32
Fid_PciVendorId 0x00008086 2952 32 UInt32
Fid_PciDeviceId 0x0000A12F 2984 32 UInt32
Fid_PciRevisionId 0x00000031 3016 32 UInt32
Fid_CurrentWdfPowerDeviceState 0x00000005 3048 32 UInt32
Fid_Usb20LpmStatus 0x00000006 3080 32 UInt32
Fid_ControllerParentBusType ControllerParentBusTypePci 3112 32 MapControllerParentBusType
Fid_AcpiVendorId NULL 3144 40 String
Fid_AcpiDeviceId NULL 3184 40 String
Fid_AcpiRevisionId NULL 3224 40 String
Fid_PortFlagAcpiUpcValid 1 3264 8 Byte
Fid_PortConnectorType 255 3272 8 Byte
Fid_UcmConnectorId 0x0000000000000001 3280 64 UInt64
EtwKeywords Keywords{StandardKeywords=WindowsEtwKeywords{EventlogClassic=False,CorrelationHint=False,AuditSuccess=False,AuditFailure=False,SQM=False,WDIDiag=False,WDIContext=False,Reserved=False},Default=True,USBError=False,IRP=False,Power=False,PnP=True,Performance=False,HeadersBusTrace=False,PartialDataBusTrace=False,FullDataBusTrace=False,StateMachine=False,Enumeration=False,VerifyDriver=False,HWVerifyHost=False,HWVerifyHub=False,HWVerifyDevice=False,Rundown=False,Device=False,Hub=False,Compat=False,ControllerCommand=False,MsMeasures=True} Microsoft_Windows_USB_USBHUB3.Keywords
Limitations:
No strings comparisons
Must use ETW mechanism