i,m new to kext programming so my problem is:
i,m running macOS 10.11.6 i have turned SIP off but when i try to load my
kext using kextload and using the -v flag i get that my kext was successfully loaded:
*Requesting load of /private/tmp/kern.kext.
/private/tmp/kern.kext loaded successfully (or already loaded).*
and to check that my kext was loaded i have used kextstat :
152 0 0xffffff7f82db3000 0x2000 0x2000 com.SPX.kext.kern (1) 299868F4-9962-362D-AE3D-09579B6780DB <4>
but when i tail my kernel logs from: /var/log/system.log
using the command : tail -f /var/log/system.log
i see that error:
MacBook-Pro com.apple.kextd[47]: kext signature failure override
allowing invalid signature -67050 0xFFFFFFFFFFFEFA16 for kext
"/private/tmp/kern.kext"
my kext is a simple hello world kext and there's my code
#include <mach/mach_types.h>
#include <libkern/libkern.h>
kern_return_t kern_start(kmod_info_t * ki, void *d);
kern_return_t kern_stop(kmod_info_t *ki, void *d);
kern_return_t kern_start(kmod_info_t * ki, void *d)
{
printf("hello world");
return KERN_SUCCESS;
}
kern_return_t kern_stop(kmod_info_t *ki, void *d)
{
printf("bye kext");
return KERN_SUCCESS;
}
thanks in advance for any help
edit:
so after many test its look like the kext was loaded successfully but when it comes to the code sign issue i went through Xcode Build Settings and there i found code signing so in the code signing there's code signing identity so i set it to Don't code sign and i build it with using Xcode build tool xcodebuild -configuration Debug -target kern
but still no progress till now, so i hope someone help at least give a link or anything .
The output you're getting suggests that the kext is being loaded - code signing is not your problem.
I do notice however that your printf() calls contain no line termination. (\n) Not outputting whole lines will cause the messages to be buffered for longer than you'd expect, and run into other messages. With something like this, it should work, and you should see your messages in the system log:
printf("hello world\n");
Related
I'm trying to write a kmdf driver to target a custom PCIe board. On following the default project that Microsoft provides, I made a few minor changes to the .inf file, mainly changing the names of strings and providing the hardware ID of our PCIe board.
Deploying the driver works as it should. The driver installs and shows up on the device manager, but it says that it didn't install correctly or it may be corrupted.
On debugging, I see that WdfDriverCreate fails with an error of 0xC000009A, which means insufficient resources.
For reference, this is the generated code that the kmdf template project makes for you, which is what I am currently running:
NTSTATUS
DriverEntry(
_In_ PDRIVER_OBJECT DriverObject,
_In_ PUNICODE_STRING RegistryPath
)
{
WDF_DRIVER_CONFIG config;
NTSTATUS status;
WDF_OBJECT_ATTRIBUTES attributes;
//
// Initialize WPP Tracing
//
WPP_INIT_TRACING( DriverObject, RegistryPath );
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Entry");
//
// Register a cleanup callback so that we can call WPP_CLEANUP when
// the framework driver object is deleted during driver unload.
//
WDF_OBJECT_ATTRIBUTES_INIT_CONTEXT_TYPE(&attributes, DEVICE_CONTEXT);
attributes.EvtCleanupCallback = CIPDriverEvtDriverContextCleanup;
WDF_DRIVER_CONFIG_INIT(&config,
CIPDriverEvtDeviceAdd
);
KdPrint(("CIP: Driver Entry\n"));
status = WdfDriverCreate(DriverObject,
RegistryPath,
&attributes,
&config,
WDF_NO_HANDLE
);
if (!NT_SUCCESS(status)) {
TraceEvents(TRACE_LEVEL_ERROR, TRACE_DRIVER, "WdfDriverCreate failed %!STATUS!", status);
KdPrint(("CIP: WdfDriverCreate failed with status - 0x%x\n", status));
WPP_CLEANUP(DriverObject);
return status;
}
TraceEvents(TRACE_LEVEL_INFORMATION, TRACE_DRIVER, "%!FUNC! Exit");
return status;
}
My first question is, What would cause this?
I attempted to dump a log after the error is raised by running
!wdfkd.wdflogdump mydriver.sys
But it never works. I ensured that all symbol paths are loaded properly, as shown below
fffff880`05fdd000 fffff880`05fe6000 CIPDriver (private pdb symbols) C:\Users\jimmyjoebobby\Documents\Visual Studio 2013\Projects\CIPDriver\x64\Win7Debug\CIPDriver.pdb
22: kd> lm m wdf*
start end module name
fffff880`00e5e000 fffff880`00f20000 Wdf01000 (pdb symbols) c:\winsymbols\Wdf01000.pdb\03FC6AA4329F4372BE924775887225632\Wdf01000.pdb
fffff880`00f20000 fffff880`00f30000 WDFLDR (pdb symbols) c:\winsymbols\wdfldr.pdb\9674B20D2E5B4E7AA2DE143F642A176E2\wdfldr.pdb
Where "CIPDriver" is my driver.
On running the dump command, this is the output:
22: kd> !wdfkd.wdflogdump CIPDriver.sys
Trace searchpath is:
Trace format prefix is: %7!u!: %!FUNC! -
TMF file used for formatting log is: C:\WinDDK\7600.16385.1\tools\tracing\amd64\wdf01000.tmf
Log at fffffa80356232f8
Gather log: Please wait, this may take a moment (reading 0 bytes).
% read so far ...
warn: The log could not be accessed
hint: Are the symbols the WDF library available?
hint: The log is inaccessable after driver unload.
And the output of .sympath
22: kd> .sympath
Symbol search path is: C:\Users\jimmyjoebobby\Documents\Visual Studio 2013\Projects\CIPDriver\Win7Debug;C:\winsymbols
Expanded Symbol search path is: c:\users\jimmyjoebobby\documents\visual studio 2013\projects\cipdriver\win7debug;c:\winsymbols
Where C:\winsymbols is a cache of Microsofts's symbols which I acquired by following the guide here: https://msdn.microsoft.com/en-us/library/windows/hardware/ff558829(v=vs.85).aspx
My second question is, how do I correctly setup the debugger to dump out the logs?
Thanks
I don't quite understand why this helps, but if I turned off KMDF verifier under
[DriverName] Package -> Properties -> Configuration Properties -> Driver Install -> KMDF Verifier -> Enable KMDF Verifier
And deploy the driver, it works. If I turn that on, it fails. I deployed my driver a few times toggling that option on and off and it always fails when it's on.
I posted this question along with my findings. Maybe someone there could answer why this is the case: https://www.osronline.com/showthread.cfm?link=277793
Attempting to debug an NPAPI plugin by attaching to the plugin process does not appear to work in 10.11.
Attaching with lldb reveals:
sudo lldb -p 39337
(lldb) process attach --pid 39337
error: attach failed: unable to attach
This seems to affect both 'legacy' webkit used for embedded Webkit (with plugin host named WebKitPluginHost) and 'modern' webkit used in safari (with plugin host named com.apple.WebKit.Plugin.64)
I have disabled the "Debugging Restrictions" using csrutil in recovery mode, but that does not appear to help in this case.
I haven't tried it specifically in 10.11, but I find the easiest way is to add a blocking section to wait for your plugin to be debugged in the startup code:
#if WAIT_FOR_DEBUGGER
static bool beingDebugged() {
int mib[4] = {CTL_KERN, KERN_PROC, KERN_PROC_PID, getpid()}; size_t mib_size = 4;
struct kinfo_proc kp; size_t kp_size = sizeof(kp);
int result = sysctl(mib, mib_size, &kp, &kp_size, NULL, 0);
return (0 == result) ? (P_TRACED & kp.kp_proc.p_flag) : false;
}
#endif
then in startup code somewhere:
#if WAIT_FOR_DEBUGGER
#warning "WILL BLOCK ON P_TRACED"
while (!beingDebugged())
sleep(1);
#endif
If you have trouble finding the right process to connect to you could have this also output the PID to a file so you can read and find it.
Problem
I have some half-year old c-programs I was working on and had hoped that I could continue working on them now. I did installed windows 10 (64-bit) right after that, so I thought could be a problem but the programs have run on windows 10 since then.
About 2 months ago, I could build with the make-file and run the executables but when I tried again today, it seems to me like the executables are not running. I have now also tried updating cygwin and (I think) all relevant packages.
I have googled if there are any important changes to cygwin but I didn't really find anything.
Details
When I try running any program nothing happens for a long while at the ./executeables/helloworld.exe line and then eventually producing the error:
$ make 1
gcc 1-helloworld.c -o ./executeables/helloworld.exe -lncurses
./executeables/helloworld.exe
0 [sig] make 7332 get_proc_lock: Couldn't acquire sync_proc_subproc for(5, 1), last 7, Win32 error 0
1324 [sig] make 7332 proc_subproc: couldn't get proc lock. what 5, val 1
After this, nothing happens and I cannot even stop the process with ctrl+C so I have to end "make.exe" (which oddly enough consists of 2 processes) with task manager. The terminal then says nothing more than
makefile:2: recipe for target '1' failed
make: *** [1] Error 1
So I'm guessing there is a problem with getting a mutex or a lock from windows for creating a process, but I have no clue why this would happen.
Code
The example in this try uses this code for a hello world program, but it's the same for the more complex programs as well.
#include <ncurses.h>
#include <string.h>
int main() {
char *message="Hello World";
int row,col;
int len = strlen(message);
initscr();
getmaxyx(stdscr, row, col); //screensize
mvprintw(row/2, (col-len)/2, "%s", message); //center of screen
getch();
refresh();
endwin();
return 0;
}
Have anyone seen this problem before?
Avast antivirus was preventing the program from running correctly. Disabling it made everything run perfectly. I finally found the answer in this thread:
Netbeans 8.1 IDE compiles and builds C programs but does not show their output
note:
Since it is not marked as an answer to the question in that thread and because that question is not explicitly focusing the same error (although presents the same error), I will keep my question instead of marking it as a duplicate.
Thank you, Sheshadri Iyengar for providing the solution.
i get smilar error when i try launch my application (c++ command line) from xcode , (the application work fine from terminal .
XCode: Could not launch "APP_X_Y" - 'A' packet returned an error: -1
i tried every mentioned solution in above question but none of them helped me.
i finally found problem is launching using LLDB so GDB works fine. but i want to debug my program using LLDB and launch with default config in xcode.
the error is in following lldb function:
Error
PlatformRemoteGDBServer::LaunchProcess (ProcessLaunchInfo &launch_info)
{
Error error;
lldb::pid_t pid = LLDB_INVALID_PROCESS_ID;
m_gdb_client.SetSTDIN ("/dev/null");
m_gdb_client.SetSTDOUT ("/dev/null");
m_gdb_client.SetSTDERR ("/dev/null");
m_gdb_client.SetDisableASLR (launch_info.GetFlags().Test (eLaunchFlagDisableASLR));
const char *working_dir = launch_info.GetWorkingDirectory();
if (working_dir && working_dir[0])
{
m_gdb_client.SetWorkingDir (working_dir);
}
// Send the environment and the program + arguments after we connect
const char **argv = launch_info.GetArguments().GetConstArgumentVector();
const char **envp = launch_info.GetEnvironmentEntries().GetConstArgumentVector();
if (envp)
{
const char *env_entry;
for (int i=0; (env_entry = envp[i]); ++i)
{
if (m_gdb_client.SendEnvironmentPacket(env_entry) != 0)
break;
}
}
const uint32_t old_packet_timeout = m_gdb_client.SetPacketTimeout (5);
int arg_packet_err = m_gdb_client.SendArgumentsPacket (argv);
m_gdb_client.SetPacketTimeout (old_packet_timeout);
if (arg_packet_err == 0)
{
std::string error_str;
if (m_gdb_client.GetLaunchSuccess (error_str))
{
pid = m_gdb_client.GetCurrentProcessID ();
if (pid != LLDB_INVALID_PROCESS_ID)
launch_info.SetProcessID (pid);
}
else
{
error.SetErrorString (error_str.c_str());
}
}
else
{
**error.SetErrorStringWithFormat("**'A' packet returned an error: %i",** arg_packet_err);**
}
return error;
}
as you can see 'a' packet error is in lldb now question is how can fix this problem ? is there any solution to reinstall / reconfigure LLDB in xcode? can anyone find where is problem from lldb function.
i'm using latest Mac OS + Xcode 4.6.3 latest
please share your ideas .
This error happens when debugserver cannot launch the app you are trying to debug. debugserver launches, attaches, stops, inspects and controls the process - it is a small program with all of these responsibilities. It communicates to lldb (possibly inside Xcode) via the "gdb remote protocol", with some minor extensions.
If you've built your own lldb, chances are that debugserver is not properly code signed so it cannot launch apps.
If you've changed your /etc/hosts file, check that you have a line like 127.0.0.1 localhost in there. Some people have modified their /etc/hosts (I have no idea why) and removed this line, and this has caused problems for lldb trying to communicate with debugserver.
Otherwise, check the output in Console.app to see if there are any useful messages logged.
I was in the same situation. It happened after updating to Xcode 5 in my case.
After all it works fine now.
I followed the command line executions as per the comment from Jason Molenda.
When running "xcrun lldb ..." I got an error:
xcrun error failed to exec real xcrun. (no such file or directory)
After Googling, I figured this out:
xcode-select -print-path
/Developer
As my Xcode was not in there, I did:
sudo xcode-select --switch /Applications/Xcode.app/Contents/Developer
I don't know why, but it didn't work immediately in my case. After quitting Xcode, Terminal, etc., Xcode ran and debug worked as expected.
My project at work debugged under 10.6/Xcode 3.2.5 works fine but at home the same project run under Lion/Xcode 3.2.5 tosses dozens of these
unable to read unknown load command 0x26
messages in the debugger. Any ideas on what I can do to determine what GDB is complaining about? It still "seems" to work, but I have no idea what might be missing or wrong.
Note this is a regular OSX app, not iOS.
The message comes from bfd/mach-o.c:
switch (command->type)
{
case BFD_MACH_O_LC_SEGMENT:
if (bfd_mach_o_scan_read_segment_32 (abfd, command) != 0)
return -1;
break;
.....
default:
fprintf (stderr, "unable to read unknown load command 0x%lx\n",
(unsigned long) command->type);
break;
}
The warning says that BFD cannot recognize the Mach-O section load command it has encountered.
Looking at bfd/mach-o.h where known load commands are described, we find that commands there range from 0x1 to 0x18, yet nothing beyond.
Mac OS X (Lion) defines load constants in /usr/include/mach-o/loader.h (available if you've installed XCode), from 0x1 to 0x27. Therefore, the most logical explanation to seeing the warnings for load commands > 0x18 appears to be the lack of the said codes in BFD's own header.
Also, for follow-ups consider looking at: https://bugs.launchpad.net/tarantool/+bug/1018356