clone = gcc no compile

#1
Guest_h4x_*

Posted 08 October 2009 - 08:17 AM

Guests


#include <sched.h>

#include <unistd.h>



int proces(){

puts("im child");

return 0;

}


int main(){

int pid;

pid = clone(proces, 0, 0x17|CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID, 0);

if(pid == -1)return 1;

puts("im partent");

return 0;

}

gcc omit clone function when compiling.
it took me 2 hours just to run strace and find out.
may someone answer me why?

oh wait, i know its inferior, but id like to know. many people us it, so im just wondering why. plz clarify it for me, thnks.

this is pathetic -,-
and thats why i write in asm.

well?
next time we argue about superiority of asm remember this thread.
0 replies = u dont know.

Edited by TkTech, 08 October 2009 - 07:07 PM.
Tripple post just one more time h4x, one more time.

#2
WingedPanther

Posted 08 October 2009 - 10:33 AM

A spammer's worst nightmare

Moderators
16,831 posts

h4x, you waited half an hour during a time period when the people most likely to know aren't on, and conclude that proves asm > C?

So far, all I've found on this is that it's not portable (Linix only), and the #include is sometimes <linux/sched.h> instead of <sched.h>.

So, was this on a Linux box? What version of gcc? What optimization level? etc, etc, etc.

Programming is a branch of mathematics.
My CodeCall Blog | My Personal Blog

#3
Guest_h4x_*

Posted 08 October 2009 - 11:34 AM

Guests

Linux a-desktop 2.6.28-15-generic #52-Ubuntu SMP Wed Sep 9 10:48:52 UTC 2009 x86_64 GNU/Linux
gcc (Ubuntu 4.3.3-5ubuntu4) 4.3.3
optimization level ZERO. just -o argument.

and here it is:

execve("./y", ["./y"], [/* 38 vars */]) = 0
brk(0)                                  = 0x1436000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1c4895000
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1c4893000
access("/etc/ld.so.preload", R_OK)      = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=90957, ...}) = 0
mmap(NULL, 90957, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7ff1c487c000
close(3)                                = 0
access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or directory)
open("/lib/libc.so.6", O_RDONLY)        = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\320\346\1\0\0\0\0\0@"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1502512, ...}) = 0
mmap(NULL, 3609240, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7ff1c4305000
mprotect(0x7ff1c446d000, 2097152, PROT_NONE) = 0
mmap(0x7ff1c466d000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x168000) = 0x7ff1c466d000
mmap(0x7ff1c4672000, 17048, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7ff1c4672000
close(3)                                = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1c487b000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7ff1c487a000
arch_prctl(ARCH_SET_FS, 0x7ff1c487a6f0) = 0
open("/dev/urandom", O_RDONLY)          = 3
read(3, "\314\353\3230\27W\6"..., 7)    = 7
close(3)                                = 0
mprotect(0x7ff1c466d000, 16384, PROT_READ) = 0
mprotect(0x600000, 4096, PROT_READ)     = 0
mprotect(0x7ff1c4896000, 4096, PROT_READ) = 0
munmap(0x7ff1c487c000, 90957)           = 0
exit_group(0)                           = ?

#include <sched.h>
#include <linux/ptrace.h>
#include <stdio.h>

int proc(){
puts("lol");
}


int main(){
clone(proc,0,0, 0);


return 0;
}

#4
dargueta

Posted 08 October 2009 - 02:03 PM

Writes binary right handed and hex left handed

Moderators
4,717 posts

Compile it with the -ggdb switch, throw it in GDB and put a breakpoint on clone(). Let us know what happens.

sudo rm -rf /

#5
ZekeDragon

Posted 08 October 2009 - 03:41 PM

Writes binary right handed and hex left handed

Moderators
2,103 posts

First... of course it would fail, it shouldn't even compile properly. The first argument to clone() needs an int (*) (void*), not an int (*) (). You need to cast it, like this:

    pid = clone((int (*)(void*))proces, 0, 0x17|CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID, 0);

This, however, will still fail, because of the second argument. Why, oh why, didn't you give the cloned thread ANY call stack? You have to malloc() some space for the child thread call stack, like so:

    void *aPtr = malloc(128);
    pid = clone((int (*)(void*))process, aPtr, 0x17|CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID, 0);

puts() should be thread-safe, if I remember correctly, so that should cause no problems. However, I'd still use the write() system call instead, since I feel safer with that. Like so:

    write(0, "I'm child\n", 10);

Finally, you need to compile it with the -static option. Like so:

gcc -static main.c -o main

Try all of that, see where you get. Worked for me.

Wow I changed my sig!

#6
dargueta

Posted 08 October 2009 - 03:51 PM

Writes binary right handed and hex left handed

Moderators
4,717 posts

*clap-clap-clap*

sudo rm -rf /

#7
Guest_h4x_*

Posted 09 October 2009 - 07:42 AM

Guests

problem was in stack.
i would like to see why gcc ref
used to compile it when stack was 0.
clone(proc,stack,0,0)
works. no casts. i only wonder why -ststic needed, strace show clone didnt failed, but process isnt executed.

anyway, pt_regs is in or out? can i set custom rip of my clone or it will work like extended fork only?

#8
dargueta

Posted 09 October 2009 - 11:27 AM

Writes binary right handed and hex left handed

Moderators
4,717 posts

I don't know about the pt_regs parameter, as it's not in the docs, but this describes exactly what clone() does.

clone(2): create child process - Linux man page

sudo rm -rf /