Thank you Indan, Using readelf helps, but I think there is some difference between running readelf on the file and parsing elf header in the memory (because my root process is already in the memory) As you can see below size of executable segment is different: readelf =*3923cb0, *mycode=*3923EB0* Also Entry point is different Second segment starting address and size are the same (?) I use __executable_start to parse ELF header in the memory Thanks, Leonid readelf -l Startup Elf file type is EXEC (Executable file) Entry point 0x40ef88 There are 4 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align LOAD 0x0000000000000000 0x0000000000400000 0x0000000000400000 0x0000000003923cb0 *0x0000000003923cb0 *RWE 0x1000 LOAD 0x0000000000000000 0x0000000003d30000 0x0000000003d30000 0x0000000000000000 0x0000000000aca428 RW 0x1000 TLS 0x00000000000cb490 0x00000000004cb490 0x00000000004cb490 0x0000000000000000 0x000000000000000c R 0x8 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10 Section to Segment mapping: Segment Sections... 00 .init .text .fini .rodata .eh_frame .init_array .fini_array .got .got.plt .data ._archive_cpio __vsyscall _ps_irqchips 01 .bss 02 .tbss 03 ------------------------------------ my code ---------------------------- ELF Header: Type: 2 Machine: 183 Version: 1 Entry point address: 0x40f218 Start of program headers: 64 bytes into file Number of program headers: 4 Size of program header: 56 bytes Segment 0: Type: 1 Flags: 7 Virtual address: 0x400000 Physical address: 0x400000 Size in file: 59915952 bytes (*3923EB0*) Size in memory: 59915952 bytes Alignment: 4096 Segment 1: Type: 1 Flags: 6 Virtual address: 0x3d30000 Physical address: 0x3d30000 Size in file: 0 bytes Size in memory: 11314216 bytes ( *aca428*) Alignment: 4096 Segment 2: Type: 7 Flags: 4 Virtual address: 0x4cb990 Physical address: 0x4cb990 Size in file: 0 bytes Size in memory: 12 bytes Alignment: 8 Segment 3: Type: 1685382481 Flags: 6 Virtual address: 0x0 Physical address: 0x0 Size in file: 0 bytes Size in memory: 0 bytes Alignment: 16 On Wed, Feb 7, 2024 at 9:24 AM Indan Zupancic <indan@nul.nu> wrote:
Hello Leonid,
On 2024-02-06 19:48, Leonid Meyerovich wrote:
Some time when I change (add) some code in amu process I have an error that Monitor process prints
CHECKSUM ERROR -------- Someone modified executable memory process=Startup 0x400000 8868997 last->10daf436f961b809 this->95ebd3119aee7736!!!!
It always complains about the root (Startup) task. Checksum value changes every time the Startup process calculates it.
Sounds like it may depend on whether the file size is odd or even. Are you accidentally checksumming past the end of the section?
The code that calculate executable segment are:
You can check if you're checking the right segment by comparing what your code finds with `readelf -l` output on your binary (not on the final image, but on the root task's binary).
Greetings,
Indan