Advertising (This ad goes away for registered users. You can Login or Register)

Crash

Forum rules
Forum rule Nº 15 is strictly enforced in this subforum.
Locked
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Crash

Post by stavrosomo »

Hello,

I just found another crash which maybe useful. Can you please help me analyse this crash further? Thanks you! :)

Code: Select all

host0:/> host0:/> Loading all modules ... Ready
Exception - Address load/inst fetch
Thread ID - 
Th Name   - 
Module ID - 
Mod Name  - 
EPC       - 0x088B5EB8
Cause     - 0x10000010
BadVAddr  - 0x61616159
Status    - 0x60088613
zr:0x00000000 at:0x09FFFB00 v0:0x089AE05F v1:0xFFFFFFFF
a0:0x089AE060 a1:0x61616161 a2:0x61616159 a3:0x089AE05F
t0:0x00000001 t1:0x049A2C0F t2:0x00000000 t3:0x00000000
t4:0x01010101 t5:0x0004A871 t6:0x09C01EE8 t7:0x088B54A8
s0:0x089AE058 s1:0x089AE000 s2:0x089AE060 s3:0x61616161
s4:0x089AE058 s5:0x089AE038 s6:0x00000001 s7:0x61616161
t8:0x0002EB80 t9:0x00005D70 k0:0x09FFFB00 k1:0x00000000
gp:0x00000000 sp:0x09FFF170 fp:0x09C01EE0 ra:0x088B54D4
0x088B5EB8: 0x8CA3FFF8 '....' - lw         $v1, -8($a1)

host0:/> disasm 0x088B5EB8 150
0x088B5EB8: 0x00003821 '!8..' - move       $a3, $zr
0x088B5EBC: 0x02402021 '! @.' - move       $a0, $s2
0x088B5EC0: 0x0E22A294 '..".' - jal        0x088A8A50
0x088B5EC4: 0x24050100 '...$' - li         $a1, 256
0x088B5EC8: 0x2623FFFF '..#&' - addiu      $v1, $s1, -1
0x088B5ECC: 0x2C630100 '..c,' - sltiu      $v1, $v1, 256
0x088B5ED0: 0xAE020044 'D...' - sw         $v0, 68($s0)
0x088B5ED4: 0x14600033 '3.`.' - bnez       $v1, 0x088B5FA4
0x088B5ED8: 0xAE420538 '8.B.' - sw         $v0, 1336($s2)
0x088B5EDC: 0x12600011 '..`.' - beqz       $s3, 0x088B5F24
0x088B5EE0: 0x3222FFFF '.."2' - andi       $v0, $s1, 0xFFFF
0x088B5EE4: 0x92030018 '....' - lbu        $v1, 24($s0)
0x088B5EE8: 0x92040019 '....' - lbu        $a0, 25($s0)
0x088B5EEC: 0x24020001 '...$' - li         $v0, 1
0x088B5EF0: 0x10800022 '"...' - beqz       $a0, 0x088B5F7C
0x088B5EF4: 0x00621804 '..b.' - sllv       $v1, $v0, $v1
0x088B5EF8: 0x24020002 '...$' - li         $v0, 2
0x088B5EFC: 0x5082002F '/..P' - beql       $a0, $v0, 0x088B5FBC
0x088B5F00: 0x96620002 '..b.' - lhu        $v0, 2($s3)
0x088B5F04: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5F08: 0x26040048 'H..&' - addiu      $a0, $s0, 72
0x088B5F0C: 0x0E25B724 '$.%.' - jal        0x0896DC90
0x088B5F10: 0x2406000A '...$' - li         $a2, 10
0x088B5F14: 0x16200003 '.. .' - bnez       $s1, 0x088B5F24
0x088B5F18: 0x3222FFFF '.."2' - andi       $v0, $s1, 0xFFFF
0x088B5F1C: 0x24110001 '...$' - li         $s1, 1
0x088B5F20: 0x24020001 '...$' - li         $v0, 1
0x088B5F24: 0x12200007 '.. .' - beqz       $s1, 0x088B5F44
0x088B5F28: 0xA6020016 '....' - sh         $v0, 22($s0)
0x088B5F2C: 0x8E030008 '....' - lw         $v1, 8($s0)
0x088B5F30: 0x8E0200B0 '....' - lw         $v0, 176($s0)
0x088B5F34: 0x34630010 '..c4' - ori        $v1, $v1, 0x10
0x088B5F38: 0x34422000 '. B4' - ori        $v0, $v0, 0x2000
0x088B5F3C: 0xAE0200B0 '....' - sw         $v0, 176($s0)
0x088B5F40: 0xAE030008 '....' - sw         $v1, 8($s0)
0x088B5F44: 0x8FA2000C '....' - lw         $v0, 12($sp)
0x088B5F48: 0x8EA3E924 '$...' - lw         $v1, -5852($s5)
0x088B5F4C: 0x00621022 '".b.' - sub        $v0, $v1, $v0
0x088B5F50: 0x00001821 '!...' - move       $v1, $zr
0x088B5F54: 0x1440002A '*.@.' - bnez       $v0, 0x088B6000
0x088B5F58: 0x8FBF0028 '(...' - lw         $ra, 40($sp)
0x088B5F5C: 0x8FB50024 '$...' - lw         $s5, 36($sp)
0x088B5F60: 0x8FB40020 ' ...' - lw         $s4, 32($sp)
0x088B5F64: 0x8FB3001C '....' - lw         $s3, 28($sp)
0x088B5F68: 0x8FB20018 '....' - lw         $s2, 24($sp)
0x088B5F6C: 0x8FB10014 '....' - lw         $s1, 20($sp)
0x088B5F70: 0x8FB00010 '....' - lw         $s0, 16($sp)
0x088B5F74: 0x03E00008 '....' - jr         $ra
0x088B5F78: 0x27BD0030 '0..'' - addiu      $sp, $sp, 48
0x088B5F7C: 0x96620008 '..b.' - lhu        $v0, 8($s3)
0x088B5F80: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5F84: 0x5040FFE0 '..@P' - beqzl      $v0, 0x088B5F08
0x088B5F88: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5F8C: 0x3C050897 '...<' - lui        $a1, 0x897
0x088B5F90: 0x02402021 '! @.' - move       $a0, $s2
0x088B5F94: 0x0E22A022 '".".' - jal        0x088A8088
0x088B5F98: 0x24A514C4 '...$' - addiu      $a1, $a1, 5316
0x088B5F9C: 0x0A22D7C2 '..".' - j          0x088B5F08
0x088B5FA0: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5FA4: 0x8E040044 'D...' - lw         $a0, 68($s0)
0x088B5FA8: 0x02802821 '!(..' - move       $a1, $s4
0x088B5FAC: 0x0E25B724 '$.%.' - jal        0x0896DC90
0x088B5FB0: 0x02203021 '!0 .' - move       $a2, $s1
0x088B5FB4: 0x0A22D7B7 '..".' - j          0x088B5EDC
0x088B5FB8: 0x00000000 '....' - nop
0x088B5FBC: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5FC0: 0x1440FFF3 '..@.' - bnez       $v0, 0x088B5F90
0x088B5FC4: 0x3C050897 '...<' - lui        $a1, 0x897
0x088B5FC8: 0x96620004 '..b.' - lhu        $v0, 4($s3)
0x088B5FCC: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5FD0: 0x1440FFF0 '..@.' - bnez       $v0, 0x088B5F94
0x088B5FD4: 0x02402021 '! @.' - move       $a0, $s2
0x088B5FD8: 0x96620006 '..b.' - lhu        $v0, 6($s3)
0x088B5FDC: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5FE0: 0x5040FFC9 '..@P' - beqzl      $v0, 0x088B5F08
0x088B5FE4: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5FE8: 0x3C050897 '...<' - lui        $a1, 0x897
0x088B5FEC: 0x02402021 '! @.' - move       $a0, $s2
0x088B5FF0: 0x0E22A022 '".".' - jal        0x088A8088
0x088B5FF4: 0x24A514C4 '...$' - addiu      $a1, $a1, 5316
0x088B5FF8: 0x0A22D7C2 '..".' - j          0x088B5F08
0x088B5FFC: 0x02602821 '!(`.' - move       $a1, $s3
0x088B6000: 0x0E211A04 '..!.' - jal        0x08846810
0x088B6004: 0x00000000 '....' - nop
0x088B6008: 0x27BDFFC0 '...'' - addiu      $sp, $sp, -64
0x088B600C: 0xAFBE0030 '0...' - sw         $fp, 48($sp)
0x088B6010: 0x3C1E089A '...<' - lui        $fp, 0x89A
0x088B6014: 0xAFB60028 '(...' - sw         $s6, 40($sp)
0x088B6018: 0x00E0B021 '!...' - move       $s6, $a3
0x088B601C: 0xAFB40020 ' ...' - sw         $s4, 32($sp)
0x088B6020: 0x0080A021 '!...' - move       $s4, $a0
0x088B6024: 0xAFB20018 '....' - sw         $s2, 24($sp)
0x088B6028: 0x00A09021 '!...' - move       $s2, $a1
0x088B602C: 0xAFB00010 '....' - sw         $s0, 16($sp)
0x088B6030: 0x00C08021 '!...' - move       $s0, $a2
0x088B6034: 0xAFBF0034 '4...' - sw         $ra, 52($sp)
0x088B6038: 0xAFB7002C ',...' - sw         $s7, 44($sp)
0x088B603C: 0xAFB50024 '$...' - sw         $s5, 36($sp)
0x088B6040: 0xAFB3001C '....' - sw         $s3, 28($sp)
0x088B6044: 0xAFB10014 '....' - sw         $s1, 20($sp)
0x088B6048: 0x8FC2E924 '$...' - lw         $v0, -5852($fp)
0x088B604C: 0xAFA2000C '....' - sw         $v0, 12($sp)
0x088B6050: 0x00001021 '!...' - move       $v0, $zr
0x088B6054: 0x1080001D '....' - beqz       $a0, 0x088B60CC
0x088B6058: 0x00000000 '....' - nop
0x088B605C: 0x10A0001B '....' - beqz       $a1, 0x088B60CC
0x088B6060: 0x00000000 '....' - nop
0x088B6064: 0x8CA500D0 '....' - lw         $a1, 208($a1)
0x088B6068: 0x00A72821 '!(..' - addu       $a1, $a1, $a3
0x088B606C: 0x0E22A2F7 '..".' - jal        0x088A8BDC
0x088B6070: 0x00052900 '.)..' - sll        $a1, $a1, 4
0x088B6074: 0x1040005D '].@.' - beqz       $v0, 0x088B61EC
0x088B6078: 0x0040B821 '!.@.' - move       $s7, $v0
0x088B607C: 0x8E4600D0 '..F.' - lw         $a2, 208($s2)
0x088B6080: 0x8E4500CC '..E.' - lw         $a1, 204($s2)
0x088B6084: 0x00402021 '! @.' - move       $a0, $v0
0x088B6088: 0x0E25B724 '$.%.' - jal        0x0896DC90
0x088B608C: 0x00063100 '.1..' - sll        $a2, $a2, 4
0x088B6090: 0x8E4500CC '..E.' - lw         $a1, 204($s2)
0x088B6094: 0x0E22A2DC '..".' - jal        0x088A8B70
0x088B6098: 0x02802021 '! ..' - move       $a0, $s4
0x088B609C: 0x1EC0001C '....' - bgtz       $s6, 0x088B6110
0x088B60A0: 0xAE4000CC '..@.' - sw         $zr, 204($s2)
0x088B60A4: 0x8E4200D0 '..B.' - lw         $v0, 208($s2)
0x088B60A8: 0x8E440008 '..D.' - lw         $a0, 8($s2)
0x088B60AC: 0x8E4300B0 '..C.' - lw         $v1, 176($s2)
0x088B60B0: 0x02C21021 '!...' - addu       $v0, $s6, $v0
0x088B60B4: 0x34842000 '. .4' - ori        $a0, $a0, 0x2000
0x088B60B8: 0x34630020 ' .c4' - ori        $v1, $v1, 0x20
0x088B60BC: 0xAE4300B0 '..C.' - sw         $v1, 176($s2)
0x088B60C0: 0xAE5700CC '..W.' - sw         $s7, 204($s2)
0x088B60C4: 0xAE4200D0 '..B.' - sw         $v0, 208($s2)
0x088B60C8: 0xAE440008 '..D.' - sw         $a0, 8($s2)
0x088B60CC: 0x8FA2000C '....' - lw         $v0, 12($sp)
0x088B60D0: 0x8FC3E924 '$...' - lw         $v1, -5852($fp)
0x088B60D4: 0x00621022 '".b.' - sub        $v0, $v1, $v0
0x088B60D8: 0x00001821 '!...' - move       $v1, $zr
0x088B60DC: 0x14400052 'R.@.' - bnez       $v0, 0x088B6228
0x088B60E0: 0x8FBF0034 '4...' - lw         $ra, 52($sp)
0x088B60E4: 0x8FBE0030 '0...' - lw         $fp, 48($sp)
0x088B60E8: 0x8FB7002C ',...' - lw         $s7, 44($sp)
0x088B60EC: 0x8FB60028 '(...' - lw         $s6, 40($sp)
0x088B60F0: 0x8FB50024 '$...' - lw         $s5, 36($sp)
0x088B60F4: 0x8FB40020 ' ...' - lw         $s4, 32($sp)
0x088B60F8: 0x8FB3001C '....' - lw         $s3, 28($sp)
0x088B60FC: 0x8FB20018 '....' - lw         $s2, 24($sp)
0x088B6100: 0x8FB10014 '....' - lw         $s1, 20($sp)
0x088B6104: 0x8FB00010 '....' - lw         $s0, 16($sp)
0x088B6108: 0x03E00008 '....' - jr         $ra
0x088B610C: 0x27BD0040 '@..'' - addiu      $sp, $sp, 64


host0:/> disasm 0x088B5EB8-150 150
0x088B5E20: 0x1040000A '..@.' - beqz       $v0, 0x088B5E4C
0x088B5E24: 0xAE220038 '8.".' - sw         $v0, 56($s1)
0x088B5E28: 0x8E2200B0 '..".' - lw         $v0, 176($s1)
0x088B5E2C: 0x34424000 '.@B4' - ori        $v0, $v0, 0x4000
0x088B5E30: 0x0A22D726 '&.".' - j          0x088B5C98
0x088B5E34: 0xAE2200B0 '..".' - sw         $v0, 176($s1)
0x088B5E38: 0x03C02021 '! ..' - move       $a0, $fp
0x088B5E3C: 0x0E22A2DC '..".' - jal        0x088A8B70
0x088B5E40: 0x02002821 '!(..' - move       $a1, $s0
0x088B5E44: 0x0A22D765 'e.".' - j          0x088B5D94
0x088B5E48: 0x24020001 '...$' - li         $v0, 1
0x088B5E4C: 0x0A22D765 'e.".' - j          0x088B5D94
0x088B5E50: 0x24020001 '...$' - li         $v0, 1
0x088B5E54: 0x0E211A04 '..!.' - jal        0x08846810
0x088B5E58: 0x00000000 '....' - nop
0x088B5E5C: 0x27BDFFD0 '...'' - addiu      $sp, $sp, -48
0x088B5E60: 0xAFB50024 '$...' - sw         $s5, 36($sp)
0x088B5E64: 0x3C15089A '...<' - lui        $s5, 0x89A
0x088B5E68: 0x8EA2E924 '$...' - lw         $v0, -5852($s5)
0x088B5E6C: 0xAFA2000C '....' - sw         $v0, 12($sp)
0x088B5E70: 0x00001021 '!...' - move       $v0, $zr
0x088B5E74: 0xAFB40020 ' ...' - sw         $s4, 32($sp)
0x088B5E78: 0x00C0A021 '!...' - move       $s4, $a2
0x088B5E7C: 0xAFB3001C '....' - sw         $s3, 28($sp)
0x088B5E80: 0x01009821 '!...' - move       $s3, $t0
0x088B5E84: 0xAFB20018 '....' - sw         $s2, 24($sp)
0x088B5E88: 0x00809021 '!...' - move       $s2, $a0
0x088B5E8C: 0xAFB10014 '....' - sw         $s1, 20($sp)
0x088B5E90: 0x00E08821 '!...' - move       $s1, $a3
0x088B5E94: 0xAFB00010 '....' - sw         $s0, 16($sp)
0x088B5E98: 0x00A08021 '!...' - move       $s0, $a1
0x088B5E9C: 0x10800029 ')...' - beqz       $a0, 0x088B5F44
0x088B5EA0: 0xAFBF0028 '(...' - sw         $ra, 40($sp)
0x088B5EA4: 0x10A00027 ''...' - beqz       $a1, 0x088B5F44
0x088B5EA8: 0x00000000 '....' - nop
0x088B5EAC: 0x10C0000B '....' - beqz       $a2, 0x088B5EDC
0x088B5EB0: 0x24062000 '. .$' - li         $a2, 8192
0x088B5EB4: 0x0E229DD9 '..".' - jal        0x088A7764
0x088B5EB8: 0x00003821 '!8..' - move       $a3, $zr
0x088B5EBC: 0x02402021 '! @.' - move       $a0, $s2
0x088B5EC0: 0x0E22A294 '..".' - jal        0x088A8A50
0x088B5EC4: 0x24050100 '...$' - li         $a1, 256
0x088B5EC8: 0x2623FFFF '..#&' - addiu      $v1, $s1, -1
0x088B5ECC: 0x2C630100 '..c,' - sltiu      $v1, $v1, 256
0x088B5ED0: 0xAE020044 'D...' - sw         $v0, 68($s0)
0x088B5ED4: 0x14600033 '3.`.' - bnez       $v1, 0x088B5FA4
0x088B5ED8: 0xAE420538 '8.B.' - sw         $v0, 1336($s2)
0x088B5EDC: 0x12600011 '..`.' - beqz       $s3, 0x088B5F24
0x088B5EE0: 0x3222FFFF '.."2' - andi       $v0, $s1, 0xFFFF
0x088B5EE4: 0x92030018 '....' - lbu        $v1, 24($s0)
0x088B5EE8: 0x92040019 '....' - lbu        $a0, 25($s0)
0x088B5EEC: 0x24020001 '...$' - li         $v0, 1
0x088B5EF0: 0x10800022 '"...' - beqz       $a0, 0x088B5F7C
0x088B5EF4: 0x00621804 '..b.' - sllv       $v1, $v0, $v1
0x088B5EF8: 0x24020002 '...$' - li         $v0, 2
0x088B5EFC: 0x5082002F '/..P' - beql       $a0, $v0, 0x088B5FBC
0x088B5F00: 0x96620002 '..b.' - lhu        $v0, 2($s3)
0x088B5F04: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5F08: 0x26040048 'H..&' - addiu      $a0, $s0, 72
0x088B5F0C: 0x0E25B724 '$.%.' - jal        0x0896DC90
0x088B5F10: 0x2406000A '...$' - li         $a2, 10
0x088B5F14: 0x16200003 '.. .' - bnez       $s1, 0x088B5F24
0x088B5F18: 0x3222FFFF '.."2' - andi       $v0, $s1, 0xFFFF
0x088B5F1C: 0x24110001 '...$' - li         $s1, 1
0x088B5F20: 0x24020001 '...$' - li         $v0, 1
0x088B5F24: 0x12200007 '.. .' - beqz       $s1, 0x088B5F44
0x088B5F28: 0xA6020016 '....' - sh         $v0, 22($s0)
0x088B5F2C: 0x8E030008 '....' - lw         $v1, 8($s0)
0x088B5F30: 0x8E0200B0 '....' - lw         $v0, 176($s0)
0x088B5F34: 0x34630010 '..c4' - ori        $v1, $v1, 0x10
0x088B5F38: 0x34422000 '. B4' - ori        $v0, $v0, 0x2000
0x088B5F3C: 0xAE0200B0 '....' - sw         $v0, 176($s0)
0x088B5F40: 0xAE030008 '....' - sw         $v1, 8($s0)
0x088B5F44: 0x8FA2000C '....' - lw         $v0, 12($sp)
0x088B5F48: 0x8EA3E924 '$...' - lw         $v1, -5852($s5)
0x088B5F4C: 0x00621022 '".b.' - sub        $v0, $v1, $v0
0x088B5F50: 0x00001821 '!...' - move       $v1, $zr
0x088B5F54: 0x1440002A '*.@.' - bnez       $v0, 0x088B6000
0x088B5F58: 0x8FBF0028 '(...' - lw         $ra, 40($sp)
0x088B5F5C: 0x8FB50024 '$...' - lw         $s5, 36($sp)
0x088B5F60: 0x8FB40020 ' ...' - lw         $s4, 32($sp)
0x088B5F64: 0x8FB3001C '....' - lw         $s3, 28($sp)
0x088B5F68: 0x8FB20018 '....' - lw         $s2, 24($sp)
0x088B5F6C: 0x8FB10014 '....' - lw         $s1, 20($sp)
0x088B5F70: 0x8FB00010 '....' - lw         $s0, 16($sp)
0x088B5F74: 0x03E00008 '....' - jr         $ra
0x088B5F78: 0x27BD0030 '0..'' - addiu      $sp, $sp, 48
0x088B5F7C: 0x96620008 '..b.' - lhu        $v0, 8($s3)
0x088B5F80: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5F84: 0x5040FFE0 '..@P' - beqzl      $v0, 0x088B5F08
0x088B5F88: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5F8C: 0x3C050897 '...<' - lui        $a1, 0x897
0x088B5F90: 0x02402021 '! @.' - move       $a0, $s2
0x088B5F94: 0x0E22A022 '".".' - jal        0x088A8088
0x088B5F98: 0x24A514C4 '...$' - addiu      $a1, $a1, 5316
0x088B5F9C: 0x0A22D7C2 '..".' - j          0x088B5F08
0x088B5FA0: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5FA4: 0x8E040044 'D...' - lw         $a0, 68($s0)
0x088B5FA8: 0x02802821 '!(..' - move       $a1, $s4
0x088B5FAC: 0x0E25B724 '$.%.' - jal        0x0896DC90
0x088B5FB0: 0x02203021 '!0 .' - move       $a2, $s1
0x088B5FB4: 0x0A22D7B7 '..".' - j          0x088B5EDC
0x088B5FB8: 0x00000000 '....' - nop
0x088B5FBC: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5FC0: 0x1440FFF3 '..@.' - bnez       $v0, 0x088B5F90
0x088B5FC4: 0x3C050897 '...<' - lui        $a1, 0x897
0x088B5FC8: 0x96620004 '..b.' - lhu        $v0, 4($s3)
0x088B5FCC: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5FD0: 0x1440FFF0 '..@.' - bnez       $v0, 0x088B5F94
0x088B5FD4: 0x02402021 '! @.' - move       $a0, $s2
0x088B5FD8: 0x96620006 '..b.' - lhu        $v0, 6($s3)
0x088B5FDC: 0x0062102A '*.b.' - slt        $v0, $v1, $v0
0x088B5FE0: 0x5040FFC9 '..@P' - beqzl      $v0, 0x088B5F08
0x088B5FE4: 0x02602821 '!(`.' - move       $a1, $s3
0x088B5FE8: 0x3C050897 '...<' - lui        $a1, 0x897
0x088B5FEC: 0x02402021 '! @.' - move       $a0, $s2
0x088B5FF0: 0x0E22A022 '".".' - jal        0x088A8088
0x088B5FF4: 0x24A514C4 '...$' - addiu      $a1, $a1, 5316
0x088B5FF8: 0x0A22D7C2 '..".' - j          0x088B5F08
0x088B5FFC: 0x02602821 '!(`.' - move       $a1, $s3
0x088B6000: 0x0E211A04 '..!.' - jal        0x08846810
0x088B6004: 0x00000000 '....' - nop
0x088B6008: 0x27BDFFC0 '...'' - addiu      $sp, $sp, -64
0x088B600C: 0xAFBE0030 '0...' - sw         $fp, 48($sp)
0x088B6010: 0x3C1E089A '...<' - lui        $fp, 0x89A
0x088B6014: 0xAFB60028 '(...' - sw         $s6, 40($sp)
0x088B6018: 0x00E0B021 '!...' - move       $s6, $a3
0x088B601C: 0xAFB40020 ' ...' - sw         $s4, 32($sp)
0x088B6020: 0x0080A021 '!...' - move       $s4, $a0
0x088B6024: 0xAFB20018 '....' - sw         $s2, 24($sp)
0x088B6028: 0x00A09021 '!...' - move       $s2, $a1
0x088B602C: 0xAFB00010 '....' - sw         $s0, 16($sp)
0x088B6030: 0x00C08021 '!...' - move       $s0, $a2
0x088B6034: 0xAFBF0034 '4...' - sw         $ra, 52($sp)
0x088B6038: 0xAFB7002C ',...' - sw         $s7, 44($sp)
0x088B603C: 0xAFB50024 '$...' - sw         $s5, 36($sp)
0x088B6040: 0xAFB3001C '....' - sw         $s3, 28($sp)
0x088B6044: 0xAFB10014 '....' - sw         $s1, 20($sp)
0x088B6048: 0x8FC2E924 '$...' - lw         $v0, -5852($fp)
0x088B604C: 0xAFA2000C '....' - sw         $v0, 12($sp)
0x088B6050: 0x00001021 '!...' - move       $v0, $zr
0x088B6054: 0x1080001D '....' - beqz       $a0, 0x088B60CC
0x088B6058: 0x00000000 '....' - nop
0x088B605C: 0x10A0001B '....' - beqz       $a1, 0x088B60CC
0x088B6060: 0x00000000 '....' - nop
0x088B6064: 0x8CA500D0 '....' - lw         $a1, 208($a1)
0x088B6068: 0x00A72821 '!(..' - addu       $a1, $a1, $a3
0x088B606C: 0x0E22A2F7 '..".' - jal        0x088A8BDC
0x088B6070: 0x00052900 '.)..' - sll        $a1, $a1, 4
0x088B6074: 0x1040005D '].@.' - beqz       $v0, 0x088B61EC
Advertising
Top
some1
HBL Collaborator
Posts: 139
Joined: Sun Dec 12, 2010 4:19 am

Re: Crash

Post by some1 »

Firstly these addresses don't match, did you disasm during another session? Secondly you need to disasm before the crash to analyze better.
Advertising
way to keep a secret malloxis...erm jeerum
Hmm, a demo user mode exploit doesn't seem as important anymore, I wonder why... xP
Top
noname120
Developer
Posts: 777
Joined: Thu Oct 07, 2010 4:29 pm

Re: Crash

Post by noname120 »

Next time don't write the address again but use $epc instead.

About your exploit, it seems to be very interesting as you get full control over $a1, $s3, and $s7. You get an almost full control over $a2 which can be useful too.
Please provide us:

Code: Select all

disasm $epc-100 200
Funny stuff
<yifanlu> I enjoy being loud and obnoxious
<yifanlu> rooting an android is like getting a hooker pregnant
<xerpi> I sometimes think I should leave all this stressing **** and be a farmer instead
Top
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

i get this error when i try to disasm $epc

Code: Select all

host0:/> disasm $epc-100 200
Unknown register 'epc'
host0:/> disasm $epc-100 150
Unknown register 'epc'
host0:/> disasm $epc 150
Top
noname120
Developer
Posts: 777
Joined: Thu Oct 07, 2010 4:29 pm

Re: Crash

Post by noname120 »

Where did you download psplink?
You seem to have an heavily old version.
Funny stuff
<yifanlu> I enjoy being loud and obnoxious
<yifanlu> rooting an android is like getting a hooker pregnant
<xerpi> I sometimes think I should leave all this stressing **** and be a farmer instead
Top
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

i did not know that i had the old version. i downloaded psplink 2.0 now but it is not an excecutable program which can be placed on psp directly. can you give me a link with the newest version pls? Thank you
Top
noname120
Developer
Posts: 777
Joined: Thu Oct 07, 2010 4:29 pm

Re: Crash

Post by noname120 »

The version bundled with the minpspw http://sourceforge.net/projects/minpspw/ should be fine.
Funny stuff
<yifanlu> I enjoy being loud and obnoxious
<yifanlu> rooting an android is like getting a hooker pregnant
<xerpi> I sometimes think I should leave all this stressing **** and be a farmer instead
Top
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

i tried again but i am still not sure if it is correct. i installed all the new software and i hope they will be fine now.

But the way, to be able to make "disasm $epc-100 200", i had to keep my psp open after the crash (" black screen ") and then press enter on the psp.exe and write
"disasm $epc-100 200". If i was turning off the psp and then write "disasm $epc-100 200" after the "<host>" appear then it was not outputting any results and it was
complaining about "$epc" variable.

Please check it and tell me if there is anything useful! Thanks! :)

Code: Select all

host0:/> host0:/> Loading all modules ... Ready
Exception - Address load/inst fetch
Thread ID - 
Th Name   - 
Module ID - 
Mod Name  - 
EPC       - 0x088B5EB8
Cause     - 0x10000010
BadVAddr  - 0x61616159
Status    - 0x60088613
zr:0x00000000 at:0x09FFFB00 v0:0x089AE05F v1:0xFFFFFFFF
a0:0x089AE060 a1:0x61616161 a2:0x61616159 a3:0x089AE05F
t0:0x00000001 t1:0x040CF10F t2:0x00000000 t3:0x00000000
t4:0x01010101 t5:0x0004A871 t6:0x09C01EE8 t7:0x088B54A8
s0:0x089AE058 s1:0x089AE000 s2:0x089AE060 s3:0x61616161
s4:0x089AE058 s5:0x089AE038 s6:0x00000001 s7:0x61616161
t8:0x0002EB80 t9:0x00005D70 k0:0x09FFFB00 k1:0x00000000
gp:0x00000000 sp:0x09FFF170 fp:0x09C01EE0 ra:0x088B54D4
0x088B5EB8: 0x8CA3FFF8 '....' - lw         $v1, -8($a1)

host0:/> disasm $epc-100 200
0x088B5E54: 0xAD280000 '..(.' - sw         $t0, 0($t1)
0x088B5E58: 0x0A22D77F '..".' - j          0x088B5DFC
0x088B5E5C: 0x00802821 '!(..' - move       $a1, $a0
0x088B5E60: 0x10C00007 '....' - beqz       $a2, 0x088B5E80
0x088B5E64: 0x24E50008 '...$' - addiu      $a1, $a3, 8
0x088B5E68: 0x00A6001B '....' - divu       $a1, $a2
0x088B5E6C: 0x50C00001 '...P' - beqzl      $a2, 0x088B5E74
0x088B5E70: 0x000001CD '....' - break      0x7
0x088B5E74: 0x00005010 '.P..' - mfhi       $t2
0x088B5E78: 0x1540FFD9 '..@.' - bnez       $t2, 0x088B5DE0
0x088B5E7C: 0x00000000 '....' - nop
0x088B5E80: 0x8CE60000 '....' - lw         $a2, 0($a3)
0x088B5E84: 0x0A22D78B '..".' - j          0x088B5E2C
0x088B5E88: 0xAD260000 '..&.' - sw         $a2, 0($t1)
0x088B5E8C: 0x10800005 '....' - beqz       $a0, 0x088B5EA4
0x088B5E90: 0x24A6FFF8 '...$' - addiu      $a2, $a1, -8
0x088B5E94: 0x8C820000 '....' - lw         $v0, 0($a0)
0x088B5E98: 0x2487FFFF '...$' - addiu      $a3, $a0, -1
0x088B5E9C: 0x10470004 '..G.' - beq        $v0, $a3, 0x088B5EB0
0x088B5EA0: 0x00000000 '....' - nop
0x088B5EA4: 0x2403FFFC '...$' - li         $v1, -4
0x088B5EA8: 0x03E00008 '....' - jr         $ra
0x088B5EAC: 0x00601021 '!.`.' - move       $v0, $v1
0x088B5EB0: 0x10A0FFFD '....' - beqz       $a1, 0x088B5EA8
0x088B5EB4: 0x2403FFFF '...$' - li         $v1, -1
0x088B5EB8: 0x8CA3FFF8 '....' - lw         $v1, -8($a1)
0x088B5EBC: 0x50640003 '..dP' - beql       $v1, $a0, 0x088B5ECC
0x088B5EC0: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5EC4: 0x0A22D7AA '..".' - j          0x088B5EA8
0x088B5EC8: 0x2403FFFF '...$' - li         $v1, -1
0x088B5ECC: 0x1900FFFD '....' - blez       $t0, 0x088B5EC4
0x088B5ED0: 0x01004821 '!H..' - move       $t1, $t0
0x088B5ED4: 0x24870018 '...$' - addiu      $a3, $a0, 24
0x088B5ED8: 0x00C7282B '+(..' - sltu       $a1, $a2, $a3
0x088B5EDC: 0x14A0FFF2 '....' - bnez       $a1, 0x088B5EA8
0x088B5EE0: 0x2403FFFE '...$' - li         $v1, -2
0x088B5EE4: 0x8C8C0008 '....' - lw         $t4, 8($a0)
0x088B5EE8: 0x008C5821 '!X..' - addu       $t3, $a0, $t4
0x088B5EEC: 0x00CB502B '+P..' - sltu       $t2, $a2, $t3
0x088B5EF0: 0x55400003 '..@U' - bnezl      $t2, 0x088B5F00
0x088B5EF4: 0x8C850014 '....' - lw         $a1, 20($a0)
0x088B5EF8: 0x0A22D7AA '..".' - j          0x088B5EA8
0x088B5EFC: 0x00000000 '....' - nop
0x088B5F00: 0x00A6682B '+h..' - sltu       $t5, $a1, $a2
0x088B5F04: 0x55A00056 'V..U' - bnezl      $t5, 0x088B6060
0x088B5F08: 0x8CA70000 '....' - lw         $a3, 0($a1)
0x088B5F0C: 0x00A6102B '+...' - sltu       $v0, $a1, $a2
0x088B5F10: 0x10C5FFE5 '....' - beq        $a2, $a1, 0x088B5EA8
0x088B5F14: 0x2403FFFD '...$' - li         $v1, -3
0x088B5F18: 0x8CA70000 '....' - lw         $a3, 0($a1)
0x088B5F1C: 0x00C7C02B '+...' - sltu       $t8, $a2, $a3
0x088B5F20: 0x00A7782B '+x..' - sltu       $t7, $a1, $a3
0x088B5F24: 0x15E00003 '....' - bnez       $t7, 0x088B5F34
0x088B5F28: 0x03021825 '%...' - or         $v1, $t8, $v0
0x088B5F2C: 0x1460000A '..`.' - bnez       $v1, 0x088B5F58
0x088B5F30: 0x00C7182B '+...' - sltu       $v1, $a2, $a3
0x088B5F34: 0x00E6C82B '+...' - sltu       $t9, $a3, $a2
0x088B5F38: 0x1320FFF4 '.. .' - beqz       $t9, 0x088B5F0C
0x088B5F3C: 0x00E02821 '!(..' - move       $a1, $a3
0x088B5F40: 0x8CE30000 '....' - lw         $v1, 0($a3)
0x088B5F44: 0x00C3382B '+8..' - sltu       $a3, $a2, $v1
0x088B5F48: 0x50E0FFF1 '...P' - beqzl      $a3, 0x088B5F10
0x088B5F4C: 0x00A6102B '+...' - sltu       $v0, $a1, $a2
0x088B5F50: 0x00603821 '!8`.' - move       $a3, $v1
0x088B5F54: 0x00C7182B '+...' - sltu       $v1, $a2, $a3
0x088B5F58: 0x10600007 '..`.' - beqz       $v1, 0x088B5F78
0x088B5F5C: 0x00A6682B '+h..' - sltu       $t5, $a1, $a2
0x088B5F60: 0x000960C0 '.`..' - sll        $t4, $t1, 3
0x088B5F64: 0x00CC5821 '!X..' - addu       $t3, $a2, $t4
0x088B5F68: 0x00EB502B '+P..' - sltu       $t2, $a3, $t3
0x088B5F6C: 0x1540FFCE '..@.' - bnez       $t2, 0x088B5EA8
0x088B5F70: 0x2403FFFD '...$' - li         $v1, -3
0x088B5F74: 0x00A6682B '+h..' - sltu       $t5, $a1, $a2
0x088B5F78: 0x11A00008 '....' - beqz       $t5, 0x088B5F9C
0x088B5F7C: 0x29230002 '..#)' - slti       $v1, $t1, 2
0x088B5F80: 0x8CB90004 '....' - lw         $t9, 4($a1)
0x088B5F84: 0x0019C0C0 '....' - sll        $t8, $t9, 3
0x088B5F88: 0x00B87821 '!x..' - addu       $t7, $a1, $t8
0x088B5F8C: 0x00CF702B '+p..' - sltu       $t6, $a2, $t7
0x088B5F90: 0x15C0FFC5 '....' - bnez       $t6, 0x088B5EA8
0x088B5F94: 0x2403FFFD '...$' - li         $v1, -3
0x088B5F98: 0x29230002 '..#)' - slti       $v1, $t1, 2
0x088B5F9C: 0x54600010 '..`T' - bnezl      $v1, 0x088B5FE0
0x088B5FA0: 0x8C98000C '....' - lw         $t8, 12($a0)
0x088B5FA4: 0x3C02DEAD '...<' - lui        $v0, 0xDEAD
0x088B5FA8: 0x3443BEEF '..C4' - ori        $v1, $v0, 0xBEEF
0x088B5FAC: 0xACC30008 '....' - sw         $v1, 8($a2)
0x088B5FB0: 0xACC3000C '....' - sw         $v1, 12($a2)
0x088B5FB4: 0x8CA90004 '....' - lw         $t1, 4($a1)
0x088B5FB8: 0x29280003 '..()' - slti       $t0, $t1, 3
0x088B5FBC: 0x55000007 '...U' - bnezl      $t0, 0x088B5FDC
0x088B5FC0: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5FC4: 0x8CCC0004 '....' - lw         $t4, 4($a2)
0x088B5FC8: 0x000C58C0 '.X..' - sll        $t3, $t4, 3
0x088B5FCC: 0x00CB5021 '!P..' - addu       $t2, $a2, $t3
0x088B5FD0: 0xAD43FFFC '..C.' - sw         $v1, -4($t2)
0x088B5FD4: 0xAD43FFF8 '..C.' - sw         $v1, -8($t2)
0x088B5FD8: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5FDC: 0x8C98000C '....' - lw         $t8, 12($a0)
0x088B5FE0: 0x03087823 '#x..' - subu       $t7, $t8, $t0
0x088B5FE4: 0xAC8F000C '....' - sw         $t7, 12($a0)
0x088B5FE8: 0x8CC80004 '....' - lw         $t0, 4($a2)
0x088B5FEC: 0x000870C0 '.p..' - sll        $t6, $t0, 3
0x088B5FF0: 0x00CE6821 '!h..' - addu       $t5, $a2, $t6
0x088B5FF4: 0x51A70012 '...Q' - beql       $t5, $a3, 0x088B6040
0x088B5FF8: 0x8CE20004 '....' - lw         $v0, 4($a3)
0x088B5FFC: 0xACC70000 '....' - sw         $a3, 0($a2)
0x088B6000: 0x8CA70004 '....' - lw         $a3, 4($a1)
0x088B6004: 0x000748C0 '.H..' - sll        $t1, $a3, 3
0x088B6008: 0x00A94021 '!@..' - addu       $t0, $a1, $t1
0x088B600C: 0x50C80005 '...P' - beql       $a2, $t0, 0x088B6024
0x088B6010: 0x8CCC0004 '....' - lw         $t4, 4($a2)
0x088B6014: 0xACA60000 '....' - sw         $a2, 0($a1)
0x088B6018: 0xAC850014 '....' - sw         $a1, 20($a0)
0x088B601C: 0x0A22D7AA '..".' - j          0x088B5EA8
0x088B6020: 0x00001821 '!...' - move       $v1, $zr
0x088B6024: 0x8CCA0000 '....' - lw         $t2, 0($a2)
0x088B6028: 0x00EC5821 '!X..' - addu       $t3, $a3, $t4
0x088B602C: 0xACAB0004 '....' - sw         $t3, 4($a1)
0x088B6030: 0xACAA0000 '....' - sw         $t2, 0($a1)
0x088B6034: 0xACC00004 '....' - sw         $zr, 4($a2)
0x088B6038: 0x0A22D806 '..".' - j          0x088B6018
0x088B603C: 0xACC00000 '....' - sw         $zr, 0($a2)
0x088B6040: 0x1840FFEE '..@.' - blez       $v0, 0x088B5FFC
0x088B6044: 0x01021821 '!...' - addu       $v1, $t0, $v0
0x088B6048: 0x8CF90000 '....' - lw         $t9, 0($a3)
0x088B604C: 0xACC30004 '....' - sw         $v1, 4($a2)
0x088B6050: 0xACD90000 '....' - sw         $t9, 0($a2)
0x088B6054: 0xACE00004 '....' - sw         $zr, 4($a3)
0x088B6058: 0x0A22D800 '..".' - j          0x088B6000
0x088B605C: 0xACE00000 '....' - sw         $zr, 0($a3)
0x088B6060: 0x00C7702B '+p..' - sltu       $t6, $a2, $a3
0x088B6064: 0x51C0FFAA '...Q' - beqzl      $t6, 0x088B5F10
0x088B6068: 0x00A6102B '+...' - sltu       $v0, $a1, $a2
0x088B606C: 0x0A22D7D6 '..".' - j          0x088B5F58
0x088B6070: 0x00C7182B '+...' - sltu       $v1, $a2, $a3
0x088B6074: 0x2407FFFC '...$' - li         $a3, -4
0x088B6078: 0x2483FFFF '...$' - addiu      $v1, $a0, -1
0x088B607C: 0x10800004 '....' - beqz       $a0, 0x088B6090
0x088B6080: 0x24A6FFF8 '...$' - addiu      $a2, $a1, -8
0x088B6084: 0x8C880000 '....' - lw         $t0, 0($a0)
0x088B6088: 0x51030003 '...Q' - beql       $t0, $v1, 0x088B6098
0x088B608C: 0x24830018 '...$' - addiu      $v1, $a0, 24
0x088B6090: 0x03E00008 '....' - jr         $ra
0x088B6094: 0x00E01021 '!...' - move       $v0, $a3
0x088B6098: 0x2407FFFF '...$' - li         $a3, -1
0x088B609C: 0x10A0FFFC '....' - beqz       $a1, 0x088B6090
0x088B60A0: 0x00C3102B '+...' - sltu       $v0, $a2, $v1
0x088B60A4: 0x1440FFFA '..@.' - bnez       $v0, 0x088B6090
0x088B60A8: 0x2407FFFE '...$' - li         $a3, -2
0x088B60AC: 0x8C8A0008 '....' - lw         $t2, 8($a0)
0x088B60B0: 0x008A4821 '!H..' - addu       $t1, $a0, $t2
0x088B60B4: 0x00C9402B '+@..' - sltu       $t0, $a2, $t1
0x088B60B8: 0x1100FFF5 '....' - beqz       $t0, 0x088B6090
0x088B60BC: 0x00000000 '....' - nop
0x088B60C0: 0x8CABFFF8 '....' - lw         $t3, -8($a1)
0x088B60C4: 0x1564FFF2 '..d.' - bne        $t3, $a0, 0x088B6090
0x088B60C8: 0x00003821 '!8..' - move       $a3, $zr
0x088B60CC: 0x8CC50004 '....' - lw         $a1, 4($a2)
0x088B60D0: 0x000520C0 '. ..' - sll        $a0, $a1, 3
0x088B60D4: 0x0A22D824 '$.".' - j          0x088B6090
0x088B60D8: 0x2487FFF8 '...$' - addiu      $a3, $a0, -8
0x088B60DC: 0x24C70007 '...$' - addiu      $a3, $a2, 7
0x088B60E0: 0x000718C2 '....' - srl        $v1, $a3, 3
0x088B60E4: 0x246A0001 '..j$' - addiu      $t2, $v1, 1
0x088B60E8: 0x00803821 '!8..' - move       $a3, $a0
0x088B60EC: 0x10800005 '....' - beqz       $a0, 0x088B6104
0x088B60F0: 0x24A8FFF8 '...$' - addiu      $t0, $a1, -8
0x088B60F4: 0x8C820000 '....' - lw         $v0, 0($a0)
0x088B60F8: 0x2484FFFF '...$' - addiu      $a0, $a0, -1
0x088B60FC: 0x10440004 '..D.' - beq        $v0, $a0, 0x088B6110
0x088B6100: 0x00000000 '....' - nop
0x088B6104: 0x2409FFFC '...$' - li         $t1, -4
0x088B6108: 0x03E00008 '....' - jr         $ra
0x088B610C: 0x01201021 '!. .' - move       $v0, $t1
0x088B6110: 0x10A0FFFD '....' - beqz       $a1, 0x088B6108
0x088B6114: 0x2409FFFF '...$' - li         $t1, -1
0x088B6118: 0x24E90018 '...$' - addiu      $t1, $a3, 24
0x088B611C: 0x0109182B '+...' - sltu       $v1, $t0, $t1
0x088B6120: 0x5460FFF9 '..`T' - bnezl      $v1, 0x088B6108
0x088B6124: 0x2409FFFE '...$' - li         $t1, -2
0x088B6128: 0x8CEC0008 '....' - lw         $t4, 8($a3)
0x088B612C: 0x00EC2021 '! ..' - addu       $a0, $a3, $t4
0x088B6130: 0x0104582B '+X..' - sltu       $t3, $t0, $a0
0x088B6134: 0x5160FFF4 '..`Q' - beqzl      $t3, 0x088B6108
0x088B6138: 0x2409FFFE '...$' - li         $t1, -2
0x088B613C: 0x01066821 '!h..' - addu       $t5, $t0, $a2
0x088B6140: 0x01A4302B '+0..' - sltu       $a2, $t5, $a0
0x088B6144: 0x54C00003 '...T' - bnezl      $a2, 0x088B6154
0x088B6148: 0x8CAEFFF8 '....' - lw         $t6, -8($a1)
0x088B614C: 0x0A22D842 'B.".' - j          0x088B6108
0x088B6150: 0x2409FFFE '...$' - li         $t1, -2
0x088B6154: 0x15C7FFEC '....' - bne        $t6, $a3, 0x088B6108
0x088B6158: 0x2409FFFF '...$' - li         $t1, -1
0x088B615C: 0x8D060004 '....' - lw         $a2, 4($t0)
0x088B6160: 0x10CAFFE9 '....' - beq        $a2, $t2, 0x088B6108
0x088B6164: 0x00004821 '!H..' - move       $t1, $zr
0x088B6168: 0x8CE50014 '....' - lw         $a1, 20($a3)
0x088B616C: 0x00A8782B '+x..' - sltu       $t7, $a1, $t0
0x088B6170: 0x55E00079 'y..U' - bnezl      $t7, 0x088B6358
Top
stavrosomo
Posts: 109
Joined: Sun May 29, 2011 10:36 am

Re: Crash

Post by stavrosomo »

Anybody please tell me if this crash is useful or if there is a possibility to make it useful?
Top
Ibocan
Posts: 10
Joined: Tue Apr 24, 2012 3:18 am

Re: Crash

Post by Ibocan »

@stavrosomo ,

Great work i hope it is usefull , and plz don't release before the 2.0 OFW came out ( if it is usefull ) , that we can use it in the new firmware ...
Top
Locked

Return to “Programming and Security”