On 2012-06-07 13:59, Meador Inge wrote: > load_addr = loaddr; > if (ehdr->e_type == ET_DYN) { > + if (loaddr < mmap_min_addr) > + probe_guest_base(image_name, loaddr, hiaddr);
This doesn't make any sense. loaddr is almost certainly 0, unless you've pre-linked the ld.so image. But the next statement is letting the system pick the address at which the image will be loaded. What you're actually wanting is to probe the address ranges of the "real" program, which since this is essentially a program running a program is not visible to us at all. I think this is one of those cases where the -B or -R options (or QEMU_GUEST_BASE and QEMU_RESERVED_VA env variables) are the best way forward for whatever cpu you're emulating. That or a change to the target's default ld script, not to link real executables quite so low in the address space. r~