On Mon, Feb 13, 2017 at 06:37:23AM -0500, Stéphane Fillion wrote: > Hi. > > I'm using gforth 0.7.2 under lubuntu 16.04. Arch is AMD64. > > I installed it with this command: > > sudo apt-get install gforth > > > > The 'see' word works correctly when trying to decompile any user-defined > and some predefined words. By example: > > : inc compiled > > 1 + ; ok > > see inc > > : inc > > 1 + ; ok > > > see see > > > : see > > parse-name find-name dup 0= > > IF drop -13 throw > > THEN > > name-see ; ok > > ... > After installing gdb I get another, still inacurate, result. Gdb version is > 7.11.1 > > I first get this: > > see + > > Code + > > > > Nothing else happens until I press CTRL-D. I then get this: > > 0x00404f04: /tmp/gforthdis.Doy9BGU1EL:4: Error in sourced command > > file: > > Cannot access memory at address 0x404f04 > > quit > > end-code > > ok
This is probably due to https://wiki.ubuntu.com/SecurityTeam/Roadmap/KernelHardening#ptrace_Protection To check this, type cat /proc/sys/kernel/yama/ptrace_scope If this outputs 1, that is probably the cause of the problem. You can change it with echo 0 >/proc/sys/kernel/yama/ptrace_scope as root, or permanently by editing /etc/sysctl.d/10-ptrace.conf. If you cannot or do not want to do that, you can do ' dump is discode in Gforth. Then, for primitives SEE will show you a hex dump of the machine code instead of trying to disassemble it. - anton
