Closed cothan closed 4 years ago
Boyan-MILANOV
commented
5 years ago Hey,
I just tested the installation on a clean ubuntu 18.04 and everything works fine for me. What environment are you using ?
In any case, could you retry to install pybind11 following the exact instructions from the README:
pip3 install pybind11
git clone https://github.com/pybind/pybind11 && cd pybind11
mkdir build && cd build
cmake ..
make check -j 4 and then reinstall ROPGenerator ?
cothan
commented
5 years ago Hi, I'm using Pop_OS, it's ubuntu 18.10 with custome Desktop Environment.
~ pip3 install pybind11 Sun 21 Apr 2019 06:22:56 PM EDT
Requirement already satisfied: pybind11 in /usr/local/lib/python3.6/dist-packages (2.2.4)
(base) cothan@xps:/tmp$ git clone https://github.com/pybind/pybind11 && cd pybind11
Cloning into 'pybind11'...
remote: Enumerating objects: 10543, done.
remote: Total 10543 (delta 0), reused 0 (delta 0), pack-reused 10543
Receiving objects: 100% (10543/10543), 3.86 MiB | 5.69 MiB/s, done.
Resolving deltas: 100% (7122/7122), done.
(base) cothan@xps:/tmp/pybind11$
(base) cothan@xps:/tmp/pybind11$ mkdir build && cd build
(base) cothan@xps:/tmp/pybind11/build$
(base) cothan@xps:/tmp/pybind11/build$ cmake ..
-- The CXX compiler identification is GNU 8.2.0
-- Check for working CXX compiler: /usr/bin/c++
-- Check for working CXX compiler: /usr/bin/c++ -- works
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found PythonInterp: /usr/bin/python3.6 (found version "3.6.7")
-- Found PythonLibs: /usr/lib/x86_64-linux-gnu/libpython3.6m.so
-- Performing Test HAS_CPP14_FLAG
-- Performing Test HAS_CPP14_FLAG - Success
-- Setting tests build type to MinSizeRel as none was specified
-- Building tests with Eigen v3.3.4
-- Boost version: 1.67.0
-- Performing Test HAS_FLTO
-- Performing Test HAS_FLTO - Success
-- LTO enabled
-- Catch not detected. Interpreter tests will be skipped. Install Catch headers manually or use `cmake -DDOWNLOAD_CATCH=1` to fetch them automatically.
-- pybind11 v2.3.dev0
-- Configuring done
-- Generating done
-- Build files have been written to: /tmp/pybind11/build
(base) cothan@xps:/tmp/pybind11/build$ make check -j 12
Scanning dependencies of target mock_install
Scanning dependencies of target test_subdirectory_function
Scanning dependencies of target pybind11_cross_module_tests
Scanning dependencies of target pybind11_tests
Scanning dependencies of target test_subdirectory_target
Scanning dependencies of target test_subdirectory_embed
-- Install configuration: "MinSizeRel"
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/buffer_info.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/options.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/operators.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/attr.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/cast.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/embed.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/pybind11.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/pytypes.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/eval.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/eigen.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/stl.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/chrono.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/detail
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/detail/descr.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/detail/internals.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/detail/init.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/detail/class.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/detail/common.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/detail/typeid.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/numpy.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/functional.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/stl_bind.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/common.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/complex.h
-- Installing: /tmp/pybind11/build/mock_install/include/pybind11/iostream.h
-- Installing: /tmp/pybind11/build/mock_install/share/cmake/pybind11/pybind11Config.cmake
-- Installing: /tmp/pybind11/build/mock_install/share/cmake/pybind11/pybind11ConfigVersion.cmake
-- Installing: /tmp/pybind11/build/mock_install/share/cmake/pybind11/FindPythonLibsNew.cmake
-- Installing: /tmp/pybind11/build/mock_install/share/cmake/pybind11/pybind11Tools.cmake
-- Installing: /tmp/pybind11/build/mock_install/share/cmake/pybind11/pybind11Targets.cmake
[ 2%] Building CXX object tests/CMakeFiles/pybind11_cross_module_tests.dir/pybind11_cross_module_tests.cpp.o
[ 2%] Built target mock_install
Scanning dependencies of target test_installed_target
Scanning dependencies of target test_installed_function
Scanning dependencies of target test_installed_embed
[ 5%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/pybind11_tests.cpp.o
[ 10%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_builtin_casters.cpp.o
[ 10%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_buffers.cpp.o
[ 15%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_call_policies.cpp.o
[ 15%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_callbacks.cpp.o
[ 18%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_chrono.cpp.o
[ 21%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_class.cpp.o
[ 23%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_constants_and_functions.cpp.o
[ 26%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_copy_move.cpp.o
[ 28%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_docstring_options.cpp.o
[ 28%] Built target test_installed_function
[ 31%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_eigen.cpp.o
[ 31%] Built target test_subdirectory_target
[ 34%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_enum.cpp.o
[ 34%] Built target test_installed_embed
[ 36%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_eval.cpp.o
[ 36%] Built target test_subdirectory_embed
[ 39%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_exceptions.cpp.o
[ 39%] Built target test_installed_target
[ 42%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_factory_constructors.cpp.o
[ 42%] Built target test_subdirectory_function
Scanning dependencies of target test_cmake_build
[ 42%] Built target test_cmake_build
[ 44%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_gil_scoped.cpp.o
[ 47%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_iostream.cpp.o
[ 50%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_kwargs_and_defaults.cpp.o
[ 52%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_local_bindings.cpp.o
[ 55%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_methods_and_attributes.cpp.o
[ 57%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_modules.cpp.o
[ 60%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_multiple_inheritance.cpp.o
[ 63%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_numpy_array.cpp.o
[ 65%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_numpy_dtypes.cpp.o
[ 68%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_numpy_vectorize.cpp.o
[ 71%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_opaque_types.cpp.o
[ 73%] Linking CXX shared module ../../tests/pybind11_cross_module_tests.cpython-36m-x86_64-linux-gnu.so
[ 76%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_operator_overloading.cpp.o
[ 78%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_pickling.cpp.o
[ 81%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_pytypes.cpp.o
[ 84%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_sequences_and_iterators.cpp.o
[ 86%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_smart_ptr.cpp.o
[ 89%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_stl.cpp.o
[ 92%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_stl_binders.cpp.o
[ 94%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_tagbased_polymorphic.cpp.o
[ 97%] Building CXX object tests/CMakeFiles/pybind11_tests.dir/test_virtual_functions.cpp.o
[ 97%] Built target pybind11_cross_module_tests
[100%] Linking CXX shared module ../../tests/pybind11_tests.cpython-36m-x86_64-linux-gnu.so
------ pybind11_tests.cpython-36m-x86_64-linux-gnu.so file size: 1987024
[100%] Built target pybind11_tests
Scanning dependencies of target pytest
============================================================================================================ test session starts =============================================================================================================
platform linux -- Python 3.6.7, pytest-4.1.0, py-1.7.0, pluggy-0.8.0
rootdir: /tmp/pybind11/tests, inifile: pytest.ini
collected 318 items
test_buffers.py .... [ 1%]
test_builtin_casters.py ....s........... [ 6%]
test_call_policies.py ........ [ 8%]
test_callbacks.py ....... [ 11%]
test_chrono.py ....... [ 13%]
test_class.py ................. [ 18%]
test_constants_and_functions.py .... [ 19%]
test_copy_move.py ....s.. [ 22%]
test_docstring_options.py . [ 22%]
test_eigen.py ......................... [ 30%]
test_enum.py ...... [ 32%]
test_eval.py . [ 32%]
test_exceptions.py ....... [ 34%]
test_factory_constructors.py ......... [ 37%]
test_gil_scoped.py .... [ 38%]
test_iostream.py ............ [ 42%]
test_kwargs_and_defaults.py ..... [ 44%]
test_local_bindings.py .......... [ 47%]
test_methods_and_attributes.py .................... [ 53%]
test_modules.py ..... [ 55%]
test_multiple_inheritance.py ........... [ 58%]
test_numpy_array.py .................................. [ 69%]
test_numpy_dtypes.py ............. [ 73%]
test_numpy_vectorize.py ....... [ 75%]
test_opaque_types.py .. [ 76%]
test_operator_overloading.py ... [ 77%]
test_pickling.py ..... [ 78%]
test_pytypes.py ............. [ 82%]
test_sequences_and_iterators.py ...... [ 84%]
test_smart_ptr.py ............. [ 88%]
test_stl.py ........ss........ [ 94%]
test_stl_binders.py ......... [ 97%]
test_tagbased_polymorphic.py . [ 97%]
test_virtual_functions.py ........ [100%]
========================================================================================================== short test summary info ===========================================================================================================
SKIP [1] test_builtin_casters.py:112: no <string_view>
SKIP [1] test_copy_move.py:68: no <optional>
SKIP [1] test_stl.py:106: no <optional>
SKIP [1] test_stl.py:129: no <experimental/optional>
=================================================================================================== 314 passed, 4 skipped in 9.21 seconds ====================================================================================================
[100%] Built target pytest
Scanning dependencies of target check
[100%] Built target check
(base) cothan@xps:/tmp/pybind11/build$ ROPGenerator
▒▒▒▒▒▒▒╗░▒▒▒▒▒▒╗░▒▒▒▒▒▒ ═════════════════════════
▒▒╔══▒▒║▒▒╔═══▒▒╗▒▒╔══▒╗
▒▒▒▒▒▒╔╝▒▒║ ▒▒║▒▒▒▒▒▒║ G E N E R A T O R
▒▒╔══▒▒╗╚▒▒▒▒▒▒╔╝▒▒╔═══╝
╚═╝ ╚═╝ ╚═════╝ ╚═╝ ════════════════════ v2.0
Segmentation fault (core dumped)
So I did try to do exactly like README, here is the core dump log I got
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
[New LWP 7463]
ERROR: Could not find ELF base!
ERROR: Could not find ELF base!
Could not check ASLR: Couldn't get personality
Core was generated by `/usr/bin/python3 /home/cothan/.local/bin/ROPGenerator'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fa452236d3f in ?? () from /lib/x86_64-linux-gnu/libgcc_s.so.1
ERROR: Could not find ELF base!
ERROR: Could not find ELF base!
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
────────────────────────────────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]─────────────────────────────────────────────────────────────────────────────────────────────────────────────────
RAX 0x1
RBX 0x0
RCX 0x1
RDX 0x0
RDI 0x7fa453b27990 ◂— 0x0
RSI 0x0
R8 0x0
R9 0x7fa430005df0 —▸ 0x7fa430003bd0 ◂— 0xf2e66ffffff7be9
R10 0x7fa430000000 ◂— 0x10102464c457f
R11 0x7fa452240230 —▸ 0x7fa453903000 ◂— 0x25ff001c200235ff
R12 0x7ffff218e680 —▸ 0x7ffff218ef10 —▸ 0x7fa451816cc8 —▸ 0x7fa4516a6318 —▸ 0x7fa4516198a0 ◂— ...
R13 0x7ffff218e680 —▸ 0x7ffff218ef10 —▸ 0x7fa451816cc8 —▸ 0x7fa4516a6318 —▸ 0x7fa4516198a0 ◂— ...
R14 0x0
R15 0x7fa453a0ab40 ◂— 0x8b535441e5894855
RBP 0x7ffff218e770 ◂— 0x0
RSP 0x7ffff218e610 ◂— 0x0
RIP 0x7fa452236d3f ◂— 0xc7ba489c75483880
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────[ DISASM ]──────────────────────────────────────────────────────────────────────────────────────────────────────────────────
► 0x7fa452236d3f cmp byte ptr [rax], 0x48
0x7fa452236d42 jne 0x7fa452236ce0
↓
0x7fa452236ce0 add rsp, 0x38
0x7fa452236ce4 mov eax, 5
0x7fa452236ce9 pop rbx
0x7fa452236cea pop rbp
0x7fa452236ceb pop r12
0x7fa452236ced pop r13
0x7fa452236cef pop r14
0x7fa452236cf1 pop r15
0x7fa452236cf3 ret $ file core
core: ELF 64-bit LSB core file, x86-64, version 1 (SYSV), SVR4-style, from 'python3 ../ROPGenerator', real uid: 1000, effective uid: 1000, real gid: 1000, effective gid: 1000, execfn: '/usr/bin/python3', platform: 'x86_64'I've upload the core at (link will be deleted after 30 days from now) https://ufile.io/j4d6ubi8
Boyan-MILANOV
commented
5 years ago Hey again :)
Could you try to re-install ROPGenerator after changing the following lines in setup.py:
opts.append("-g0")
opts.append("-O2") into
opts.append("-g3")
opts.append("-O0") ?
This will compile the C++ modules without optimisations and with debug information. Then you can launch the tool, it will crash again, but the resulting core dump should contain more useful information.
Thank you in advance :)
Boyan
Boyan-MILANOV
commented
5 years ago Hey, anything new about this issue ?
cothan
commented
5 years ago Hi,
I have just checked, I still get the same issue. This time I tried.
~/S/r/r/p/b/b/R/ropgenerator … grep "opts.append" setup.py Thu 06 Jun 2019 03:17:27 PM +07
70: opts.append('-DVERSION_INFO="%s"' % self.distribution.get_version())
71: opts.append(cpp_flag(self.compiler))
73: opts.append('-fvisibility=hidden')
74: opts.append('-Wno-delete-non-virtual-dtor')
75: opts.append('-Wno-return-type')
76: opts.append("-g3") # Maximum optimisation DEBUG
77: opts.append("-O0") # Fast compile DEBUG
79: opts.append('/DVERSION_INFO=\\"%s\\"' % self.distribution.get_version())I think the issue is within my system, because I think it's something relate to glibc.
gdb -c core Thu 06 Jun 2019 03:38:18 PM +07
pwndbg: loaded 175 commands. Type pwndbg [filter] for a list.
pwndbg: created $rebase, $ida gdb functions (can be used with print/break)
[New LWP 14822]
ERROR: Could not find ELF base!
ERROR: Could not find ELF base!
Could not check ASLR: Couldn't get personality
Core was generated by `/usr/bin/python3 /home/cothan/.local/bin/ROPGenerator -h'.
Program terminated with signal SIGABRT, Aborted.
#0 0x00007ff709ee2077 in ?? () from /lib/x86_64-linux-gnu/libc.so.6
ERROR: Could not find ELF base!
ERROR: Could not find ELF base!
LEGEND: STACK | HEAP | CODE | DATA | RWX | RODATA
───────────────────────────────────────────────────────────────────────────────────────────────[ REGISTERS ]───────────────────────────────────────────────────────────────────────────────────────────────
RAX 0x0
RBX 0x1
RCX 0x7ff709ee2077 ◂— 0x108248c8b48
RDX 0x0
RDI 0x2
RSI 0x7ffdada39c20 ◂— 0x8
R8 0x0
R9 0x7ffdada39c20 ◂— 0x8
R10 0x8
R11 0x246
R12 0x7ffdada3b0b0 —▸ 0x1694210 —▸ 0x7ff707e6c0c0 ◂— add dword ptr [rax], eax
R13 0x1694200 —▸ 0x7ff707e01090 ◂— 0x6
R14 0x2
R15 0x7ff707ea0b70 ◂— add al, byte ptr [rax]
RBP 0x7ffdada3a530 —▸ 0x7ffdada3a5c0 —▸ 0x7ffdada3a610 —▸ 0x7ffdada3a6c0 —▸ 0x7ffdada3a700 ◂— ...
RSP 0x7ffdada39c20 ◂— 0x8
RIP 0x7ff709ee2077 ◂— 0x108248c8b48
────────────────────────────────────────────────────────────────────────────────────────────────[ DISASM ]─────────────────────────────────────────────────────────────────────────────────────────────────
► 0x7ff709ee2077 mov rcx, qword ptr [rsp + 0x108]
0x7ff709ee207f xor rcx, qword ptr fs:[0x28]
0x7ff709ee2088 mov eax, r8d
0x7ff709ee208b jne 0x7ff709ee20ac
↓
0x7ff709ee20ac call 0x7ff709fce3e0
0x7ff709ee20b1 nop word ptr cs:[rax + rax]
0x7ff709ee20bb nop dword ptr [rax + rax]
0x7ff709ee20c0 test edi, edi
0x7ff709ee20c2 js 0x7ff709ee20d0
0x7ff709ee20c4 neg edi
0x7ff709ee20c6 jmp 0x7ff709ee2350
─────────────────────────────────────────────────────────────────────────────────────────────────[ STACK ]─────────────────────────────────────────────────────────────────────────────────────────────────
00:0000│ rsi r9 rsp 0x7ffdada39c20 ◂— 0x8
01:0008│ 0x7ffdada39c28 —▸ 0x7ff6dd248935 ◂— add rsp, 0x208
02:0010│ 0x7ffdada39c30 ◂— 0x808a59d20
03:0018│ 0x7ffdada39c38 —▸ 0x7ff6dd2c6168 ◂— 0x746c7561666564 /* 'default' */
04:0020│ 0x7ffdada39c40 —▸ 0x24386e8 ◂— jo 0x243875b
05:0028│ 0x7ffdada39c48 —▸ 0x25434a8 ◂— add byte ptr [rax], al
06:0030│ 0x7ffdada39c50 —▸ 0x7ff6dd728a70 —▸ 0x7ff6dd024830 ◂— push r14
07:0038│ 0x7ffdada39c58 ◂— 0x8
───────────────────────────────────────────────────────────────────────────────────────────────[ BACKTRACE ]───────────────────────────────────────────────────────────────────────────────────────────────
► f 0 7ff709ee2077
f 1 8
f 2 7ff6dd248935
f 3 808a59d20
f 4 7ff6dd2c6168
f 5 24386e8
f 6 25434a8
f 7 7ff6dd728a70
f 8 8
f 9 7ff6dd333b68
f 10 ab7
pwndbg> 
SheepReaper
commented
5 years ago same here
[ 7602.388914] ROPGenerator[9041]: segfault at 1 ip 0000000000000001 sp 00007fffffffcc58 error 14 in python3[400000+21000]
[ 7602.388921] Code: Bad RIP value.
[ 7604.327394] ROPGenerator[9045]: segfault at 1 ip 0000000000000001 sp 00007fffffffcc58 error 14 in python3[400000+21000]
[ 7604.327401] Code: Bad RIP value.
[ 7605.791084] ROPGenerator[9049]: segfault at 1 ip 0000000000000001 sp 00007fffffffcc58 error 14 in python3[400000+21000]
[ 7605.791091] Code: Bad RIP value.Linux kali 5.2.0-kali2-amd64 #1 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux Python 3.7.4
BeyondPerception
commented
5 years ago Anything more on this, I'm having the same issue
korcankaraokcu
commented
5 years ago Same problem here, ParrotOS. Would be nice to have a precompiled binary release.
Boyan-MILANOV
commented
4 years ago Hey guys,
Sorry for the late answer, I had been working on other projects for a while :)
I just started to work on the version 3 of ROPGenerator, which will include major code refactoring in the core. Especially python bindings will change so I believe it should solve the problem. I'll let you know when the v3 is released to that you can test it.
figbux
commented
4 years ago I got the same; then I saw that latest barf is 0.6.0 whereas ROPGenerator depends on barf==0.5.0. Checking out v0.5.0 solved partially; now I'm getting:
ImportError: cannot import name 'BARF' from partially initialized module 'barf' (most likely due to a circular importEdit: Docker image seems working fine
Boyan-MILANOV
commented
4 years ago Hey,
So I finally release the version 3 of ROPGenerator (now called ROPium). Since the code base is much different, especially concerning python libs and bindings, this issue is solved/not relevant anymore :)
I run command to build in README.rd and then run ROPgenerator, I get SIGSEGV error. So I run
Step to reproduce
Any recommendation to fix the problem, can you make a prebuilt binary instead?