karta_identifier.py createDisassemblerHandler returns None

jap0 commented 5 years ago

Can not run karta_identifier.py from IDA, I get following error: karta_err

jonas-x commented 5 years ago

@jap0 This looks to be the same problem described in this thread (problem 1): https://github.com/CheckPointSW/Karta/issues/13 (solution in the discussion)

jap0 commented 5 years ago

Tried to update my sys.path but I still get the same error. This is the output of "print sys.path" on my machine (from karta_identifier.py):

['C:\WINDOWS\system32\python27.zip', 'C:\Python27\Lib', 'C:\Python27\DLLs', 'C:\Python27\Lib\lib-tk', 'C:\Program Files\IDA 7.2', 'C:\Program Files\IDA 7.2\python', 'C:\Python27', 'C:\Python27\lib\site-packages', 'C:\Python27\lib\site-packages\karta-1.0.0-py2.7.egg', 'C:\Python27\lib\site-packages\click-7.0-py2.7.egg', 'C:\Python27\lib\site-packages\flake8-3.7.7-py2.7.egg', 'C:\Python27\lib\site-packages\pydocstyle-3.0.0-py2.7.egg', 'C:\Python27\lib\site-packages\sark-1.0-py2.7.egg', 'C:\Python27\lib\site-packages\elementals-1.2.6-py2.7.egg', 'C:\Python27\lib\site-packages\typing-3.6.6-py2.7.egg', 'C:\Python27\lib\site-packages\pyflakes-2.1.1-py2.7.egg', 'C:\Python27\lib\site-packages\pycodestyle-2.5.0-py2.7.egg', 'C:\Python27\lib\site-packages\mccabe-0.6.1-py2.7.egg', 'C:\Python27\lib\site-packages\functools32-3.2.3.post2-py2.7.egg', 'C:\Python27\lib\site-packages\enum34-1.1.6-py2.7.egg', 'C:\Python27\lib\site-packages\entrypoints-0.3-py2.7.egg', 'C:\Python27\lib\site-packages\configparser-3.7.4-py2.7.egg', 'C:\Python27\lib\site-packages\snowballstemmer-1.2.1-py2.7.egg', 'C:\Python27\lib\site-packages\six-1.12.0-py2.7.egg', 'C:\Python27\lib\site-packages\wrapt-1.11.1-py2.7.egg', 'C:\Program Files\IDA 7.2\python\lib\python2.7\lib-dynload\ida_32', 'C:\Program Files\IDA 7.2\python', 'C:/Python27/Lib/site-packages/Karta-1.0.0-py2.7.egg/src']

chkp-eyalit commented 5 years ago

createDisassemblerHandler() iterates over the registered disasemblers, and checks in which one of them the script is being executed. Currently, only IDA is supported, and is being registered inside ida_api.py when it is being referenced by the matching __init__.py file.

If the returned value is None, it means there are two options:

Path issue prevents the proper loading of __init__.py, hence there is no registration.
There was an import error when importing ida_api.py, and this is why it wasn't loaded.

Can you check if the __init__.py script was being called, and add a print to the try/except to check if there was an import exception? This information will help us recreate the error, and debug it on our side.

jap0 commented 5 years ago

I have changed content of following file: C:\Python27\Lib\site-packages\Karta-1.0.0-py2.7.egg\src\disassembler\IDAinit.py To:

try: from .ida_api import print "import OK" except ImportError, e: print "import err: "+e.errno+" - "+e.strerror pass from .ida_cmd_api import

And as result nothing has been printed to the output (the warning message box remains the same as in my first post).

Have changed file: C:\Python27\Lib\site-packages\Karta-1.0.0-py2.7.egg\src\disassemblerinit.py To:

from .IDA import from .disas_api import from .factory import * print "disassembler imports"

And as result nothing has been printed to the output (the warning message box remains the same as in my first post).

chkp-eyalit commented 5 years ago

I tried to recreate the issue on my setup, and updated my sys.path to match yours, and it still worked for me. Where in the code did you update the sys.path? I updated it as the first (top) lines inside karta_identifier.py, as it should be updated before the rest of the imports are happening.

jap0 commented 5 years ago

I have updated "Advanced system settings"->Environment variables and both user variable "path" and system variable "path". But I have also tried it now as you said directly in karta_identifier.py as first line. But did not help. I have a question, when I try in Python IDLE console to load modules from folder "C:\Python27\Lib\site-packages" (Karta is there also installed) I get following results:

import six import sark import pycodestyle import pip import flake8 import Karta

Traceback (most recent call last): File "<pyshell#5>", line 1, in import Karta ImportError: No module named Karta

import colorama import configparser My question is, should it be importable via such command (when correctly installed)?

chkp-eyalit commented 5 years ago

I never tried to import Karta as python package, and it wasn't planned for such use cases. The Read-The-Docs documentation specify how each script should be activated, and there are two options:

Invoked from command line - karta_analyze_src.py, and all the *_manual_* scripts
Invoked from withing IDA (File->Script File) - karta_identifier.py and karta_matcher.py

Is there anything out of the ordinary in your python setup? or in your IDA python installation? I just can't reproduce the path issue you are describing...

jap0 commented 5 years ago

From my point of view is extraordinary, that I am running on x64 python (installed from python-2.7.16.amd64.msi) because my IDA doesn't work with x86 python installation (I don't remember if there was option to choose x86 or x64 python during IDA installation). I have tried to reinstall python, but it did not help. Karta installation (setup.py install) works OK, after installation when executing karta_identifier.py it asked me to install "colorama". I did it via pip without problem. And then I get the above mentioned error (in both cases, when I try to run it from original download location and also when I try running it from C:\Python27\Lib\site-packages\Karta-1.0.0-py2.7.egg\src). I don't want to bother you with this. I don't know why the "init" scripts fail. I will try it at home with my personal IDA 7.0 in the evening and let you know if it will work there.

jap0 commented 5 years ago

Huh, finally it works. Thank you for your advices and patience (it was a "path" for me :) - word by word)

IDA freeware does not support IDAPython so I had to solve it with orig IDA
I have removed all python related paths from user/system path variable (have put only c:\python27 and c:\python27\scripts)
restarted computer
reinstalled Karta
added following lines to the beginning of the "karta_identifier.py" file: import sys, os sys.path.insert(0, os.path.join(os.getenv("SystemDrive"), os.sep, "Python27", "Lib", "site-packages", "Karta-1.0.0-py2.7.egg", "src")) sys.path.insert(0, os.path.join(os.getenv("SystemDrive"), os.sep, "Python27", "Lib", "site-packages"))
the error still persisted, so I have tried to delete "factory.py" (later have put it back, just wanted to test if the error will be influenced) and the error still persisted and that was very suspicious to me, so I have decided to find and remove all "Karta" instances on my disks and left only the one in "site-packages" of python27.
it was like the error has been cached :) somehow, so I have deleted all "*.pyc" in "disassembler" folder of Karta and restarted the .idb and finally IT WORKS!! (don't know exactly which of the steps was the winning one :) )

CheckPointSW / Karta