search

KeenSecurityLab / BinAbsInspector

BinAbsInspector: Vulnerability Scanner for Binaries
GNU General Public License v3.0
1.58k stars 231 forks source link

启动工具失败 #14

Closed Bling1234 closed 2 years ago

Bling1234 commented 2 years ago

严格按照安装指导书进行安装,启动工具失败,报错如下: java.lang.StackOverflowError at com.bai.solver.CFG.visit(CFG.java:80) at com.bai.solver.CFG.visit(CFG.java:84) at com.bai.solver.CFG.visit(CFG.java:84)

Build Date: 2022-Jan-25 1526 EST Ghidra Version: 10.1.2 Java Home: C:\Program Files\Eclipse Adoptium\jdk-11.0.14.101-hotspot JVM Version: Eclipse Adoptium 11.0.14.1 OS: Windows 10 10.0 amd64

MatthewShao commented 2 years ago

The setup seems fine. Could you please provide the sample binary?

zyq8709 commented 2 years ago

I suppose the CFG is too huge, which leads to this deep recursion. Maybe you can increase the stack limit in your JVM. If possible, it is better that you can provide us with the samples. Thanks! 有可能是CFG过大导致了很深的递归,你可以尝试增大JVM的stack限制。当然最好可以提供下样本,我们可以来一起更深入地分析原因。多谢!

Bling1234 commented 2 years ago

抱歉,二进制样本没法提供~~后面发现虽然有报错,但是仍然完成了对样本的扫描工作。

但是,在扫描另一个样本的时候,又有新的错误,报错如下: Java heap space java.lang.OutOfMemoryError: Java heap space

MatthewShao commented 2 years ago

java.lang.OutOfMemoryError is a common exception. This usually indicates that the sample binary has too many program points (AbsEnv) and current JVM memory settings could not hold. For now you can try the following steps as workarounds:

  1. Decrease the [-K <kElement>] value, the default value is 50, but we believe 5 is enough for many samples.
  2. Select another analysis entry point with [-entry <address>], for example the entry point of a sub-module, this could narrow down the analysis range, but this requires some reverse-engineering work.

  3. Increase the JVM heap memory setting according to https://github.com/NationalSecurityAgency/ghidra/issues/1997#issuecomment-645627337, in short, you can increase the JVM heap memory with an argument in $ghidra_dir/support/launch.sh/$ghidra_dir/support/launch.bat, it is also possible to set this for headless mode by modifying $ghidra_dir/support/launch.properties if I remember correctly.

    java.lang.OutOfMemoryError 是一个常见的异常。 这通常表明样本在分析过程存储了大量的程序点 (AbsEnv) 并且当前的 JVM 内存设置容纳不下。 建议你试试以下几种方法:

    • 减小 [-K <kElement>] 的值,默认值为 50,但测试过程中我们发现 5 对于很多样本来说已经足够了。
    • [-entry <address>]选择另一个分析入口点,例如子模块的入口点,这样可以缩小分析的范围,但需要一些逆向工作。
    • 根据https://github.com/NationalSecurityAgency/ghidra/issues/1997#issuecomment-645627337 来增加JVM堆内存设置,简单来讲可以通过$ghidra_dir/support/ launch.sh/$ghidra_dir/support/launch.bat中的参数增加JVM堆内存,如果我没记错的话,也可以通过修改$ghidra_dir/support/launch.properties 来设置headless模式的JVM启动参数。