Decompiler failure in 9_2

[hachinijuku]

Describe the bug When I open and analyze any x86 executable or dll in ghidra_9.2 upon clicking on any function in the Program Trees window, the messsage "Decompiler: Unable to initialize the DecompilerInterface: Decompiler process died" appears in the Decompile subwindow.

To Reproduce Steps to reproduce the behavior: Double click on any .exe or .dll in the Project files window. Click "Yes" in the Analyze popup. Click "Analyze" in the Analysis Options Popup Click "OK in the Auto Analysis Summary popup Open the Exports subtree in the Program Trees subwindow Click on entry Look at Decompiler subwindow for error message.

Expected behavior I expect to see some code in the Decompile subwindow

Attachments Relevant parts of application.log attached.

Environment (please complete the following information):

• OS: Linux remnux 4.15.0-112-generic #113-Ubuntu SMP Thu Jul 9 23:41:39 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
• Java Version: openjdk 11.0.8 2020-07-14 OpenJDK Runtime Environment (build 11.0.8+10-post-Ubuntu-0ubuntu118.04.1) OpenJDK 64-Bit Server VM (build 11.0.8+10-post-Ubuntu-0ubuntu118.04.1, mixed mode, sharing)
• Ghidra Version: 9.2

Additional context application log shows the following message for each function:

DEBUG (DecompilerParameterIdCmd) Failed to decompile function: : First run shows an error in the PE RTTI Analyzer (recovery from which is why I'm using 9.2) The subsequent runs are much more benign but still fail to decompile in the same way. **Help?** [application.log](https://github.com/NationalSecurityAgency/ghidra/files/5337464/application.log)

[astrelsky]

For clarification the index out of bounds error was when you were using 9.1 correct?

Are you able to execute the binary in /usr/local/ghidra_9.2_DEV/Ghidra/Features/Decompiler/os/linux64/decompile? It won't do anything when you execute it because it expects data to be pipe'd to it from ghidra but attempting to launch it shouldn't yield any errors. I'm wondering if it doesn't have execute permission and it isn't being logged.

If you do have to set +x you'll need to do so for the sleigh and demangler executables as well.

[ghizard]

Was the decompiler built from the same GitHub commit as the rest of the code you are running?

[hachinijuku]

Many thanks astrelsky! You too ghizard!

ghizard: I believe the decompiler came with the 9_2 distro I downloaded. I didn't do anything special to the distro.

astrelsky: OK. I'm a fool for not having tried to run the decompiler by hand. Here's what I got:

/usr/local/ghidra_9.2_DEV/Ghidra/Features/Decompiler/os/linux64/decompile: /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.26' not found (required by 
/usr/local/ghidra_9.2_DEV/Ghidra/Features/Decompiler/os/linux64/decompile)

BTW, passing that error message through into the log (and the Decompile window) would probably have led me to the solution.

Here's the info on my libc++:

strings /usr/lib/x86_64-linux-gnu/libstdc++.so.6 | grep GLIBCXX GLIBCXX_3.4 GLIBCXX_3.4.1 GLIBCXX_3.4.2

...

GLIBCXX_3.4.25 GLIBCXX_DEBUG_MESSAGE_LENGTH

I'm looking for ways to remediate this now.

[hachinijuku]

Problem solved by doing this:

sudo add-apt-repository ppa:ubuntu-toolchain-r/test
sudo apt-get update
sudo apt-get upgrade libstdc++6

Thanks for the nudge.

[dev747368]

where did you get your "9.2 dev" distro?

[dev747368]

I'm a bit confused. There is no pre-built 9.2 distro from us yet. When it is ready, soon-ish, it will be on ghidra-sre.org.

So, just trying to get an idea of the ways a user can run into issues, were did your pre-built distro come from?

[hachinijuku]

I'm trying to reconstruct this now. looking through my history, I cannot find a wget and I cannot find a browser link that gets right to it.

The most relevant info I can find in my history is this:

unzip ghidra_9.2_DEV_20200719_linux64/

So I'm really not sure where I obtained it.

I had been searching for the problem with the PE Header parsing and saw that it was being fixed in 9.2 and found some link to 9.2 "distro" that was zipped. I definitely did not run the build process. Gradle would have had me for breakfast.

I did find this URL in my browser: https://github.com/NationalSecurityAgency/ghidra/milestone/5?closed=1

I will look in one other browser (outside the VM on which I have this) to try to find it.

[hachinijuku]

I'm striking out. I only found vague references to 9.2 in my browser history, so I'm not sure what magical incantation I recited to get someone to build this on my behalf.

[dev747368]

thanks for looking. close this now?