search

NationalSecurityAgency / ghidra

Ghidra is a software reverse engineering (SRE) framework
https://www.nsa.gov/ghidra
Apache License 2.0
52.16k stars 5.91k forks source link

AddressOutOfBoundsException connecting to qemu-arm target. #3529

Open resrever opened 3 years ago

resrever commented 3 years ago

Describe the bug

When connecting to a qemu-arm target I get an AddressOutOfBoundsException and a warning unable to open /proc file '/proc/1/maps'. I can sort of workaround this issue by running a GDB script that substitutes info proc mappings, but then I run into other issues.

To Reproduce

  1. Run the target binary in a shell: qemu-arm -g 2345 ~/helloarm
  2. Load the binary into the Debugger tool and connect using IN-VM GNU gdb local debugger and GDB launch command /usr/bin/gdb-multiarch
  3. Run the following commands in the interpreter: set style enabled off file /home/user/helloarm target remote :2345

A plugin event error pops up (text at the bottom) and the interpreter outputs the following:

(gdb)source ~/test.gdb 0x000103e8 in _start () (gdb) 0x000103e8 in _start () warning: unable to open /proc file '/proc/1/maps' warning: unable to open /proc file '/proc/1/maps'

The Debug console also has this: Listener ghidra.app.plugin.core.debug.gui.objects.DebuggerObjectsProvider$MyObjectListener@7ac1208d caused exception processing attributesChanged

Environment (please complete the following information):

Plugin Event Error

Error in plugin event listener

Offset must be between 0x0 and 0xffffffff, got 0x7ffffffffffffffe instead! ghidra.program.model.address.AddressOutOfBoundsException: Offset must be between 0x0 and 0xffffffff, got 0x7ffffffffffffffe instead! at ghidra.program.model.address.AbstractAddressSpace.makeValidOffset(AbstractAddressSpace.java:626) at ghidra.program.model.address.GenericAddressSpace.makeValidOffset(GenericAddressSpace.java:21) at ghidra.program.model.address.GenericAddress.(GenericAddress.java:55) at ghidra.program.model.address.GenericAddressSpace.getAddress(GenericAddressSpace.java:88) at ghidra.app.plugin.core.debug.mapping.DefaultDebuggerMemoryMapper.toSameNamedSpace(DefaultDebuggerMemoryMapper.java:41) at ghidra.app.plugin.core.debug.mapping.DefaultDebuggerMemoryMapper.targetToTrace(DefaultDebuggerMemoryMapper.java:66) at ghidra.app.plugin.core.debug.mapping.DefaultDebuggerMemoryMapper.targetToTrace(DefaultDebuggerMemoryMapper.java:72) at ghidra.app.plugin.core.debug.service.model.RecorderSimpleMemory.getAccessibleMemory(RecorderSimpleMemory.java:97) at ghidra.app.plugin.core.debug.service.model.DefaultProcessRecorder.getAccessibleProcessMemory(DefaultProcessRecorder.java:65) at ghidra.app.plugin.core.debug.service.model.DefaultTraceRecorder.getAccessibleProcessMemory(DefaultTraceRecorder.java:527) at ghidra.app.plugin.core.debug.gui.action.VisibleROOnceAutoReadMemorySpec.readMemory(VisibleROOnceAutoReadMemorySpec.java:61) at ghidra.app.plugin.core.debug.gui.listing.DebuggerListingProvider.doAutoReadMemory(DebuggerListingProvider.java:1272) at ghidra.app.plugin.core.debug.gui.listing.DebuggerListingProvider.goToCoordinates(DebuggerListingProvider.java:1314) at ghidra.app.plugin.core.debug.gui.listing.DebuggerListingProvider.coordinatesActivated(DebuggerListingProvider.java:1320) at ghidra.app.plugin.core.debug.gui.listing.DebuggerListingPlugin.lambda$processEvent$3(DebuggerListingPlugin.java:290) at ghidra.app.plugin.core.debug.gui.listing.DebuggerListingPlugin.allProviders(DebuggerListingPlugin.java:311) at ghidra.app.plugin.core.debug.gui.listing.DebuggerListingPlugin.processEvent(DebuggerListingPlugin.java:290) at ghidra.framework.plugintool.Plugin.eventSent(Plugin.java:329) at ghidra.framework.plugintool.mgr.EventManager.sendEvents(EventManager.java:286) at ghidra.framework.plugintool.mgr.EventManager.lambda$new$3(EventManager.java:49) at ghidra.util.Swing.doRun(Swing.java:292) at ghidra.util.Swing.runNow(Swing.java:208) at ghidra.util.Swing.runNow(Swing.java:163) at ghidra.framework.plugintool.mgr.EventManager.fireEvent(EventManager.java:216) at ghidra.framework.plugintool.PluginTool.firePluginEvent(PluginTool.java:475) at ghidra.framework.plugintool.Plugin.firePluginEvent(Plugin.java:481) at ghidra.app.plugin.core.debug.service.model.DebuggerModelServiceInternal.lambda$fireSnapEvent$1(DebuggerModelServiceInternal.java:112) at java.desktop/java.awt.event.InvocationEvent.dispatch(InvocationEvent.java:313) at java.desktop/java.awt.EventQueue.dispatchEventImpl(EventQueue.java:770) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:721) at java.desktop/java.awt.EventQueue$4.run(EventQueue.java:715) at java.base/java.security.AccessController.doPrivileged(Native Method) at java.base/java.security.ProtectionDomain$JavaSecurityAccessImpl.doIntersectionPrivilege(ProtectionDomain.java:85) at java.desktop/java.awt.EventQueue.dispatchEvent(EventQueue.java:740) at java.desktop/java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:203) at java.desktop/java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:124) at java.desktop/java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:113) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:109) at java.desktop/java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:101) at java.desktop/java.awt.EventDispatchThread.run(EventDispatchThread.java:90)

Build Date: 2021-Oct-19 1234 EDT Ghidra Version: 10.0.5 Java Home: /usr/lib/jvm/java-11-openjdk-amd64 JVM Version: Ubuntu 11.0.11 OS: Linux 5.4.0-48-generic amd64 Workstation: ubuntu20

d-millar commented 3 years ago

what happend to substiture_mappings.py?

resrever commented 3 years ago

Here's a copy: substitute_mappings.py.txt

I guess this report is more of a feature request to integrate substitute_mappings.py. After I submitted this report, I tried again and breakpoints are all working with the other fixes. I could have sworn I saw it skipping my breakpoint inside main(), but after I went back and re-tested it now seems to be hitting both software and hardware breakpoints just fine.

d-millar commented 3 years ago

Ah, well, that we can do! Will file a ticket for that. Glad the breakpoints are working. If you figure out why they weren't, let us know - could easily be some slightly different sequence of events.

astrelsky commented 3 years ago

Another multiprocess quirk related to the gdb gadp is that it seems to disregard that multiprocess may not be supported by the connected remote target and complains about not knowing the process number when it does not support it.

kevinferrare commented 2 years ago

Getting the same error when debugging 16bit real mode assembly via IN-VM GDB with 10.1.

ryanmkurtz commented 4 months ago

1502279f90d76954227bd7044d97d3a81a6022ae