search

NationalSecurityAgency / ghidra

Ghidra is a software reverse engineering (SRE) framework
https://www.nsa.gov/ghidra
Apache License 2.0
51.26k stars 5.84k forks source link

"No such file or directory" when analysing binary #3726

Open hadess opened 2 years ago

hadess commented 2 years ago

Follow-up to https://github.com/NationalSecurityAgency/ghidra/issues/3377 with ghidra_10.1-BETA_PUBLIC_20211116

It seems that a regression might have snuck in that results in a problem unpacking the gdt packed database.

When running "Auto analysis":

DEBUG Tue Dec 07 10:36:17 CET 2021 Background processing started...  (ToolTaskManager.java:301) 
DEBUG Tue Dec 07 10:36:17 CET 2021 Exec Task Auto Analysis  (ToolTaskManager.java:305) 
INFO  DWARF external debug information found: ExternalDebugInfo [filename=null, crc=0, hash=6db637ef1b479f1b821f45dfe2960e37880df4fe]  (ExternalDebugFileSectionProvider.java:55) 
INFO  Unable to find DWARF information, skipping DWARF analysis  (DWARFAnalyzer.java:129) 
INFO  Packed database cache: /tmp/hadess-Ghidra/packed-db-cache  (PackedDatabaseCache.java:64) 
DEBUG Caching packed database: /app/lib/ghidra/Ghidra/Features/Base/data/typeinfo/generic/generic_clib_64.gdt  (PackedDatabaseCache.java:361) 
INFO  Analysis Log Messages
Apply Data Archives> Unexpected Error opening archive generic_clib_64: /tmp/hadess-Ghidra/packed-db-cache/pdb304B1211/db.0.gbf (No such file or directory)
  (MessageLog.java:162) 
DEBUG Tue Dec 07 10:36:18 CET 2021 Auto Analysis task finish (0.595 secs)  (ToolTaskManager.java:365) 
DEBUG Tue Dec 07 10:36:18 CET 2021  Queue - Auto Analysis  (ToolTaskManager.java:379) 
DEBUG Tue Dec 07 10:36:18 CET 2021  (0.015 secs)  (ToolTaskManager.java:385) 
DEBUG Tue Dec 07 10:36:18 CET 2021 Auto Analysis task complete (0.665 secs)  (ToolTaskManager.java:416) 
DEBUG Tue Dec 07 10:36:18 CET 2021 Background processing complete (0.668 secs)  (ToolTaskManager.java:324)

And when installed in /opt outside a Flatpak:

DEBUG Tue Dec 07 10:43:35 CET 2021 Background processing started...  (ToolTaskManager.java:301) 
DEBUG Tue Dec 07 10:43:35 CET 2021 Exec Task Auto Analysis  (ToolTaskManager.java:305) 
INFO  DWARF external debug information found: ExternalDebugInfo [filename=null, crc=0, hash=6db637ef1b479f1b821f45dfe2960e37880df4fe]  (ExternalDebugFileSectionProvider.java:55) 
INFO  Unable to find DWARF information, skipping DWARF analysis  (DWARFAnalyzer.java:129) 
INFO  Packed database cache: /tmp/hadess-Ghidra/packed-db-cache  (PackedDatabaseCache.java:64) 
DEBUG Using cached packed database: /opt/ghidra/Ghidra/Features/Base/data/typeinfo/generic/generic_clib_64.gdt  (PackedDatabaseCache.java:364) 
DEBUG Unpacking database /opt/ghidra/Ghidra/Features/Base/data/typeinfo/generic/generic_clib_64.gdt -> /tmp/hadess-Ghidra/packed-db-cache/pdb4F9F6492/db.2.gbf  (PackedDatabase.java:520) 
DEBUG Cache update completed: /opt/ghidra/Ghidra/Features/Base/data/typeinfo/generic/generic_clib_64.gdt  (PackedDatabaseCache.java:396) 
DEBUG Tue Dec 07 10:43:36 CET 2021 Auto Analysis task finish (1.057 secs)  (ToolTaskManager.java:365) 
DEBUG Tue Dec 07 10:43:36 CET 2021  Queue - Auto Analysis  (ToolTaskManager.java:379) 
DEBUG Tue Dec 07 10:43:36 CET 2021  (0.0 secs)  (ToolTaskManager.java:385) 
DEBUG Tue Dec 07 10:43:36 CET 2021 Auto Analysis task complete (1.086 secs)  (ToolTaskManager.java:416) 
DEBUG Tue Dec 07 10:43:36 CET 2021 Background processing complete (1.09 secs)  (ToolTaskManager.java:324)

Note that in Flatpak, the directory for the packed-db-cache exists, but is empty, and in its parent:

$ cat /tmp/hadess-Ghidra/packed-db-cache/cache.map 
/app/lib/ghidra/Ghidra/Features/Base/data/typeinfo/generic/generic_clib_64.gdt,pdbF98B0BCA,0,Archive,DTArchive,17d94591185

Same file but when outside /opt and Flatpak:

$ cat /tmp/hadess-Ghidra/packed-db-cache/cache.map
/opt/ghidra/Ghidra/Features/Base/data/typeinfo/generic/generic_clib_64.gdt,pdb4F9F6492,17d2a2883b0,Archive,DTArchive,17d9446eb81

My guess is that, again, 0 is being used as a special case: https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/store/db/PackedDatabaseCache.java#L161

and the database never unpacked because it didn't change since 0? https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Framework/FileSystem/src/main/java/ghidra/framework/store/db/PackedDatabase.java#L558-L590

ryanmkurtz commented 2 years ago

I'll add this to my queue, but just to warn you, 10.1 is frozen at this point so a potential change to this code will not make it in that release.

hadess commented 2 years ago

I'll add this to my queue, but just to warn you, 10.1 is frozen at this point so a potential change to this code will not make it in that release.

I'm going to have to figure out how to build this at some point, because if you're not testing the software in a Flatpak, and I only test it when it's already released, the feedback cycle is always going to be a bit too long...

ryanmkurtz commented 2 years ago

Yes, you don't want to rely on us to be testing each release on Flatpak, we don't have the resources for that. I recommend that you fork the Ghidra project and make a branch with the changes needed to get Ghidra working 100% correct in your environment, and then submit a pull-request so we can consider putting the changes in the next release.