search

NationalSecurityAgency / ghidra

Ghidra is a software reverse engineering (SRE) framework
https://www.nsa.gov/ghidra
Apache License 2.0
49.06k stars 5.65k forks source link

Older versions of gdb do not work with the new Debugger (request documentation update) #6656

Closed forky2 closed 1 week ago

forky2 commented 1 week ago

Describe the bug Using the new Debugger tool with older versions of gdb (e.g. Ubuntu 9.2-0ubuntu1~20.04.1), the error "ValueError: byteorder must be either 'little' or 'big'" is output. This does not happen using a newer version of gdb that I built to test (13.2).

To Reproduce Steps to reproduce the behavior:

  1. Open a binary in the debugger tool chest
  2. Debugger > Configure and launch test using > gdb
  3. Set gdb to gdb which will be the default distro gdb build in my case
  4. Launch

With my gdb version (Ubuntu 9.2-0ubuntu1~20.04.1) the following error is produced:

Program stopped.
0x00007ffff7fd0100 in _start () from /lib64/ld-linux-x86-64.so.2
Traceback (most recent call last):
  File "/home/forky2/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-agent-gdb/pypkg/src/ghidragdb/hooks.py", line 161, in _func
    return func(*args, **kwargs)
  File "/home/forky2/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-agent-gdb/pypkg/src/ghidragdb/hooks.py", line 311, in on_stop
    state.record("Stopped")
  File "/home/forky2/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-agent-gdb/pypkg/src/ghidragdb/hooks.py", line 94, in record
    commands.putreg(
  File "/home/forky2/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-agent-gdb/pypkg/src/ghidragdb/commands.py", line 599, in putreg
    value = hex(int.from_bytes(rv.value, endian))
ValueError: byteorder must be either 'little' or 'big'
Python Exception <class 'ValueError'> byteorder must be either 'little' or 'big': 
(gdb)

Expected behavior I don't suggest the problem needs fixed, but I think the documentation could indicate the minimum GDB version supported and perhaps error out with a useful error if it's an unsupported version.

Environment (please complete the following information):

d-millar commented 1 week ago

@forky2 Hmmm, what was the version of gdb that caused the failure? Also, if you happen to have it around still, what does "show endian" return?

forky2 commented 1 week ago

It's GDB 9.2 as provided from the repositories of Ubuntu Server 20.04.3.

(gdb) show endian
The target endianness is set automatically (currently little endian)
d-millar commented 1 week ago

Thanks - looks like we broke something somewhere, as that should have worked.

forky2 commented 1 week ago

It could be something wrong with the distro build? I've only tested canonical's 9.2 build and my 13.2 build, but not anything else. What I can say is that the issue is repeatable on multiple Ubuntu 20.04 systems I've tested against.

d-millar commented 1 week ago

At a guess, lines 107-108 in Ghidra/Debug/Debugger-agent-gdb/src/main/py/src/ghidragdb should be identical to lines 120-121. If you wish to fix it on your end, that should do it. Putting in a ticket right now for the fix. THANKS!

forky2 commented 1 week ago

What file are you referring to? The path you sent is a directory in my git repo.

d-millar commented 1 week ago

Oh, oops - sorry: arch.py

nsadeveloper789 commented 1 week ago

To clarify, you can patch an installation instead of using the git repo, if you'd like. The file is at: .../ghidra_11.1.1_PUBLIC/Ghidra-Debug-Debugger-agent-gdb/pypkg/src/ghidragdb/arch.py.

forky2 commented 1 week ago

Thank you, understood. I'm away from the office with the machines in question so I'll confirm on Monday when I'm back there.

forky2 commented 5 days ago

I can confirm that that change resolves the issue reported. Thank you.