Ghidra debugger error: "java.net.SocketTimeoutException: Accept timed out"

[mediotex]

Ghidra 11.1.1 on Linux Debian openjdk version "17.0.12" 2024-07-16 OpenJDK Runtime Environment (build 17.0.12+7-Debian-2deb11u1)

When I try to open a raw mips32 binary (memory dump) in Debugger, I get an error: "Failed to launch image2.out due to an exception: Java.net.SocketTimeoutException: Accept timed out"

from application.log:

2024-08-21 13:36:55 INFO  (DefaultProject) Opening project: /home/tmecomp/arri-image2  
2024-08-21 13:36:57 INFO  (GhidraRun) Ghidra startup complete (26569 ms)  
2024-08-21 13:37:09 INFO  (PackedDatabaseCache) Packed database cache: /var/tmp/tmecomp-ghidra/packed-db-cache  
2024-08-21 13:37:09 DEBUG (PackedDatabaseCache) Using cached packed database: /home/tmecomp/recos/ecos-mips.le.32.fidb  
2024-08-21 13:37:09 DEBUG (PackedDatabaseCache) Using cached packed database: /home/tmecomp/recos/ecos-mips.be.32.fidb  
2024-08-21 13:37:14 DEBUG (PackedDatabaseCache) Using cached packed database: /home/tmecomp/ghidra_11.1.1_PUBLIC/Ghidra/Features/Base/data/typeinfo/generic/generic_clib.gdt  
2024-08-21 13:41:43 DEBUG (UnixPty) New Pty: /dev/pts/1 at (191,198)  
2024-08-21 13:41:43 INFO  (LocalProcessPtySession) local Pty session. PID = 3068  
2024-08-21 13:41:43 ERROR (ThreadedTerminal) Console input closed unexpectedly: java.io.IOException: com.sun.jna.LastErrorException: [5] Input/output error 

[d-millar]

Can you load it into gdb?

[mediotex]

yes, I can open file in Debugger. When try launch it in Debugger (Configure and Launch image2.out using.. > gdb > Launch), it show error.

[d-millar]

@mediotex Is gdb in your path and/or did you specify the full path in the launch dialog?

[mediotex]

$ whereis -b gdb
gdb: /usr/share/gdb

In the "Launch with gdb" window I have 3 fields filled: Image: path to image gdb command: gdb Run command: start

[d-millar]

Try /usr/share/gdb in "gdb command" (or add /usr/share to $PATH).

[mediotex]

I tried with /usr/share/gdb path in "gdb command", it also gives an error:

_.../ghidra_11.1.1PUBLIC/Ghidra/Debug/Debugger-agent-gdb/data/debugger-launchers/local-gdb.sh: line 56: /usr/share/gdb: Is a directory Which file I should browse and specify in my gdb directory?

[d-millar]

OK, so you need to browse to the gdb executable - the entry in the dialog is what will be run. On my system, /usr/share/gdb is not an executable. Usually, the gdb executable lives in /usr/bin or /usr/local/bin.

[d-millar]

Given your results for whereis, it seems possible that gdb is not installed on your machine.

[mediotex]

You are right, gdb was not installed on my machine, I installed it. Then repeated launch with gdb in "gdb command", but Launch Failed. last 2 lines:

No symbol table loaded. Use the "file" command.
(gdb)

and in the Terminal window in the bottom:

 File "/home/tmecomp/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-rmi-trace/pypkg/src/ghidratrace/client.py", line 27, in <
module>
    from . import trace_rmi_pb2 as bufs
  File "/home/tmecomp/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-rmi-trace/pypkg/src/ghidratrace/trace_rmi_pb2.py", line 5
, in <module>
    from google.protobuf.internal import builder as _builder
ModuleNotFoundError: No module named 'google'
Error while executing Python code.
"0x7ffe1013e080s": not in executable format: file format not recognized
Undefined command: "ghidra".  Try "help".
Undefined command: "ghidra".  Try "help".
Undefined command: "ghidra".  Try "help".
No symbol table loaded. Use the "file" command.
gdb

[d-millar]

Ah, OK. The more important error is the one above, which is telling you that you haven't installed the requisite packages in python. Try the following:

(1) Run gdb from a terminal. Switch to the python interpreter ("pi"). Run "import sys" and "sys.version" to identify the version of python compiled into gdb. (2) Verify that the version of python installed on your system is the same version ("python3 --version"). (3) Run "python3 -m pip install psutil protobuf==3.20.3". (4) Retry the experiment above.

[mediotex]

Regarding step (3): should I install a specific protobuf version 3.20.3 ? In debian package manager python3-protobuf 3.12.4-1+deb11u1 is a version offered.

[d-millar]

Honestly, I'm not sure - versions newer than 3.20.3 will break things. 3.12.4 might work? I would say go ahead and try it.

[mediotex]

So I did steps above, the version of python installed on my system matches the version of python compiled into gdb (3.9.2) Both psutil and protobuf(v3.12.4) modules are installed.

Launch gdb failed, the same error, exception: java.net.SocketTimeoutException: Accept timed out in the Terminal window in the bottom:

For help, type "help".
Type "apropos word" to search for commands related to "word".
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "/home/tmecomp/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-agent-gdb/pypkg/src/ghidragdb/__init__.py", line 16, in <
module>
    from . import util, commands, parameters
  File "/home/tmecomp/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-agent-gdb/pypkg/src/ghidragdb/commands.py", line 23, in <
module>
    from ghidratrace.client import Client, Address, AddressRange, TraceObject
  File "/home/tmecomp/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-rmi-trace/pypkg/src/ghidratrace/client.py", line 27, in <
module>
    from . import trace_rmi_pb2 as bufs
  File "/home/tmecomp/ghidra_11.1.1_PUBLIC/Ghidra/Debug/Debugger-rmi-trace/pypkg/src/ghidratrace/trace_rmi_pb2.py", line 5
, in <module>
    from google.protobuf.internal import builder as _builder
ImportError: cannot import name 'builder' from 'google.protobuf.internal' (/usr/lib/python3/dist-packages/google/protobuf/i
nternal/__init__.py)
Error while executing Python code.
"0x7fff821d2dd0s": not in executable format: file format not recognized
Undefined command: "ghidra".  Try "help".
Undefined command: "ghidra".  Try "help".
Undefined command: "ghidra".  Try "help".
No symbol table loaded.  Use the "file" command.
(gdb) Quit
(gdb) Quit
(gdb) Quit
(gdb)

[d-millar]

Hmmm, sadly, I think that means 3.12.4 is a no-go. Will try to verify that, but....

[mediotex]

I installed protobuf 3.20.3 in place of v3.12.4. Now the alert exception error is gone, but errors still present.

[d-millar]

Hmmmm, is image2.out an ELF?

[mediotex]

Not an ELF, raw mips32 binary (memory dump).

[d-millar]

Oh, right - where we started - sorry, lost track of the thread. So, going back to my original question, you believe this can be loaded by gdb?

[d-millar]

Am guessing, even if the answer is yes, you will need to install gdb-multiarch or an equivalent? I don't think the default gdb is recognizing your file.

[mediotex]

I have almost no experience with gdb, I believe the file can be loaded into debugger, but it is not recognized by gdb?

[d-millar]

OK, well, a couple of possibilities....

(1) Try installing "gdb-multiarch". After installing it, run "file /path/to/image2.out". If you're still getting the "not in executable format" error, that's going to be a bust and no point in going through all the steps above again for the new version. (2) If you have access to a machine that actually can run the original image2, it may be possible to debug the executable remotely using gdb via "target remote". You will still probably need "gdb-multiarch" or similar. (3) If the questions you're trying to answer are relatively simple, you can use Ghidra's emulator to run sections of the code without having an OS/debugger that supports the mips32 dump. I would read the help in Ghidra before going down this path.

[mediotex]

(1) should I call specifically "gdb-multiarch" command, not "gdb"? $ gdb-multiarch gives in terminal the same output as gdb.

(gdb) file image2.out
"0x7ffdd6f45900s": not in executable format: file format not recognized
(gdb)

[d-millar]

Yes, to invoke "gdb-multiarch" you have to use the command "gdb-multiarch" explicitly. It's a separate program, not an extension to gdb.

Given the identical output you're getting, I think your options are going to be (2) or (3), i.e. unless you can find a version of gdb that explicitly loads mips32 dump files, debugging one seems unlikely. Still possible that gdb on a mips32 OS will load a dump file, but you're going to have to connect remotely to the mips32 box regardless of whether you target an executable or a dump file.

[mediotex]

Well, I see. The option (2) requires a dedicated debug port (JTAG interface) on the mips32 device.

[d-millar]

Yes, and things get complicated quickly if you have to have an intermediate device translating between the JTAG protocol and gdb's RSP protocol. Can you get by with just emulation?

[mediotex]

I will try Ghidra emulator. Some note: when I call the gdb-multiarch command, I'm not sure if it actually runs gdb-multiarch and not gdb. As it prints in the terminal same output, (gdb). How to check this? Also, how to set Ghidra to call 'gdb-multiarch' in "Launch with gdb" window, not gdb?

[d-millar]

Yes, you're right about that - nothing in the prompt or the headers that indicates explicitly that you're running gdb-multiarch. If there's a way to display this, I'm not aware of it. To call 'gdb-multiarch', you use the same interface you would use for gdb with 'gdb-multiarch' (or, if necessary, the complete path) in the "gdb command" entry in the dialog launched by "Configure and launch xxx using... gdb" (and, after that, "Re-launch xxx using gdb".