search

Wenzel / pyvmidbg

LibVMI-based debug server, implemented in Python. Building a guest aware, stealth and agentless full-system debugger
GNU General Public License v3.0
217 stars 25 forks source link

Truncated register 26 in remote 'g' packet #47

Open tklengyel opened 3 years ago

tklengyel commented 3 years ago

Trying to connect to an Ubuntu 20.04 VM results in this error on the gdb side:

(gdb) target remote 192.168.1.10:4567
Remote debugging using 192.168.1.10:4567
Truncated register 26 in remote 'g' packet

The vmidbg side looks like this:

# vmidbg -a 0.0.0.0 4567 ubuntu-20.04
INFO:server:listening on 0.0.0.0:4567
INFO:server:new client ('192.168.1.201', 50501)
INFO:RawDebugContext:attaching on ubuntu-20.04
INFO:GDBStub:connected
INFO:GDBStub:new packet: b'qSupported:multiprocess+;swbreak+;hwbreak+;qRelocInsn+;fork-events+;vfork-events+;exec-events+;vContSupported+;QThreadEvents+;no-resumed+;xmlRegisters=i386'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: DONE
INFO:GDBStub:new packet: b'vMustReplyEmpty'
INFO:GDBStub:command v: V_FEATURES
INFO:GDBStub:command v: DONE
INFO:GDBStub:new packet: b'QStartNoAckMode'
INFO:GDBStub:command Q: GEN_QUERY_SET
INFO:GDBStub:command Q: DONE
INFO:GDBStub:new packet: b'Hg0'
INFO:GDBStub:command H: SET_THREAD_ID
INFO:GDBStub:command H: DONE
INFO:GDBStub:new packet: b'qTStatus'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: DONE
INFO:GDBStub:new packet: b'qTfV'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: FAIL
INFO:GDBStub:new packet: b'?'
INFO:GDBStub:command ?: TARGET_STATUS
INFO:GDBStub:command ?: DONE
INFO:GDBStub:new packet: b'qfThreadInfo'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: DONE
INFO:GDBStub:new packet: b'qsThreadInfo'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: DONE
INFO:GDBStub:new packet: b'qAttached'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: DONE
INFO:GDBStub:new packet: b'Hc-1'
INFO:GDBStub:command H: SET_THREAD_ID
INFO:GDBStub:command H: DONE
INFO:GDBStub:new packet: b'qC'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: DONE
INFO:GDBStub:new packet: b'qOffsets'
INFO:GDBStub:command q: GEN_QUERY_GET
INFO:GDBStub:command q: FAIL
INFO:GDBStub:new packet: b'g'
INFO:GDBStub:command g: READ_REGISTERS
INFO:GDBStub:command g: DONE

With gdbsx it works:

(gdb) target remote 192.168.1.10:4567
Remote debugging using 192.168.1.10:4567
0xffffffff81b906be in native_safe_halt () at ./arch/x86/include/asm/irqflags.h:60
60              asm volatile("sti; hlt": : :"memory");
Wenzel commented 3 years ago

Thanks for the report, I haven't tested on Ubuntu 20.04.

Usually this error means that GDB was expecting more registers, meaning that we sent only 32 bits and not 64 ones. The part of the code where the reply happens is here: https://github.com/Wenzel/pyvmidbg/blob/master/vmidbg/libvmistub.py#L202

(Also, you have a -d flag to toggle debug mode)

I will see if I have some time for pyvmidbg. thanks for trying the project !