search

airbus-seclab / bincat

Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection
1.69k stars 163 forks source link

Exceptions.Error("Syntax error near location (25, 9) of init.ini") #132

Closed syheliel closed 2 years ago

syheliel commented 2 years ago

env

OS windows10
IDA v7.7
BinCAT v1.2

error message

INFO:bincat.plugin:---- stdout ----------------
INFO:bincat.plugin:b'BinCAT v1.2\r\n'
INFO:bincat.plugin:---- stderr ----------------
INFO:bincat.plugin:b'EXCEPTION: Exceptions.Error("Syntax error near location (25, 9) of C:\\\\Users\\\\xxx\\\\AppData\\\\Local\\\\Temp\\\\tmpdvcy_j6sbincat\\\\init.ini")\r\nCheck log file for details [C:\\Users\\xxx\\AppData\\Local\\Temp\\tmpdvcy_j6sbincat\\analyzer.log]\r\n'
INFO:bincat.plugin:---- logfile ---------------
INFO:bincat.plugin:[INFO]  main: BinCAT version v1.2
INFO:bincat.plugin:[ABORT] main: Syntax error near location (25, 9) of C:\Users\xxx\AppData\Local\Temp\tmpdvcy_j6sbincat\init.ini
INFO:bincat.plugin:Raised by primitive operation at Log.Make.abort in file "utils/log.ml", line 167, characters 41-69
INFO:bincat.plugin:Called from Main.process in file "main.ml", line 162, characters 8-105
INFO:bincat.plugin:Called from Bincat in file "bincat.ml", line 46, characters 7-49
INFO:bincat.plugin:[EXCEPTION] main: Exception caught in main loop
INFO:bincat.plugin:Exceptions.Error("Syntax error near location (25, 9) of C:\\Users\\xxx\\AppData\\Local\\Temp\\tmpdvcy_j6sbincat\\init.ini")
INFO:bincat.plugin:Raised at Log.Make.abort in file "utils/log.ml", line 175, characters 4-32
INFO:bincat.plugin:Called from Main.process in file "main.ml", line 162, characters 8-105
INFO:bincat.plugin:[STOP] nothing analyzed

init.ini

[analyzer]
unroll = 300
function_unroll = 50
loglevel = 3
store_marshalled_cfa = true
out_marshalled_cfa_file = "C:\Users\xxx\AppData\Local\Temp\tmpdvcy_j6sbincat\cfaout.marshal"
ini_version = 4
analysis = forward_binary
analysis_ep = 0x140002960
headers = "C:\Users\xxx\AppData\Local\Temp\tmpdvcy_j6sbincat\libc.no"
in_marshalled_cfa_file = "C:\Users\xxx\AppData\Local\Temp\tmpdvcy_j6sbincat\cfain.marshal"

[program]
mode = protected
call_conv = ms
mem_sz = 64
op_sz = 64
stack_width = 64
architecture = x64
filepath = "C:\Users\xxx\Desktop\SoMuchCode.exe"
format = manual
os = windows

[sections]
section[b'.text'] = 0x140001000, 0x6809, 0x400, 0x6a00
section[b'.rdata'] = 0x140008000, 0x1c38, 0x6e00, 0x1e00
section[b'.data'] = 0x14000a000, 0x720, 0x8c00, 0x200
section[b'.pdata'] = 0x14000b000, 0x318, 0x8e00, 0x400
section[b'.rsrc'] = 0x14000c000, 0x1e0, 0x9200, 0x200
section[b'.reloc'] = 0x14000d000, 0x50, 0x9400, 0x200

[imports]
0x140008080 = MSVCP140, "??6?$basic_ostream@DU?$char_traits@D@std"
0x140008088 = MSVCP140, "?sputc@?$basic_streambuf@DU?$char_traits@D@std"
0x140008090 = MSVCP140, "?flush@?$basic_ostream@DU?$char_traits@D@std"
0x140008098 = MSVCP140, "?put@?$basic_ostream@DU?$char_traits@D@std"
0x1400080a0 = MSVCP140, "?widen@?$basic_ios@DU?$char_traits@D@std"
0x1400080a8 = MSVCP140, "?cout@std"
0x1400080b0 = MSVCP140, "?setstate@?$basic_ios@DU?$char_traits@D@std"
0x1400080b8 = MSVCP140, "?_Osfx@?$basic_ostream@DU?$char_traits@D@std"
0x1400080c0 = MSVCP140, "?sputn@?$basic_streambuf@DU?$char_traits@D@std"
0x1400080c8 = MSVCP140, "?_Xlength_error@std"
0x1400080d0 = MSVCP140, "?uncaught_exception@std"
0x140008140 = VCRUNTIME140_1, "__CxxFrameHandler4"
0x1400080e0 = VCRUNTIME140, "memmove"
0x1400080e8 = VCRUNTIME140, "memcpy"
0x1400080f0 = VCRUNTIME140, "memcmp"
0x1400080f8 = VCRUNTIME140, "__std_exception_destroy"
0x140008100 = VCRUNTIME140, "memset"
0x140008108 = VCRUNTIME140, "__current_exception_context"
0x140008110 = VCRUNTIME140, "__current_exception"
0x140008118 = VCRUNTIME140, "_CxxThrowException"
0x140008120 = VCRUNTIME140, "__C_specific_handler"
0x140008128 = VCRUNTIME140, "__std_terminate"
0x140008130 = VCRUNTIME140, "__std_exception_copy"
0x140008240 = api-ms-win-crt-stdio-l1-1-0, "__p__commode"
0x140008248 = api-ms-win-crt-stdio-l1-1-0, "__stdio_common_vfscanf"
0x140008250 = api-ms-win-crt-stdio-l1-1-0, "__acrt_iob_func"
0x140008258 = api-ms-win-crt-stdio-l1-1-0, "_set_fmode"
0x1400081a0 = api-ms-win-crt-runtime-l1-1-0, "terminate"
0x1400081a8 = api-ms-win-crt-runtime-l1-1-0, "_invalid_parameter_noinfo_noreturn"
0x1400081b0 = api-ms-win-crt-runtime-l1-1-0, "_seh_filter_exe"
0x1400081b8 = api-ms-win-crt-runtime-l1-1-0, "_crt_atexit"
0x1400081c0 = api-ms-win-crt-runtime-l1-1-0, "_register_onexit_function"
0x1400081c8 = api-ms-win-crt-runtime-l1-1-0, "_initialize_onexit_table"
0x1400081d0 = api-ms-win-crt-runtime-l1-1-0, "_set_app_type"
0x1400081d8 = api-ms-win-crt-runtime-l1-1-0, "_register_thread_local_exe_atexit_callback"
0x1400081e0 = api-ms-win-crt-runtime-l1-1-0, "_c_exit"
0x1400081e8 = api-ms-win-crt-runtime-l1-1-0, "_cexit"
0x1400081f0 = api-ms-win-crt-runtime-l1-1-0, "__p___argv"
0x1400081f8 = api-ms-win-crt-runtime-l1-1-0, "__p___argc"
0x140008200 = api-ms-win-crt-runtime-l1-1-0, "_configure_narrow_argv"
0x140008208 = api-ms-win-crt-runtime-l1-1-0, "_exit"
0x140008210 = api-ms-win-crt-runtime-l1-1-0, "_initterm_e"
0x140008218 = api-ms-win-crt-runtime-l1-1-0, "_initterm"
0x140008220 = api-ms-win-crt-runtime-l1-1-0, "_get_initial_narrow_environment"
0x140008228 = api-ms-win-crt-runtime-l1-1-0, "_initialize_narrow_environment"
0x140008230 = api-ms-win-crt-runtime-l1-1-0, "exit"
0x140008150 = api-ms-win-crt-heap-l1-1-0, "_callnewh"
0x140008158 = api-ms-win-crt-heap-l1-1-0, "_set_new_mode"
0x140008160 = api-ms-win-crt-heap-l1-1-0, "malloc"
0x140008168 = api-ms-win-crt-heap-l1-1-0, "free"
0x140008188 = api-ms-win-crt-math-l1-1-0, "pow"
0x140008190 = api-ms-win-crt-math-l1-1-0, "__setusermatherr"
0x140008178 = api-ms-win-crt-locale-l1-1-0, "_configthreadlocale"
0x140008000 = KERNEL32, "SetUnhandledExceptionFilter"
0x140008008 = KERNEL32, "RtlLookupFunctionEntry"
0x140008010 = KERNEL32, "GetModuleHandleW"
0x140008018 = KERNEL32, "RtlVirtualUnwind"
0x140008020 = KERNEL32, "IsDebuggerPresent"
0x140008028 = KERNEL32, "InitializeSListHead"
0x140008030 = KERNEL32, "GetSystemTimeAsFileTime"
0x140008038 = KERNEL32, "GetCurrentThreadId"
0x140008040 = KERNEL32, "UnhandledExceptionFilter"
0x140008048 = KERNEL32, "GetCurrentProcessId"
0x140008050 = KERNEL32, "QueryPerformanceCounter"
0x140008058 = KERNEL32, "IsProcessorFeaturePresent"
0x140008060 = KERNEL32, "TerminateProcess"
0x140008068 = KERNEL32, "GetCurrentProcess"
0x140008070 = KERNEL32, "RtlCaptureContext"

[x64]
GDT[0] = 0x0000000000000000
GDT[1] = 0x0000000000000000
GDT[2] = 0x00209b0000000000
GDT[3] = 0x0040930000000000
GDT[4] = 0x00cffb000000ffff
GDT[5] = 0x00cff3000000ffff
GDT[6] = 0x0020fb0000000000
GDT[8] = 0xec008bc520000067
GDT[9] = 0x00000000fffff802
GDT[10] = 0x0040f30000003c00
cs = 0x33
ss = 0x2b
ds = 0x2b
es = 0x2b
fs = 0x53
gs = 0x2b
fs_base = 0x800000
gs_base = 0x900000

[IDA]
remap_binary = False

[state]
reg[rax] = 0?0xFFFFFFFFFFFFFFFF
reg[rcx] = 0?0xFFFFFFFFFFFFFFFF
reg[rdx] = 0?0xFFFFFFFFFFFFFFFF
reg[rbx] = 0?0xFFFFFFFFFFFFFFFF
reg[rbp] = 0?0xFFFFFFFFFFFFFFFF
reg[rsi] = 0?0xFFFFFFFFFFFFFFFF
reg[rdi] = 0?0xFFFFFFFFFFFFFFFF
reg[rsp] = 0xb8001000
reg[r8] = 0?0xFFFFFFFFFFFFFFFF
reg[r9] = 0?0xFFFFFFFFFFFFFFFF
reg[r10] = 0?0xFFFFFFFFFFFFFFFF
reg[r11] = 0?0xFFFFFFFFFFFFFFFF
reg[r12] = 0?0xFFFFFFFFFFFFFFFF
reg[r13] = 0?0xFFFFFFFFFFFFFFFF
reg[r14] = 0?0xFFFFFFFFFFFFFFFF
reg[r15] = 0?0xFFFFFFFFFFFFFFFF
reg[cf] = 0?1
reg[pf] = 0?1
reg[af] = 0?1
reg[zf] = 0?1
reg[sf] = 0?1
reg[tf] = 0?1
reg[if] = 0?1
reg[of] = 0?1
reg[nt] = 0?1
reg[rf] = 0?1
reg[vm] = 0?1
reg[ac] = 0?1
reg[vif] = 0?1
reg[vip] = 0?1
reg[id] = 0?1
reg[df] = 0
reg[iopl] = 3
mem[0xb8000000*8192] = |00|?0xFF

[override]
szennou commented 2 years ago

fixed in commit f1ecbd5b65b84e7f0a84982dcd223851fa118958