search

airbus-seclab / bincat

Binary code static analyser, with IDA integration. Performs value and taint analysis, type reconstruction, use-after-free and double-free detection
1.68k stars 162 forks source link

in method 'get_bytes_and_mask', argument 2 of type 'unsigned int' #76

Closed Waterman178 closed 5 years ago

Waterman178 commented 6 years ago

I dump all the 4G memory of the process.I dragged it into IDA7.0.,I click start.I found a dialog box popped up and I didn't know what it was.It prompts the input file name.The final result is not normal.ps:Your tutorial is not comprehensive.For example, how to write section?

qq 20180919124114

[analyzer]
unroll = 300
function_unroll = 50
loglevel = 3
store_marshalled_cfa = true
out_marshalled_cfa_file = "c:\users\admini~1\appdata\local\temp\tmprxzszwbincat\cfaout.marshal"
ini_version = 4
analysis = forward_binary
analysis_ep = 0x749100
headers = "c:\users\admini~1\appdata\local\temp\tmprxzszwbincat\libc.no"
cut = 0x749195
in_marshalled_cfa_file = "c:\users\admini~1\appdata\local\temp\tmprxzszwbincat\cfain.marshal"

[program]
mode = protected
call_conv = cdecl
mem_sz = 32
op_sz = 32
stack_width = 32
architecture = x86
filepath = "E:\VitualMachine\VmwareShare\dump\2018- 9-18 18- 5-50.dump"
format = manual

[sections]

[imports]

[x86]
GDT[0] = 0x0000000000000000
GDT[1] = 0x0000000000000000
GDT[2] = 0x0000000000000000
GDT[3] = 0x0000000000000000
GDT[4] = 0x0000000000000000
GDT[5] = 0x0000000000000000
GDT[6] = 0x00cff3000000ffff
GDT[7] = 0x0000000000000000
GDT[8] = 0x0000000000000000
GDT[9] = 0x0000000000000000
GDT[10] = 0x0000000000000000
GDT[11] = 0x0000000000000000
GDT[12] = 0x00cf9a000000ffff
GDT[13] = 0x00cf93000000ffff
GDT[14] = 0x00cffa000000ffff
GDT[15] = 0x00cff3000000ffff
GDT[16] = 0xc1008b598cc0206b
GDT[17] = 0x0000000000000000
GDT[18] = 0x00409a000000ffff
GDT[19] = 0x00009a000000ffff
GDT[20] = 0x000092000000ffff
GDT[21] = 0x0000920000000000
GDT[22] = 0x0000920000000000
GDT[23] = 0x00409a000000ffff
GDT[24] = 0x00009a000000ffff
GDT[25] = 0x004092000000ffff
GDT[26] = 0x00cf92000000ffff
GDT[27] = 0x00cf92000000ffff
GDT[28] = 0xc140915f7c800018
GDT[29] = 0x0000000000000000
GDT[30] = 0x0000000000000000
GDT[31] = 0xc1008958e000206b
cs = 0x73
ds = 0x7b
ss = 0x7b
es = 0x7b
fs = 0x00
gs = 0x33
mem_model = flat

[override]

[state]
reg[eax] = 0x00C69954
reg[ecx] = 0x2C1CD570
reg[edx] = 0x0000001C
reg[ebx] = 0x2F624348
reg[ebp] = 0x15E08F40
reg[esi] = 0x03443C098
reg[edi] = 0x2F624330
reg[esp] = 0x06F2FE8C
reg[cf] = 1
reg[pf] = 0
reg[af] = 0
reg[zf] = 0
reg[sf] = 1
reg[tf] = 0
reg[if] = 1
reg[of] = 0
reg[nt] = 0
reg[rf] = 0
reg[vm] = 0
reg[ac] = 0
reg[vif] = 0
reg[vip] = 0
reg[id] = 0
reg[df] = 0
reg[iopl] = 0
trou commented 6 years ago

Hello, First, regarding the documentation, yes, it is not complete. You can look at the IDA plugin source code or, even better, at the configuration parser if you need more details.

Regarding your bug, could you please give us the segment list of your binary (shift-f7, right click and "copy all")? Also, you can try to run bincat without checking the "remap binary" option.

trou commented 6 years ago

As your file is really big, I guess IDA's file creation API fails. As for the error in your first screenshot, it is difficult to diagnose. Could you please run BinCAT with loglevel = 6 (by directly editing the .ini) and attaching the resulting log to the issue ?

trou commented 6 years ago

Please attach the log file, it is stored in a temp folder, with the path displayed at the beginning of the IDA log.

trou commented 5 years ago

Closing, please reopen if you can provide more info.