angr / archr

Target-centric program analysis.
BSD 2-Clause "Simplified" License
72 stars 21 forks source link

How to run archr on Ubuntu 16.04? #12

Closed yangshouguo closed 5 years ago

yangshouguo commented 5 years ago
/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle /tmp/tmp35qmlkh2 
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "build/bdist.linux-x86_64/egg/shellphish_qemu/__init__.py", line 19, in qemu_base
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1143, in resource_filename
    self, resource_name
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1650, in get_resource_filename
    return self._extract_resource(manager, zip_path)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1671, in _extract_resource
    timestamp, size = self._get_date_and_size(self.zipinfo[zip_path])
KeyError: 'shellphish_qemu/bin'
ldd: /bin: not regular file
ldd: /boot: not regular file
ldd: /cdrom: not regular file
ldd: /dev: not regular file
ldd: /etc: not regular file
ldd: /home: not regular file
ldd: /lib: not regular file
ldd: /lib32: not regular file
ldd: /lib64: not regular file
ldd: /libx32: not regular file
ldd: /lost+found: not regular file
ldd: /media: not regular file
ldd: /mnt: not regular file
ldd: /opt: not regular file
ldd: /proc: not regular file
ldd: /root: not regular file
ldd: /run: not regular file
ldd: /sbin: not regular file
ldd: /snap: not regular file
ldd: /srv: not regular file
ldd: /sys: not regular file
ldd: /tmp: not regular file
ldd: /usr: not regular file
ldd: /var: not regular file
ldd: /shellphish-qemu-cgc-base: No such file or directory
cp: omitting directory '/bin'
cp: omitting directory '/boot'
cp: omitting directory '/cdrom'
cp: omitting directory '/dev'
cp: omitting directory '/etc'
cp: omitting directory '/home'
cp: omitting directory '/lib'
cp: omitting directory '/lib32'
cp: omitting directory '/lib64'
cp: omitting directory '/libx32'
cp: omitting directory '/lost+found'
cp: omitting directory '/media'
cp: omitting directory '/mnt'
cp: omitting directory '/opt'
cp: omitting directory '/proc'
cp: omitting directory '/root'
cp: omitting directory '/run'
cp: omitting directory '/sbin'
cp: omitting directory '/snap'
cp: omitting directory '/srv'
cp: omitting directory '/sys'
cp: omitting directory '/tmp'
cp: omitting directory '/usr'
cp: omitting directory '/var'

When i use archr.arsenal.QEMUTracerBow this error happened, so i tracked the code and find the reason.

So, how to sovle this?

yangshouguo commented 5 years ago
/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle /tmp/tmp35qmlkh2 
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "build/bdist.linux-x86_64/egg/shellphish_qemu/__init__.py", line 19, in qemu_base
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1143, in resource_filename
    self, resource_name
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1650, in get_resource_filename
    return self._extract_resource(manager, zip_path)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1671, in _extract_resource
    timestamp, size = self._get_date_and_size(self.zipinfo[zip_path])
KeyError: 'shellphish_qemu/bin'
ldd: /bin: not regular file
ldd: /boot: not regular file
ldd: /cdrom: not regular file
ldd: /dev: not regular file
ldd: /etc: not regular file
ldd: /home: not regular file
ldd: /lib: not regular file
ldd: /lib32: not regular file
ldd: /lib64: not regular file
ldd: /libx32: not regular file
ldd: /lost+found: not regular file
ldd: /media: not regular file
ldd: /mnt: not regular file
ldd: /opt: not regular file
ldd: /proc: not regular file
ldd: /root: not regular file
ldd: /run: not regular file
ldd: /sbin: not regular file
ldd: /snap: not regular file
ldd: /srv: not regular file
ldd: /sys: not regular file
ldd: /tmp: not regular file
ldd: /usr: not regular file
ldd: /var: not regular file
ldd: /shellphish-qemu-cgc-base: No such file or directory
cp: omitting directory '/bin'
cp: omitting directory '/boot'
cp: omitting directory '/cdrom'
cp: omitting directory '/dev'
cp: omitting directory '/etc'
cp: omitting directory '/home'
cp: omitting directory '/lib'
cp: omitting directory '/lib32'
cp: omitting directory '/lib64'
cp: omitting directory '/libx32'
cp: omitting directory '/lost+found'
cp: omitting directory '/media'
cp: omitting directory '/mnt'
cp: omitting directory '/opt'
cp: omitting directory '/proc'
cp: omitting directory '/root'
cp: omitting directory '/run'
cp: omitting directory '/sbin'
cp: omitting directory '/snap'
cp: omitting directory '/srv'
cp: omitting directory '/sys'
cp: omitting directory '/tmp'
cp: omitting directory '/usr'
cp: omitting directory '/var'

When i use archr.arsenal.QEMUTracerBow this error happened, so i tracked the code and find the reason.

So, how to sovle this?

I solved the problem. This is because i install shellphish_qemu in python3, but the script /usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle use python command to get shellphish_qemu location. It is python2 default on my computer. So, I just change the default python interpreter.

yangshouguo commented 5 years ago
/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle /tmp/tmp35qmlkh2 
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "build/bdist.linux-x86_64/egg/shellphish_qemu/__init__.py", line 19, in qemu_base
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1143, in resource_filename
    self, resource_name
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1650, in get_resource_filename
    return self._extract_resource(manager, zip_path)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1671, in _extract_resource
    timestamp, size = self._get_date_and_size(self.zipinfo[zip_path])
KeyError: 'shellphish_qemu/bin'
ldd: /bin: not regular file
ldd: /boot: not regular file
ldd: /cdrom: not regular file
ldd: /dev: not regular file
ldd: /etc: not regular file
ldd: /home: not regular file
ldd: /lib: not regular file
ldd: /lib32: not regular file
ldd: /lib64: not regular file
ldd: /libx32: not regular file
ldd: /lost+found: not regular file
ldd: /media: not regular file
ldd: /mnt: not regular file
ldd: /opt: not regular file
ldd: /proc: not regular file
ldd: /root: not regular file
ldd: /run: not regular file
ldd: /sbin: not regular file
ldd: /snap: not regular file
ldd: /srv: not regular file
ldd: /sys: not regular file
ldd: /tmp: not regular file
ldd: /usr: not regular file
ldd: /var: not regular file
ldd: /shellphish-qemu-cgc-base: No such file or directory
cp: omitting directory '/bin'
cp: omitting directory '/boot'
cp: omitting directory '/cdrom'
cp: omitting directory '/dev'
cp: omitting directory '/etc'
cp: omitting directory '/home'
cp: omitting directory '/lib'
cp: omitting directory '/lib32'
cp: omitting directory '/lib64'
cp: omitting directory '/libx32'
cp: omitting directory '/lost+found'
cp: omitting directory '/media'
cp: omitting directory '/mnt'
cp: omitting directory '/opt'
cp: omitting directory '/proc'
cp: omitting directory '/root'
cp: omitting directory '/run'
cp: omitting directory '/sbin'
cp: omitting directory '/snap'
cp: omitting directory '/srv'
cp: omitting directory '/sys'
cp: omitting directory '/tmp'
cp: omitting directory '/usr'
cp: omitting directory '/var'

When i use archr.arsenal.QEMUTracerBow this error happened, so i tracked the code and find the reason. So, how to sovle this?

I solved the problem. This is because i install shellphish_qemu in python3, but the script /usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle use python command to get shellphish_qemu location. It is python2 default on my computer. So, I just change the default python interpreter.

But i ran into another problem!

cp: cannot stat '(0x00007ffc46bc4000)': No such file or directory
cp: cannot stat '(0x00007ffccc5ac000)': No such file or directory
cp: cannot stat '(0x00007ffcf0dc2000)': No such file or directory
cp: cannot stat '(0x00007ffd275a7000)': No such file or directory
cp: cannot stat '(0x00007ffdb37a1000)': No such file or directory
cp: cannot stat '(0x00007ffde49fe000)': No such file or directory
cp: cannot stat '(0x00007ffe18b6f000)': No such file or directory
cp: cannot stat '(0x00007ffe64313000)': No such file or directory
cp: cannot stat '(0x00007fff0835e000)': No such file or directory
cp: cannot stat '(0x00007fff4a1b1000)': No such file or directory
cp: cannot stat '(0x00007fffbffa4000)': No such file or directory
cp: cannot stat '(0x00007fffcb112000)': No such file or directory
rhelmot commented 5 years ago

This problem appears on some systems but not others. I have been unable to track it down.

On Tue, Apr 2, 2019 at 11:48 PM shouguoyang notifications@github.com wrote:

/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle /tmp/tmp35qmlkh2 Traceback (most recent call last): File "", line 1, in File "build/bdist.linux-x86_64/egg/shellphish_qemu/init.py", line 19, in qemu_base File "/usr/local/lib/python2.7/dist-packages/pkg_resources/init.py", line 1143, in resource_filename self, resource_name File "/usr/local/lib/python2.7/dist-packages/pkg_resources/init.py", line 1650, in get_resource_filename return self._extract_resource(manager, zip_path) File "/usr/local/lib/python2.7/dist-packages/pkg_resources/init.py", line 1671, in _extract_resource timestamp, size = self._get_date_and_size(self.zipinfo[zip_path]) KeyError: 'shellphish_qemu/bin' ldd: /bin: not regular file ldd: /boot: not regular file ldd: /cdrom: not regular file ldd: /dev: not regular file ldd: /etc: not regular file ldd: /home: not regular file ldd: /lib: not regular file ldd: /lib32: not regular file ldd: /lib64: not regular file ldd: /libx32: not regular file ldd: /lost+found: not regular file ldd: /media: not regular file ldd: /mnt: not regular file ldd: /opt: not regular file ldd: /proc: not regular file ldd: /root: not regular file ldd: /run: not regular file ldd: /sbin: not regular file ldd: /snap: not regular file ldd: /srv: not regular file ldd: /sys: not regular file ldd: /tmp: not regular file ldd: /usr: not regular file ldd: /var: not regular file ldd: /shellphish-qemu-cgc-base: No such file or directory cp: omitting directory '/bin' cp: omitting directory '/boot' cp: omitting directory '/cdrom' cp: omitting directory '/dev' cp: omitting directory '/etc' cp: omitting directory '/home' cp: omitting directory '/lib' cp: omitting directory '/lib32' cp: omitting directory '/lib64' cp: omitting directory '/libx32' cp: omitting directory '/lost+found' cp: omitting directory '/media' cp: omitting directory '/mnt' cp: omitting directory '/opt' cp: omitting directory '/proc' cp: omitting directory '/root' cp: omitting directory '/run' cp: omitting directory '/sbin' cp: omitting directory '/snap' cp: omitting directory '/srv' cp: omitting directory '/sys' cp: omitting directory '/tmp' cp: omitting directory '/usr' cp: omitting directory '/var'

When i use archr.arsenal.QEMUTracerBow this error happened, so i tracked the code and find the reason. So, how to sovle this?

I solved the problem. This is because i install shellphish_qemu in python3, but the script /usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle use python command to get shellphish_qemu location. It is python2 default on my computer. So, I just change the default python interpreter.

But i ran into another problem!

cp: cannot stat '(0x00007ffc46bc4000)': No such file or directory cp: cannot stat '(0x00007ffccc5ac000)': No such file or directory cp: cannot stat '(0x00007ffcf0dc2000)': No such file or directory cp: cannot stat '(0x00007ffd275a7000)': No such file or directory cp: cannot stat '(0x00007ffdb37a1000)': No such file or directory cp: cannot stat '(0x00007ffde49fe000)': No such file or directory cp: cannot stat '(0x00007ffe18b6f000)': No such file or directory cp: cannot stat '(0x00007ffe64313000)': No such file or directory cp: cannot stat '(0x00007fff0835e000)': No such file or directory cp: cannot stat '(0x00007fff4a1b1000)': No such file or directory cp: cannot stat '(0x00007fffbffa4000)': No such file or directory cp: cannot stat '(0x00007fffcb112000)': No such file or directory

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/angr/archr/issues/12#issuecomment-479362294, or mute the thread https://github.com/notifications/unsubscribe-auth/ACYg9TxTiNutFo3yJGUolhzcKAZZc24Vks5vdE7YgaJpZM4cZuQ7 .

yangshouguo commented 5 years ago
/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle /tmp/tmp35qmlkh2 
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "build/bdist.linux-x86_64/egg/shellphish_qemu/__init__.py", line 19, in qemu_base
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1143, in resource_filename
    self, resource_name
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1650, in get_resource_filename
    return self._extract_resource(manager, zip_path)
  File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 1671, in _extract_resource
    timestamp, size = self._get_date_and_size(self.zipinfo[zip_path])
KeyError: 'shellphish_qemu/bin'
ldd: /bin: not regular file
ldd: /boot: not regular file
ldd: /cdrom: not regular file
ldd: /dev: not regular file
ldd: /etc: not regular file
ldd: /home: not regular file
ldd: /lib: not regular file
ldd: /lib32: not regular file
ldd: /lib64: not regular file
ldd: /libx32: not regular file
ldd: /lost+found: not regular file
ldd: /media: not regular file
ldd: /mnt: not regular file
ldd: /opt: not regular file
ldd: /proc: not regular file
ldd: /root: not regular file
ldd: /run: not regular file
ldd: /sbin: not regular file
ldd: /snap: not regular file
ldd: /srv: not regular file
ldd: /sys: not regular file
ldd: /tmp: not regular file
ldd: /usr: not regular file
ldd: /var: not regular file
ldd: /shellphish-qemu-cgc-base: No such file or directory
cp: omitting directory '/bin'
cp: omitting directory '/boot'
cp: omitting directory '/cdrom'
cp: omitting directory '/dev'
cp: omitting directory '/etc'
cp: omitting directory '/home'
cp: omitting directory '/lib'
cp: omitting directory '/lib32'
cp: omitting directory '/lib64'
cp: omitting directory '/libx32'
cp: omitting directory '/lost+found'
cp: omitting directory '/media'
cp: omitting directory '/mnt'
cp: omitting directory '/opt'
cp: omitting directory '/proc'
cp: omitting directory '/root'
cp: omitting directory '/run'
cp: omitting directory '/sbin'
cp: omitting directory '/snap'
cp: omitting directory '/srv'
cp: omitting directory '/sys'
cp: omitting directory '/tmp'
cp: omitting directory '/usr'
cp: omitting directory '/var'

When i use archr.arsenal.QEMUTracerBow this error happened, so i tracked the code and find the reason. So, how to sovle this?

I solved the problem. This is because i install shellphish_qemu in python3, but the script /usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arrows/shellphish_qemu/bundle use python command to get shellphish_qemu location. It is python2 default on my computer. So, I just change the default python interpreter.

But i ran into another problem!

cp: cannot stat '(0x00007ffc46bc4000)': No such file or directory
cp: cannot stat '(0x00007ffccc5ac000)': No such file or directory
cp: cannot stat '(0x00007ffcf0dc2000)': No such file or directory
cp: cannot stat '(0x00007ffd275a7000)': No such file or directory
cp: cannot stat '(0x00007ffdb37a1000)': No such file or directory
cp: cannot stat '(0x00007ffde49fe000)': No such file or directory
cp: cannot stat '(0x00007ffe18b6f000)': No such file or directory
cp: cannot stat '(0x00007ffe64313000)': No such file or directory
cp: cannot stat '(0x00007fff0835e000)': No such file or directory
cp: cannot stat '(0x00007fff4a1b1000)': No such file or directory
cp: cannot stat '(0x00007fffbffa4000)': No such file or directory
cp: cannot stat '(0x00007fffcb112000)': No such file or directory

It seems that /usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5. gg/archr/arrows/shellphish_qemu/bundle use the command ldd /usr/local/lib/python3.5/dist-packages/shellphish_qemu/bin/*|grep "=>"|awk '{print $3}'|sort -u, but some shared lib can not be found in system lib path.

linux-vdso.so.1 => (0x00007ffcf95fd000)

So i just modify the script '/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5. gg/archr/arrows/shellphish_qemu/bundle'

#!/bin/bash

[ $# -ge 1 ] || { echo "Usage: $0 /path/to/bundle_dir"; exit 1; }
BUNDLE_DIR=$1

FIRE_SCRIPT=${0//bundle/fire}
QEMU_PATH=$(python -c "import shellphish_qemu; print(shellphish_qemu.qemu_base())")
QEMU_LIBS=$(ldd $QEMU_PATH/* | grep "=>" | awk 'NF>3 {print $3}' | sort -u)
QEMU_LD=$(ldd $QEMU_PATH/shellphish-qemu-cgc-base | tail -n1 | awk '{print $1}')
cp -L $QEMU_PATH/* $QEMU_LIBS $QEMU_LD $BUNDLE_DIR
cp -L $FIRE_SCRIPT $BUNDLE_DIR/fire

this problem seems solved.

yangshouguo commented 5 years ago

It seems necessary to install keystone

zardus commented 5 years ago

@yangshouguo , could you tell me what distro you're using on the host machine?

yangshouguo commented 5 years ago

@zardus What do you mean the distro? I just pull archr from git a month ago. host machine kernel is Linux ubuntu 4.8.0-36-generic for ubuntu 16.04

ltfish commented 5 years ago

"Distro" means (Linux) distribution. Ubuntu 16.04 is the Linux distribution that you are using.

zardus commented 5 years ago

Ah, I see.

We're targeting more modern host systems with archr, and given various other subtleties, I don't think it's worth it to complicate the bundle scripts to work around these issues. The above can be the ad hoc go-to solution for Ubuntu 16.04, though :-)

ltfish commented 5 years ago

We're targeting more modern host systems with archr

Our testing OS is Ubuntu 18.04, btw.

yangshouguo commented 5 years ago

But i can not install keystone-engine correctly on Ubuntu 18.04. So i got the error

WARNING | 2019-04-08 13:01:17,208 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2019-04-08 13:01:17,216 | archinfo.arch | Keystone is not installed!
Traceback (most recent call last):
  File "test_bow_angr.py", line 41, in <module>
    test_env_angr_local()
  File "test_bow_angr.py", line 37, in test_env_angr_local
    angr_checks(t)
  File "test_bow_angr.py", line 14, in angr_checks
    project = apb.fire()
  File "/usr/local/lib/python3.6/dist-packages/archr-8.18.10.5-py3.6.egg/archr/arsenal/angr_project.py", line 24, in fire
    _,_,_,self._mem_mapping = self.scout_bow.fire()
  File "/usr/local/lib/python3.6/dist-packages/archr-8.18.10.5-py3.6.egg/archr/arsenal/datascout.py", line 79, in fire
    with self.target.shellcode_context(asm_code=self.sendfile_shellcode("/proc/self/cmdline") + self.exit_shellcode(), aslr=aslr, **kwargs) as p:
  File "/usr/lib/python3.6/contextlib.py", line 81, in __enter__
    return next(self.gen)
  File "/usr/local/lib/python3.6/dist-packages/archr-8.18.10.5-py3.6.egg/archr/targets/__init__.py", line 373, in shellcode_context
    hooked_binary = hook_entry(original_binary, asm_code=asm_code, bin_code=bin_code)
  File "/usr/local/lib/python3.6/dist-packages/archr-8.18.10.5-py3.6.egg/archr/utils.py", line 42, in hook_entry
    main_bin.write(b.main_object.arch.asm(asm_code) if asm_code else bin_code)
  File "/home/ysg/.local/lib/python3.6/site-packages/archinfo/arch.py", line 434, in asm
    encoding, _ = ks.asm(string, addr, as_bytes) # pylint: disable=too-many-function-args
AttributeError: 'NoneType' object has no attribute 'asm'
zardus commented 5 years ago

As the warning before the error says, it looks like keystone is not installed.

yangshouguo commented 5 years ago

As the warning before the error says, it looks like keystone is not installed.

Thanks so much!