Closed canpadawan closed 6 years ago
It'll be great if you can send us the binary that triggers this issue. I'm confident that this is a bug, but I cannot debug or fix it without being able to reproduce it :(
from archinfo import Endness
from pyvex.lifting.util import *
from pyvex.lifting import register
import angr
class Instruction_MSR_W(Instruction):
bin_format = '11110011100rnnnn'
name = 'msr.w'
def parse(self, bitstrm):
super(Instruction_MSR_W, self).parse(bitstrm)
endness = 'uintle:16' if Endness.LE==self.arch.instruction_endness else 'uintbe:16'
bitstrm.read(endness)
self.bitwidth += 16
def compute_result(self):
pass
class LifterThumb(GymratLifter):
instrs = [Instruction_MSR_W]
register(LifterThumb, 'ARMEL')
angr.Project('./testfile.zip').factory.block(0xc0125479, num_inst=4).pp()
also the guard condition on IRTypeEnv.lookup() should be
if not 0 <= tmp < self.types_used:
l.debug("Invalid temporary number %d", tmp)
raise IndexError(tmp)
instead of if tmp < 0 or tmp > self.types_used
the file is an elf but renamed for github testfile.zip
The issue looks really similar to #143 viel spaß :-)
I reproduced it! Now I can debug and see what's going on. Thanks!
thanks!
since commit 30009df4dcdd46331ceb891be5619679a8f0a919
I get issues with block extensions.
I can't reproduce the problem using shellcode... I can send file and extra_lifter to investigate further.