search

angr / simuvex

[DEPRECATED] A symbolic execution engine for the VEX IR
BSD 2-Clause "Simplified" License
79 stars 57 forks source link

[ARM] arch_prctl has no attribute 'regs' #56

Open frapik99 opened 7 years ago

frapik99 commented 7 years ago

Hi, while creating the CFG on ARM I encountered this error: arch_prctl has no attribute 'regs' within the file https://github.com/angr/simuvex/blob/fd80907da3affaaa51e5b6fd4b509efdaed96e84/simuvex/procedures/syscalls/arch_prctl.py.

I think a possible fix would be something like .self.state.regs.gs = addr rather than self.regs.regs.gs = addr. I tried with this patch applied and it worked but I'd wait your fix...

Thanks

rhelmot commented 7 years ago

ohhhhhhh my god, sorry, yes that fix is correct

I can't believe how broken that code is? it's clearly never been run before by ANYONE, since literally anyone making a valid arch_prctl call would run into that error??? That simprocedure was even contributed in a PR??????

aghhh. will fix momentarily

rhelmot commented 7 years ago

....wait actually. could you send me a testcase to reproduce that? It shouldn't be possible to run that syscall on ARM, so this probably indicates a deeper bug.

frapik99 commented 7 years ago

@rhelmot I'm not entirely sure which one it is but for sure static bin from https://github.com/andrew-d/static-binaries/tree/master/binaries/linux/arm. I'd start from arand nm. Tomorrow I'll try for you on them. Is that ok?

rhelmot commented 7 years ago

I just tried running nm, and ran into a nasty set of errors: AngrUnsupportedSyscallError('Syscall 983045 is not found for arch ARMEL') and a decoding failure on the part of VEX. This will require some pretty intensive debugging I'm not going to be able to get to for a while.