astrelsky
commented
4 years ago One of those 5 xrefs is inheriting the class that should be there. May you check those addresses and see if one is valid and show the data there?
Closed TheAifam5 closed 4 years ago
astrelsky
commented
4 years ago One of those 5 xrefs is inheriting the class that should be there. May you check those addresses and see if one is valid and show the data there?
TheAifam5
commented
4 years ago All 5 xrefs are pointing to classes defined by CppClassAnalyzer. Field __base_type points to the 02084150 and super___class_type_info -> super_type_info -> _vptr points to the __cxa_free_exception in all of those xrefs.
01ff7740:
02084150:
2020-04-08 19:45:29 ERROR (TypeInfoFactory) Unknown Exception ghidra.program.model.data.InvalidDataTypeException: The TypeInfo at 02084150 is not valid
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getModel(SiClassTypeInfoModel.java:35)
at ghidra.app.cmd.data.rtti.gcc.factory.TypeInfoFactory.getTypeInfo(TypeInfoFactory.java:108)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getParentModels(AbstractSiClassTypeInfoModel.java:43)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getParentModels(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getVirtualParents(AbstractSiClassTypeInfoModel.java:78)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVirtualParents(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.setupVtablePrefixes(VtableModel.java:252)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:103)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:71)
at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.getValidVtable(ClassTypeInfoUtils.java:142)
at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.findVtable(ClassTypeInfoUtils.java:105)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:77)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVtable(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:31)
at ghidra.app.cmd.data.rtti.ClassTypeInfo.getVtable(ClassTypeInfo.java:68)
at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.setupVftables(AbstractCppClassAnalyzer.java:133)
at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:101)
at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:190)
at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
at java.base/java.lang.Thread.run(Thread.java:830)
2020-04-08 19:45:29 ERROR (MessageLog) Exception appended to MessageLog ghidra.util.exception.AssertException: SiClassTypeInfo at 01ff7740 has an invalid parent located at relocation 02084150
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getParentModels(AbstractSiClassTypeInfoModel.java:73)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getParentModels(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getVirtualParents(AbstractSiClassTypeInfoModel.java:78)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVirtualParents(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.setupVtablePrefixes(VtableModel.java:252)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:103)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:71)
at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.getValidVtable(ClassTypeInfoUtils.java:142)
at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.findVtable(ClassTypeInfoUtils.java:105)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:77)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVtable(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:31)
at ghidra.app.cmd.data.rtti.ClassTypeInfo.getVtable(ClassTypeInfo.java:68)
at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.setupVftables(AbstractCppClassAnalyzer.java:133)
at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:101)
at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:190)
at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
at java.base/java.lang.Thread.run(Thread.java:830)The way each type_info is identified is by leveraging the fact that each one starts with a _vptr pointing to its vtable. So a class_type_info instances first member will be a pointer to class_type_info::vtable, an si_class_type_info instance's will be __si_class_type_info::vtable, etc. Assuming std::exception::~exception * has been optimized away to `cxa_free_exception *I think it is safe to assume that this is supposed to be the type_info for a custom exception with the default destructor. If it was a standard exception the typename would start withStbut I can see it starts with18`.
Is this a binary which you have the rights to distribute and is not malicious? It would ensure I can easily reproduce this. If not I can hackup some code later tonight if time allows or this weekend with some custom exceptions and see if I can figure out what is going on.
TheAifam5
commented
4 years ago I don’t have rights to publish the binary but I can share more info via email.
Contact me on theaifam5@gmail.com
astrelsky
commented
4 years ago I don’t have rights to publish the binary but I can share more info via email.
Contact me on theaifam5@gmail.com
I will contact you later this afternoon.
It appears I have forgotten two important questions. Is this a static or dynamic binary? Also, is the issue present using ghidra 9.1? Knowing whether it is present in 9.1 will help rule out further issues related to the recent demangler changes in ghidra.
TheAifam5
commented
4 years ago Its a shared library (.so). I never used 9.1 version so I can’t tell. I‘m using Ghidra from master branch.
astrelsky
commented
4 years ago Its a shared library (.so). I never used 9.1 version so I can’t tell. I‘m using Ghidra from master branch.
Ah. If the library has any external dependencies, such as libstdc++.so, have they been imported into the project and resolved? The analyzer is supposed to open the external library in ghidra, in the background if not already open, read the data it needs and then close it if it was in the background. However, if it was unable to verify a type_info because the library wasn't present in the project the analyzer is supposed to ignore it, keep analyzing and then inform the user when analysis is complete.
TheAifam5
commented
4 years ago I never imported dependencies but I will give a try. It does not break the analysis but I see a lot if errors related to this issue.
astrelsky
commented
4 years ago I never imported dependencies but I will give a try. It does not break the analysis but I see a lot if errors related to this issue.
Oh my. I've found my mistake. https://github.com/astrelsky/Ghidra-Cpp-Class-Analyzer/blob/2c8427e593777b0c6cd9ad9d75d579502a628fed/src/main/java/ghidra/app/cmd/data/rtti/gcc/TypeInfoUtils.java#L314-L326
I built up the message to inform the user and then did nothing with it. :man_facepalming:
I am able to recreate the problem rather easily. This does appear to be the problem.
astrelsky
commented
4 years ago This should be fixed by 7ab80c279c199a95a38d9474077b62499bc37892. If you encounter anymore problems feel free to reopen this.
If you get any "Transaction has not been started" errors let me know. I think I got them all though. It is best to open and analyze the external libraries first though.
TheAifam5
commented
4 years ago The problem still exists. The libstdc++.so.6 is analyzed with default options + all RTTI options enabled. I also noticed that, even the imports are loaded and the functions are in <EXTERNAL> rather in the specific import library.
All imports expanded, except the <EXTERNAL>:
2020-04-12 16:52:29 INFO (ProgramManagerPlugin) Opened program in CodeBrowser tool: Game:/libstdc++.so.6
2020-04-12 16:52:29 ERROR (TypeInfoFactory) Unknown Exception ghidra.program.model.data.InvalidDataTypeException: The TypeInfo at 020af0b0 is not valid
at ghidra.app.cmd.data.rtti.gcc.typeinfo.ClassTypeInfoModel.getModel(ClassTypeInfoModel.java:35)
at ghidra.app.cmd.data.rtti.gcc.factory.TypeInfoFactory.getTypeInfo(TypeInfoFactory.java:108)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.BaseClassTypeInfoModel.getClassModel(BaseClassTypeInfoModel.java:125)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.VmiClassTypeInfoModel.getVirtualParents(VmiClassTypeInfoModel.java:173)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractSiClassTypeInfoModel.getVirtualParents(AbstractSiClassTypeInfoModel.java:88)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVirtualParents(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.setupVtablePrefixes(VtableModel.java:252)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:103)
at ghidra.app.cmd.data.rtti.gcc.VtableModel.<init>(VtableModel.java:71)
at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.getValidVtable(ClassTypeInfoUtils.java:142)
at ghidra.app.cmd.data.rtti.gcc.ClassTypeInfoUtils.findVtable(ClassTypeInfoUtils.java:105)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:77)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.SiClassTypeInfoModel.getVtable(SiClassTypeInfoModel.java:14)
at ghidra.app.cmd.data.rtti.gcc.typeinfo.AbstractClassTypeInfoModel.getVtable(AbstractClassTypeInfoModel.java:31)
at ghidra.app.cmd.data.rtti.ClassTypeInfo.getVtable(ClassTypeInfo.java:68)
at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.setupVftables(AbstractCppClassAnalyzer.java:136)
at ghidra.app.plugin.prototype.CppCodeAnalyzerPlugin.AbstractCppClassAnalyzer.added(AbstractCppClassAnalyzer.java:104)
at ghidra.app.plugin.core.analysis.AnalysisScheduler.runAnalyzer(AnalysisScheduler.java:190)
at ghidra.app.plugin.core.analysis.AnalysisTask.applyTo(AnalysisTask.java:39)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager$AnalysisTaskWrapper.run(AutoAnalysisManager.java:685)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:785)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:664)
at ghidra.app.plugin.core.analysis.AutoAnalysisManager.startAnalysis(AutoAnalysisManager.java:629)
at ghidra.app.plugin.core.analysis.AnalysisBackgroundCommand.applyTo(AnalysisBackgroundCommand.java:58)
at ghidra.framework.plugintool.mgr.BackgroundCommandTask.run(BackgroundCommandTask.java:101)
at ghidra.framework.plugintool.mgr.ToolTaskManager.run(ToolTaskManager.java:315)
at java.base/java.lang.Thread.run(Thread.java:830)
Log:
At that address: