search

avast / retdec

RetDec is a retargetable machine-code decompiler based on LLVM.
https://retdec.com/
MIT License
7.98k stars 944 forks source link

retdec-bin2llvmir fails with "Decompilation to LLVM IR failed" during decoding #517

Open takid2848 opened 5 years ago

takid2848 commented 5 years ago

2

File info : Input file : D:\a.so CRC32 : 7523d768 MD5 : 1ace6033c611ff7ef872c6af348b9919 SHA256 : 559b76686348fead7d6ef4b69c8fcc006bba1d6075fa1e370cc67cfb1fc5e065 File format : ELF File class : 32-bit File type : DLL Architecture : ARM Endianness : Little endian Detected tool : gold (1.11) (linker), .note section heuristic Detected tool : GCC (4.9) (compiler), .comment section heuristic Detected tool : GCC (4.8) (compiler), .comment section heuristic Detected tool : GCC (4.4.3) (compiler), .comment section heuristic Original language : C++

3

Pefile doesn't worked;

a.zip

this is the file that doesn't decompiled;

silverbacknet commented 5 years ago

You need to wipe your whole Python installation out and reinstall from scratch. Py3 should not be calling Py2 at the end there.

s3rvac commented 5 years ago

Thank you for the report.

As for the retdec-bin2llvmir failure, I have tried decompiling the file on Linux, but the decoding phase has not finished in 30 minutes so I stopped it. @PeterMatula can you please verify?

As for the pefile failure, this is not related to RetDec (we do not use pefile in RetDec). You will have to report the error upstream. My guess is that you are trying to run the Python 2 version of pefile with Python 3. If so, you will either have to run pefile via Python 2 or use a Python 3 fork of pefile.

takid2848 commented 5 years ago

retdec-decompiler.py --no-memory-limit helped me to skip the "In put binarr..; but this still has an problem.

I will show what happens.

takid2848 commented 5 years ago

6

First. the decompiling used so many rams so I needed to use --no momory limit options. So I could continue decompiling.(Used about 7GB RAMS)

8

But when I skiped to 'Conditional branch optimization; This used My ram so much.

12

And the Orange part was increased; I don't know why.

13

And this failed. I tried 4 times and I could see two types of error. 4 15

This two one.

And I found an appcrash. There was three logs but all of them were same.

Report.war

Version=1 EventType=APPCRASH EventTime=131963561279526067 ReportType=2 Consent=1 UploadTime=131963561280150068 ReportIdentifier=26f61492-401c-11e9-9e90-88532ed42b45 IntegratorReportIdentifier=26f61491-401c-11e9-9e90-88532ed42b45 Response.BucketId=2637290384 Response.BucketTable=511265244 Response.type=4 Sig[0].Name=응용 프로그램 이름 Sig[0].Value=retdec-bin2llvmir.exe Sig[1].Name=응용 프로그램 버전 Sig[1].Value=0.0.0.0 Sig[2].Name=응용 프로그램 타임스탬프 Sig[2].Value=5b7523f1 Sig[3].Name=오류 모듈 이름 Sig[3].Value=VCRUNTIME140.dll Sig[4].Name=오류 모듈 버전 Sig[4].Value=14.16.27012.6 Sig[5].Name=오류 모듈 타임스탬프 Sig[5].Value=5bc12a95 Sig[6].Name=예외 코드 Sig[6].Value=c0000005 Sig[7].Name=예외 오프셋 Sig[7].Value=00000000000013d6 DynamicSig[1].Name=OS 버전 DynamicSig[1].Value=6.1.7601.2.1.0.256.48 DynamicSig[2].Name=로캘 ID DynamicSig[2].Value=1042 DynamicSig[22].Name=추가 정보 1 DynamicSig[22].Value=5637 DynamicSig[23].Name=추가 정보 2 DynamicSig[23].Value=5637aafa75d2bb676451da7f9afc8918 DynamicSig[24].Name=추가 정보 3 DynamicSig[24].Value=9c7e DynamicSig[25].Name=추가 정보 4 DynamicSig[25].Value=9c7e8372fa21a13361140120d818e113 UI[2]=C:\Users\Administrator\Desktop\retdec\bin\retdec-bin2llvmir.exe UI[3]=retdec-bin2llvmir.exe의 작동이 중지되었습니다. UI[4]=온라인으로 문제에 대한 해결 방법을 확인할 수 있습니다. UI[5]=온라인으로 해결 방법을 확인하고 프로그램을 닫습니다. UI[6]=나중에 온라인으로 해결 방법을 확인하고 프로그램을 닫습니다. UI[7]=프로그램 닫기 LoadedModule[0]=C:\Users\Administrator\Desktop\retdec\bin\retdec-bin2llvmir.exe LoadedModule[1]=C:\Windows\SYSTEM32\ntdll.dll LoadedModule[2]=C:\Program Files\AVAST Software\Avast\aswhook.dll LoadedModule[3]=C:\Windows\system32\kernel32.dll LoadedModule[4]=C:\Windows\system32\KERNELBASE.dll LoadedModule[5]=C:\Users\Administrator\Desktop\retdec\bin\retdec-libdwarf.dll LoadedModule[6]=C:\Users\Administrator\Desktop\retdec\bin\retdec-libelf.dll LoadedModule[7]=C:\Windows\system32\VCRUNTIME140.dll LoadedModule[8]=C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll LoadedModule[9]=C:\Windows\system32\ucrtbase.DLL LoadedModule[10]=C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll LoadedModule[11]=C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll LoadedModule[12]=C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll LoadedModule[13]=C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll LoadedModule[14]=C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll LoadedModule[15]=C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll LoadedModule[16]=C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll LoadedModule[17]=C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll LoadedModule[18]=C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll LoadedModule[19]=C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll LoadedModule[20]=C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll LoadedModule[21]=C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll LoadedModule[22]=C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll LoadedModule[23]=C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll LoadedModule[24]=C:\Windows\system32\WS2_32.dll LoadedModule[25]=C:\Windows\system32\msvcrt.dll LoadedModule[26]=C:\Windows\system32\RPCRT4.dll LoadedModule[27]=C:\Windows\system32\NSI.dll LoadedModule[28]=C:\Windows\system32\CRYPT32.dll LoadedModule[29]=C:\Windows\system32\MSASN1.dll LoadedModule[30]=C:\Windows\system32\SHLWAPI.dll LoadedModule[31]=C:\Windows\system32\GDI32.dll LoadedModule[32]=C:\Windows\system32\USER32.dll LoadedModule[33]=C:\Windows\system32\LPK.dll LoadedModule[34]=C:\Windows\system32\USP10.dll LoadedModule[35]=C:\Windows\system32\MSVCP140.dll LoadedModule[36]=C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll LoadedModule[37]=C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll LoadedModule[38]=C:\Windows\system32\ADVAPI32.dll LoadedModule[39]=C:\Windows\SYSTEM32\sechost.dll LoadedModule[40]=C:\Windows\system32\IMM32.DLL LoadedModule[41]=C:\Windows\system32\MSCTF.dll LoadedModule[42]=C:\Windows\system32\nvinitx.dll LoadedModule[43]=C:\Windows\system32\VERSION.dll LoadedModule[44]=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll LoadedModule[45]=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll LoadedModule[46]=C:\Windows\system32\SETUPAPI.dll LoadedModule[47]=C:\Windows\system32\CFGMGR32.dll LoadedModule[48]=C:\Windows\system32\OLEAUT32.dll LoadedModule[49]=C:\Windows\system32\ole32.dll LoadedModule[50]=C:\Windows\system32\DEVOBJ.dll LoadedModule[51]=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll LoadedModule[52]=C:\Windows\system32\Dbghelp.dll State[0].Key=Transport.DoneStage1 State[0].Value=1 State[1].Key=DataRequest State[1].Value=Bucket=-1657676912/nBucketTable=511265244/nResponse=1/n FriendlyEventName=작동이 중지됨 ConsentKey=APPCRASH AppName=retdec-bin2llvmir.exe AppPath=C:\Users\Administrator\Desktop\retdec\bin\retdec-bin2llvmir.exe

s3rvac commented 5 years ago

@takid2848 The Could not acquire a cryptographic context error suggests that you do not have enough memory to decompile the file (see #387 and #73). Unfortunately, for some decompilations, RetDec requires a lot of memory.