search

cmu-sei / pharos

Automated static analysis tools for binary programs
Other
1.49k stars 184 forks source link

crash in partitioning: basic block does not contain instruction #246

Closed hanetzer closed 4 months ago

hanetzer commented 1 year ago

Seemed to be making decent progress and it crashed all the way at the end. Using a rented vps for this, and I couldn't find any related issues for it.

sample.dll is a mixed mode c#/c++ dll with native functions; my use case is using ooanalyzer for that part, as the c# bits can be trivially reversed with things like dnSpy.

partition --serialize sample.ser --maximum-memory=51200 --no-semantics sample.dll
OPTI[INFO ]: Analyzing executable: sample.dll
PRT2[MARCH]: cfg:   0% [---------------] 2228 bytes 910 blks 789 funcs
OPTI[INFO ]: ROSE stock partitioning took 458.371 seconds.
OPTI[INFO ]: Partitioned 29287070 bytes, 39623 instructions, 12091 basic blocks, 694 data blocks and 967 functions.
PART[FATAL]: Pharos main error: (Rose::BinaryAnalysis::Partitioner2::BasicBlockError) basic block 0x12e79b80 does not contain instruction "0x12e79b72: xor dword ss:[ebp + 0x26cea4e7], ecx" for truncation
PART[FATAL]: Backtrace:
PART[FATAL]: | /usr/local/bin/../lib/libpharos.so(+0x9417cb) [0x7fad253797cb]
PART[FATAL]: | /lib/x86_64-linux-gnu/libstdc++.so.6(+0xae24c) [0x7fad2483324c]
PART[FATAL]: | /lib/x86_64-linux-gnu/libstdc++.so.6(+0xae2b7) [0x7fad248332b7]
PART[FATAL]: | /lib/x86_64-linux-gnu/libstdc++.so.6(__cxa_rethrow+0x4b) [0x7fad2483356b]
PART[FATAL]: | /usr/local/bin/../lib/libpharos.so(+0x91d266) [0x7fad25355266]
PART[FATAL]: | /usr/local/bin/../lib/libpharos.so(pharos::DescriptorSet::DescriptorSet(pharos::ProgOptVarMap const&, std::vector<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::allocator<std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> > > > const&, bool)+0x7e0) [0x7fad25646650]
PART[FATAL]: | /usr/local/bin/../lib/libpharos.so(pharos::partition(pharos::ProgOptVarMap const&)+0x1a5) [0x7fad25646fb5]
PART[FATAL]: | partition(+0xe6ae) [0x564d10a516ae]
PART[FATAL]: | partition(+0xce50) [0x564d10a4fe50]
PART[FATAL]: | /lib/x86_64-linux-gnu/libc.so.6(+0x29d90) [0x7fad24564d90]
PART[FATAL]: | /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0x80) [0x7fad24564e40]
PART[FATAL]: | partition(+0xd205) [0x564d10a50205]
hanetzer commented 1 year ago

RevID: 3212faa8a8c054153ebeffebb2ffd6849701e5ee

sei-mwd commented 1 year ago

Would it be possible to send us a copy of sample.dll so we can recreate the problem?

hanetzer commented 1 year ago

Sure, where to?

sei-mwd commented 1 year ago

Can you attach it to this issue in a comment? At the bottom of the comment entry field is the option to attach files.

hanetzer commented 1 year ago

lets see if it'll let me. its a bit on the large size. Ah nope, 25mb is the max, and the zipped version is 39mb.

sei-mwd commented 1 year ago

Okay. Please try sending it to me at mwd@cert.org .

sei-eschwartz commented 4 months ago

@sei-mwd What happened here?

sei-mwd commented 4 months ago

I don't recall receiving anything. I can't find an appropriate email in that time frame.