Closed m4b closed 7 years ago
Some obligatory screenshots:
il dump
reverse deps
panic in libc ;)
m4b@efrit :: [ ~/projects/panopticon/cli ] panop /usr/lib/libc.so.6 --reverse-deps -f printf
thread 'main' panicked at '__memcpy_chk_ssse3_back has a call address 0x7fac3ea, but there isn't a function with that address in the program object', /checkout/src/libcore/option.rs:823:4
note: Run with `RUST_BACKTRACE=1` for a backtrace.
@m4b does it again! ❇️ 🥇
btw, it didn't panic when running it against my libc 😕
I should have clarified, the panic is because the reverse deps check makes sure that any function in the call addresses is also a resolved function in the program object.
This is a good assertion imho, but if we don't want to panic can just skip and warn for that call address.
The function could be missing if for example it couldn't disassemble it because it encountered and error or some fancy instruction, etc.
I'll test some more to see which function it is, should be deterministic since the call address is checkable in gdb, etc.
@flanfly while you're here, could you help to implement leaq
in RREIL? I've been investigating it but it would be great if you could give a pointer, or knew what to do
Adds new PLT resolution scheme for mach and elf binaries.
I think we'll want to reexport as FunctionKind perhaps);Also:
--reverse-deps
flag for printing every function that calls the given function -f--il
to dump rreil (in color, along with the mnemonic it implements, good for surveying what needs to be implemented)