search

dod-cyber-crime-center / pyhidra

Pyhidra is a Python library that provides direct access to the Ghidra API within a native CPython interpreter using jpype.
Other
182 stars 16 forks source link

BUG: importProgram returns None #30

Closed JP-E closed 9 months ago

JP-E commented 1 year ago

I get the following error opening some programs (Mach-O files, and some Windows PE files). I've debugged the error and it appears to come from project.importProgram(binary_path) returning None in pyhidra/core.py:86.

Code to reproduce:

with pyhidra.open_program( path, project_name=utils.sha3_512_file(path), project_location=r"/tmp/ghidra-analyeses") as flat_api:
    # do stuff
    # error
    ^^^^^^^
  File "/opt/project/lib/python3.11/site-packages/pyhidra/core.py", line 91, in _setup_project
    project.saveAs(program, "/", program.getName(), True)
    ^^^^^^^                                                                                                                                                                                  
AttributeError: 'NoneType' object has no attribute 'getName'

Happy to share files that cause this error, but some of them are malware. The OS X binary /usr/bin/find also triggers this bug.

Version info:

# java -version
openjdk version "1.8.0_372"
OpenJDK Runtime Environment (build 1.8.0_372-b07)
OpenJDK 64-Bit Server VM (build 25.372-b07, mixed mode)

Using Ghidra release 10.2.2, Python 3.11, Arch Linux.

JP-E commented 1 year ago

The bug is caused from an error in the Ghidra analysis. In my case, it was an error detecting the default processor and can be fixed by setting language=XXX e.g. language=x86:LE:32:default when calling pyhidra.open_program.

dc3-tsd commented 1 year ago

We made an update to Pyhidra so that it will produce a more helpful error message when this happens.

dc3-tsd commented 11 months ago

This should be fixed in the latest release.