search

gloxec / CrossC2

generate CobaltStrike's cross-platform payload
2.2k stars 339 forks source link

macOS Ventura更新后报错segmentation fault #183

Closed lyuancx closed 9 months ago

lyuancx commented 1 year ago

更新后系统运行gencrossc2发现报错,之前无发现此问题。m1 芯片

❯ ./genCrossC2.MacOS
[1]    2208 segmentation fault  ./genCrossC2.MacOS

报错信息如下

-------------------------------------
Translated Report (Full Report Below)
-------------------------------------

Incident Identifier: E3A6BAB8-2526-4C74-B39C-72A03FEC6589
CrashReporter Key:   805F5D29-0486-2BBF-C9BC-E40B224E68D4
Hardware Model:      MacBookPro18,1
Process:             genCrossC2.MacOS [59780]
Path:                /Users/USER/*/genCrossC2.MacOS
Identifier:          genCrossC2.MacOS
Version:             ???
Code Type:           X86-64 (Native)
Role:                Unspecified
Parent Process:      zsh [59632]
Coalition:           com.googlecode.iterm2 [595]
Responsible Process: iTerm2 [600]

Date/Time:           2022-11-30 22:16:13.0014 +0800
Launch Time:         2022-11-30 22:16:12.7537 +0800
OS Version:          macOS 13.0.1 (22A400)
Release Type:        User
Report Version:      104

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x000000021b719000
Exception Codes: 0x0000000000000001, 0x000000021b719000
VM Region Info: 0x21b719000 is not in any region.  Bytes after previous region: 325193729  Bytes before following region: 58595373056
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __DATA               2078fc000-2080f8000    [ 8176K] rw-/rwx SM=PRV  ...ed lib __DATA
--->  GAP OF 0xdb7f08000 BYTES
      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---/--- SM=NUL  ...(unallocated)
Termination Reason: SIGNAL 11 Segmentation fault: 11
Terminating Process: exc handler [59780]

Highlighted by Thread:  0

Backtrace not available

No thread state (register information) available

Binary Images:
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

Error Formulating Crash Report:
_dyld_process_info_create failed with 5
dyld_process_snapshot_create_for_process failed with 0
Failed to create CSSymbolicatorRef - corpse still valid ¯\_(ツ)_/¯
thread_get_state(PAGEIN) returned 0x10000003: (ipc/send) invalid destination port
thread_get_state(EXCEPTION) returned 0x10000003: (ipc/send) invalid destination port
thread_get_state(FLAVOR) returned 0x10000003: (ipc/send) invalid destination port

EOF

-----------
Full Report
-----------

{"app_name":"genCrossC2.MacOS","timestamp":"2022-11-30 22:16:13.00 +0800","app_version":"","slice_uuid":"00000000-0000-0000-0000-000000000000","build_version":"","platform":0,"share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"macOS 13.0.1 (22A400)","roots_installed":0,"incident_id":"E3A6BAB8-2526-4C74-B39C-72A03FEC6589","name":"genCrossC2.MacOS"}
{
  "uptime" : 35000,
  "procRole" : "Unspecified",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "MacBookPro18,1",
  "coalitionID" : 595,
  "osVersion" : {
    "train" : "macOS 13.0.1",
    "build" : "22A400",
    "releaseType" : "User"
  },
  "captureTime" : "2022-11-30 22:16:13.0014 +0800",
  "incident" : "E3A6BAB8-2526-4C74-B39C-72A03FEC6589",
  "pid" : 59780,
  "translated" : true,
  "cpuType" : "X86-64",
  "roots_installed" : 0,
  "bug_type" : "309",
  "procLaunch" : "2022-11-30 22:16:12.7537 +0800",
  "procStartAbsTime" : 858631358194,
  "procExitAbsTime" : 858637184994,
  "procName" : "genCrossC2.MacOS",
  "procPath" : "\/Users\/USER\/*\/genCrossC2.MacOS",
  "parentProc" : "zsh",
  "parentPid" : 59632,
  "coalitionName" : "com.googlecode.iterm2",
  "crashReporterKey" : "805F5D29-0486-2BBF-C9BC-E40B224E68D4",
  "responsiblePid" : 600,
  "responsibleProc" : "iTerm2",
  "wakeTime" : 386,
  "sleepWakeUUID" : "4AE29464-320E-4CD0-9635-84046E25FBD5",
  "sip" : "enabled",
  "vmRegionInfo" : "0x21b719000 is not in any region.  Bytes after previous region: 325193729  Bytes before following region: 58595373056\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      unused __DATA               2078fc000-2080f8000    [ 8176K] rw-\/rwx SM=PRV  ...ed lib __DATA\n--->  GAP OF 0xdb7f08000 BYTES\n      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---\/--- SM=NUL  ...(unallocated)",
  "exception" : {"codes":"0x0000000000000001, 0x000000021b719000","rawCodes":[1,9050361856],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x000000021b719000"},
  "termination" : {"flags":1024,"code":11,"namespace":"SIGNAL","indicator":"Segmentation fault: 11","byProc":"exc handler","byPid":59780},
  "vmregioninfo" : "0x21b719000 is not in any region.  Bytes after previous region: 325193729  Bytes before following region: 58595373056\n      REGION TYPE                    START - END         [ VSIZE] PRT\/MAX SHRMOD  REGION DETAIL\n      unused __DATA               2078fc000-2080f8000    [ 8176K] rw-\/rwx SM=PRV  ...ed lib __DATA\n--->  GAP OF 0xdb7f08000 BYTES\n      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---\/--- SM=NUL  ...(unallocated)",
  "extMods" : {"caller":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"system":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"targeted":{"thread_create":0,"thread_set_state":0,"task_for_pid":0},"warnings":0},
  "usedImages" : [
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "legacyInfo" : {
  "threadHighlighted" : 0
},
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "5ffde50ce2aacd000d47a95f",
      "factorPackIds" : {

      },
      "deploymentId" : 240000223
    },
    {
      "rolloutId" : "62cdf63ddb3b7109d6d765cc",
      "factorPackIds" : {
        "SIRI_UNDERSTANDING_TMDC" : "62cdf6dddb3b7109d6d765cd"
      },
      "deploymentId" : 240000007
    }
  ],
  "experiments" : [

  ]
},
  "reportNotes" : [
  "_dyld_process_info_create failed with 5",
  "dyld_process_snapshot_create_for_process failed with 0",
  "Failed to create CSSymbolicatorRef - corpse still valid ¯\\_(ツ)_\/¯",
  "thread_get_state(PAGEIN) returned 0x10000003: (ipc\/send) invalid destination port",
  "thread_get_state(EXCEPTION) returned 0x10000003: (ipc\/send) invalid destination port",
  "thread_get_state(FLAVOR) returned 0x10000003: (ipc\/send) invalid destination port"
]
}
gloxec commented 1 year ago

可能是x86指令翻译后出的问题,后续会打包m1版本

lyuancx commented 1 year ago

可能是x86指令翻译后出的问题,后续会打包m1版本

可以自行编译吗。

gloxec commented 9 months ago

@lyuancx 最新版已解决,同类问题见: https://github.com/gloxec/CrossC2/issues/190