Installation Error: Missing `capstone-disassemble`

[H0r53]

Bug Report

• [X] Is your bug specific to GEF (not GDB)? - Try to reproduce it running gdb -nx
• [X] Did you search through the documentation first?
• [X] Did you check issues (including the closed ones) - and the PR?

Step 1: Describe your environment

• Operating System / Distribution: Ubuntu 20.04.6 LTS
• Architecture: x86_64
• GEF version (including the Python library version) run version in GEF. GDB version: GNU gdb (Ubuntu 9.2-0ubuntu1~20.04.2) 9.2 GEF version: .gef-2024.06.py Python version: Python 3.8.10

Step 2: Describe your problem

Fresh installation of GEF and GEF-extras. However, on running GDB an error/warning occurs regarding one of the GEF plugins for capstone.

gef➤  gef missing
[*] Missing `capstone-disassemble`: reason: 'capstone-disassemble.use-capstone')

I've verified that capstone is installed via pip

Steps to reproduce

1. Update system: sudo apt update -y && sudo apt upgrade -y
2. Install GEF: bash -c "$(curl -fsSL https://gef.blah.cat/sh)"
3. Install gef-extras: wget -q -O- https://github.com/hugsy/gef/raw/main/scripts/gef-extras.sh | sh
4. Launch gdb: gdb

gdb / gef output:

93 commands loaded and 5 functions added for GDB 9.2 in 0.00ms using Python engine 3.8
Traceback (most recent call last):
  File "/home/ubuntu/.config/gef-extras/scripts/emulate/__init__.py", line 12, in <module>
    import unicorn
  File "/home/ubuntu/.local/lib/python3.8/site-packages/unicorn/__init__.py", line 4, in <module>
    from .unicorn import Uc, ucsubclass, uc_version, uc_arch_supported, version_bind, debug, UcError, __version__
  File "/home/ubuntu/.local/lib/python3.8/site-packages/unicorn/unicorn.py", line 14, in <module>
    from .unicorn_py3 import *
  File "/home/ubuntu/.local/lib/python3.8/site-packages/unicorn/unicorn_py3/__init__.py", line 1, in <module>
    from .unicorn import *
  File "/home/ubuntu/.local/lib/python3.8/site-packages/unicorn/unicorn_py3/unicorn.py", line 200, in <module>
    uclib = __load_uc_lib()
  File "/home/ubuntu/.local/lib/python3.8/site-packages/unicorn/unicorn_py3/unicorn.py", line 99, in __load_uc_lib
    resources.files("unicorn") / 'lib'
AttributeError: module 'importlib.resources' has no attribute 'files'
Traceback (most recent call last):
  File "/home/ubuntu/.config/gef-extras/scripts/libc_function_args/tables/generator.py", line 32, in <module>
    function_dict: dict[str, List[str]], _params: List[str], outfile_name: pathlib.Path
TypeError: 'type' object is not subscriptable

Observed Results

• What happened? This could be a description, log output, etc.

Error in loading gef-extras out of the box

Expected results

• What did you expect to happen?

GDB & GEF launch with no errors

[hugsy]

From your traceback, the issue comes from the unicorn support for 3.8, not GEF.

Traceback (most recent call last):
[...]
    uclib = __load_uc_lib()
  File "/home/ubuntu/.local/lib/python3.8/site-packages/unicorn/unicorn_py3/unicorn.py", line 99, in __load_uc_lib
    resources.files("unicorn") / 'lib'
AttributeError: module 'importlib.resources' has no attribute 'files'

This is a well-known Python < 3.9 issue, you can google around for some workarounds, but the best fix is to use a more modern version of Python. You can try pinning the version unicorn used too.

Regardless, this is not GEF-specific.

[W0nda]

I've the same problem but I only have the [*] Missing `capstone-disassemble`: reason: 'capstone-disassemble.use-capstone') message.

How do you do to obtain the errors ? @H0r53

When I launch the commands

gef➤  capstone
[*] No debugging session active
gef➤  capstone-disassemble
[*] No debugging session active

After a start command (debugging session active):

gef➤  capstone
 →      0x400186                  push   rbp
        0x400187                  mov    rbp, rsp
        0x40018a                  mov    eax, 1
        0x40018f                  mov    edi, 1
        0x400194                  movabs rsi, 0x4000b0
        0x40019e                  mov    edx, 0x32
gef➤  capstone-disassemble
 →      0x400186                  push   rbp
        0x400187                  mov    rbp, rsp
        0x40018a                  mov    eax, 1
        0x40018f                  mov    edi, 1
        0x400194                  movabs rsi, 0x4000b0
        0x40019e                  mov    edx, 0x32

Is there a possibility that capstone and captone-disassemble are supposed to be the same ?

[hugsy]

Is there a possibility that capstone and captone-disassemble are supposed to be the same ?

From GDB docs:

GDB can fill in the rest of a word in a command for you, if there is only one possibility; it can also show you what the valid possibilities are for the next word in a command, at any time. This works for GDB commands, GDB subcommands, command options, and the names of symbols in your program.