search

illera88 / Ponce

IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
https://docs.idaponce.com
Other
1.48k stars 72 forks source link

Pone v0.2 doesn't work with IDA 6.95 #66

Closed Jello closed 7 years ago

Jello commented 7 years ago

In IDA 6.95, whether using 32-bit or 64-bit IDA the Ponce plugin fails to do anything and the Symbolic options are grayed out. Enabling Ponce tracing will pop up at a message about an instruction decoding error at an invalid address. image

The console output on 64-bit IDA 6.95 is:

[+] Ponce plugin version: 0.1.20161027.deceab6 running!

[+] Reanalizyng instruction at 0x1667cb00000000 [!] Dissasembling error at 0x1667cb00000000 Opcodes:ff ff ff Enabling step tracing Command "JumpAsk" failed Command "JumpAsk" failed Disabling step tracing [+] Reanalizyng instruction at 0x1667cb00000000 [!] Dissasembling error at 0x1667cb00000000 Opcodes:ff ff Enabling step tracing Disabling step tracing [+] Reanalizyng instruction at 0x1667cb00000000 [!] Dissasembling error at 0x1667cb00000000 Opcodes:ff ff Enabling step tracing

And the console output on 32-bit IDA 6.95 is:

[!] Config file Ponce.cfg not found

limitTime: 60 limitInstructionsTracingMode: 10000 use_symbolic_engine: symbolic engine enabled auto_init: false showDebugInfo: true showExtraDebugInfo: false taintArgv: true taintEndOfString: true taintArgv0: false taintArgc: true taintRecv: false taintFread: false only_on_optimization: true manageSymbolicIndexing: false addCommentsControlledOperands: true RenameTaintedFunctionNames: true addCommentsSymbolicExpresions: false paintExecutedInstructions: true color_tainted: 99ffce color_tainted_execution: e6e6e6 color_tainted_condition: b377 Flushing buffers, please wait...ok [+] Ponce plugin version: 0.1.20161027.deceab6 running! [+] Reanalizyng instruction at 0x5784b99e [!] Dissasembling error at 0x5784b99e Opcodes:ff Enabling step tracing

Please help.

0ca commented 7 years ago

Hi,

Could you give us more information about how are you running the analyzed binaries?

Is this address correct? 0x1667cb00000000

Jello commented 7 years ago

Oh I didn't realize the binary needed to be run. So there needs to be an active debugger connection in order to use Ponce, even if I'm just using the symbolic execution?

The 0x1667cb00000000 address doesn't exist within the binary.

Jello commented 7 years ago

Needing to attach the debugger was the issue, closing.