search

joxeankoret / diaphora

Diaphora, the most advanced Free and Open Source program diffing tool.
http://diaphora.re
GNU Affero General Public License v3.0
3.58k stars 371 forks source link

[BUG] [BETA BUILD] Error producing sqlite file for a binary #256

Closed r0ny123 closed 1 year ago

r0ny123 commented 1 year ago

beta build: 100423

Got the following error in IDA console:

[Diaphora: Mon Apr 10 23:55:34 2023] Creating crash file C:\Users\rony\Desktop\MAL_FAMILY\EMOTET_x64\8dea6adacdf2dc133a1891adbd5ad6399b684920406591092051d20a23b1d637_unpacked.sqlite-crash...
[Diaphora: Mon Apr 10 23:55:34 2023] Exporting range 0x180001000 - 0x180029000
180001170: restored microcode from idb
180001170: restored pseudocode from idb
[Diaphora: Mon Apr 10 23:55:34 2023] Error: '' is not in list
Traceback (most recent call last):
  File "C:/Users/rony/Desktop/Tools/diaphora-beta-100423/public\diaphora_ida.py", line 1011, in export
    self.do_export(crashed_before)
  File "C:/Users/rony/Desktop/Tools/diaphora-beta-100423/public\diaphora_ida.py", line 961, in do_export
    props = self.read_function(func)
  File "C:/Users/rony/Desktop/Tools/diaphora-beta-100423/public\diaphora_ida.py", line 2556, in read_function
    microcode, clean_microcode, microcode_spp = self.extract_microcode(f)
  File "C:/Users/rony/Desktop/Tools/diaphora-beta-100423/public\diaphora_ida.py", line 2294, in extract_microcode
    micro_spp *= self.primes[self.microcode_ins_list.index(mnem)]
ValueError: '' is not in list
[Diaphora: Mon Apr 10 23:55:34 2023] Removing crash file C:\Users\rony\Desktop\MAL_FAMILY\EMOTET_x64\8dea6adacdf2dc133a1891adbd5ad6399b684920406591092051d20a23b1d637_unpacked.sqlite-crash...
[Diaphora: Mon Apr 10 23:55:34 2023] Database exported, time taken: 0:00:02.422000.
joxeankoret commented 1 year ago

Could you please share the unpacked sample?

r0ny123 commented 1 year ago

Not binary specific. So, here's the step to reproduce:

Now, there is a following warning message in IDA console after performing the 3rd step:

WARNING: Form "Diaphora" was not Free()d. Force-freeing.
joxeankoret commented 1 year ago

Should be fixed with the version published today.