search

lunixbochs / usercorn

dynamic binary analysis via platform emulation
MIT License
887 stars 100 forks source link

Latest unicorn breaks x86_64 guest? #152

Closed MagaTailor closed 8 years ago

MagaTailor commented 8 years ago

On ARM host at least, I'm seeing this, no matter the command:

invalid read: @0x0, 0x8 = 0x0

Example trace footer:

$ ./usercorn -etrace busybox-x86_64 cal

+ block @0x4aeda0
                              0x4aeda0:           4889fa mov rdx, rdi
                              0x4aeda3:       be681e4f00 mov esi, 0x4f1e68
                              0x4aeda8:     41ba08000000 mov r10d, 8
                              0x4aedae:       b80e000000 mov eax, 0xe
                              0x4aedb3:             31ff xor edi, edi
                              0x4aedb5:             0f05 syscall 
                              rax 0x0000000000000000 

                            + block @0x4aedb7
                              0x4aedb7:               c3 ret 

                          + block @0x4b5ce8
                            0x4b5ce8: 488db4247c090000 lea rsi, qword ptr [rsp + 0x97c]
                            0x4b5cf0:       bf01000000 mov edi, 1
                            0x4b5cf5:       e85efeffff call 0x4b5b58

                            + block @0x4b5b58
                              0x4b5b58:           83ff02 cmp edi, 2
                              0x4b5b5b:       b816000000 mov eax, 0x16
                              0x4b5b60:             7718 ja 0x4b5b7a

                            + block @0x4b5b62
                              0x4b5b62: 64488b142500000000 mov rdx, qword ptr fs:[0]
invalid read: @0x0, 0x8 = 0x0
[memory map]
  0x400000-0x4f8000 r-x busybox-x86_64 [exe]
  0x6f6000-0x6fb000 rw- busybox-x86_64 [brk]
  0x60000000-0x60801000 rwx [stack]
[registers]
   fs 0x0000000000007ee0   rbx 0x00000000607fe760   rsi 0x00000000607fe89c   r11 0x0000000000000000 
   gs 0x0000000000000000   rcx 0x0000000000000000    r8 0x00000000607fe760   r12 0x00000000607fed70 
  rax 0x0000000000000016   rdi 0x0000000000000001    r9 0x0000000000000000   r13 0x00000000000003e9 
  rbp 0x00000000607f0000   rdx 0x0000000000000000   r10 0x0000000000000008   r14 0x0000000000000002 
                           r15 0x0000000000000014       0x0000000000000000       0x0000000000000000 
[stacktrace]
  0x400194 
  0x4a0566 
  0x4a0706 
  0x4007b0 
  0x400aa8 
  0x40048f 
  0x400766 
  0x40048f 
  0x4004ac 
  0x4002a9 
  0x400454 
  0x401bef 
  0x4b8358 
  0x4b5c7b 
  0x4b5b62 
panic: Invalid memory read (UC_ERR_READ_UNMAPPED)

Unicorn was compiled with no custom CFLAGS and busybox-armv5 seems unaffected.

lunixbochs commented 8 years ago

I believe they changed the way segments are handled (there's actually a GDT now), so I need to update for that

MagaTailor commented 8 years ago

Hi again, I haven't been following the developments for a while - what's the situation re unicorn? And besides, any use revisiting some of my old glshim issues?

Thx

lunixbochs commented 8 years ago

x86-64 guest support is almost fixed. If you look at the glshim commit history I've been working on texgen which is 100% for foobillardplus.

lunixbochs commented 8 years ago

x86_64 linux is fixed for me in the latest unstable. can you confirm?

MagaTailor commented 8 years ago

Alright, I had some old includes but this looks like 64-bit-only stuff:

# github.com/unicorn-engine/unicorn/bindings/go/unicorn
../go/src/github.com/unicorn-engine/unicorn/bindings/go/unicorn/unicorn.go:123: type [1073741824]C.struct_uc_mem_region larger than address space
../go/src/github.com/unicorn-engine/unicorn/bindings/go/unicorn/unicorn.go:123: type [1073741824]C.struct_uc_mem_region too large
lunixbochs commented 8 years ago

Can you apply this commit and make sure it fixes the problem before I PR upstream? https://github.com/lunixbochs/unicorn/commit/2a9a794bffa30402819cd9873577ecc2f424288d

MagaTailor commented 8 years ago

Leads to some more errors:

# github.com/lunixbochs/usercorn/go/kernel/linux/unpack
../go/src/github.com/lunixbochs/usercorn/go/kernel/linux/unpack/mmap_linux.go:12: undefined: syscall.MAP_32BIT
../go/src/github.com/lunixbochs/usercorn/go/kernel/linux/unpack/mmap_linux.go:20: undefined: syscall.MAP_STACK
../go/src/github.com/lunixbochs/usercorn/go/kernel/linux/unpack/mmap_linux.go:21: undefined: syscall.MAP_HUGETLB
lunixbochs commented 8 years ago

I'll fix that up tonight, looks like the Unicorn fix worked though.

MagaTailor commented 8 years ago

It did - the funny thing is I'd already hit a problem like that before:

https://github.com/pijul/pijul/issues/2#issuecomment-180233469

lunixbochs commented 8 years ago

What's your Go / Linux version? I don't have that error with Go 1.6 on a 32-bit Ubuntu 14.04 install.

MagaTailor commented 8 years ago

It's go 1.5.3 bootstrapped on Arm Linux.

lunixbochs commented 8 years ago

Try on latest unstable.

MagaTailor commented 8 years ago

All's fine again, including x86_64 emulation.