search

mandiant / flare-ida

IDA Pro utilities from FLARE team
Apache License 2.0
2.15k stars 471 forks source link

Several errors of objc2_analyzer.py #124

Open mnrkbys opened 1 year ago

mnrkbys commented 1 year ago

I am testing objc2_analyzer.py against the following malware sample. SHA256: 8db4f17abc49da9dae124f5bf583d0645510765a6f7256d264c82c2b25becf8b

However, errors will be occurred like below:

ERROR:flare_emu:exception in _guidedHook @0002DB95: 'int' object is not subscriptable
ERROR:flare_emu:error handling API hook: Invalid argument (UC_ERR_ARG) @0002D453
exception in objc2AnalyzeHookX64 @0002D3D7: (<class 'NameError'>) name 'long' is not defined
exception in objc2AnalyzeHookX64 @0002D3D7: (<class 'NameError'>) name 'long' is not defined
ERROR:flare_emu:exception in _guidedHook @0002BFF6: 'EmuHelper' object has no attribute 'getIDBString'
ERROR:flare_emu:exception in _guidedHook @0002BEC9: 'EmuHelper' object has no attribute 'getIDBString'
ERROR:flare_emu:exception in _guidedHook @0002BE6E: 'EmuHelper' object has no attribute 'getIDBString'
ERROR:flare_emu:exception in _guidedHook @0002BDFE: 'EmuHelper' object has no attribute 'getIDBString'
ERROR:flare_emu:exception in _guidedHook @0002B861: 'EmuHelper' object has no attribute 'getIDBString'

This script calls flare-emu's EmuHelper.getIDBString() but getIDBString is not implemented. Perhaps this is a flare-emu's issue?

williballenthin commented 1 year ago

@jtbennett-fe would you take a peek?