so I'm using ironstring to print the stack string of a sample, but the problem is the string shown in the summary don't have an address related to them, so i can't find them where in the binary they are easily, and there is no table being printed like shown in the readme, just a load of "DEBUG:root..." stuff and no table, what's the problem?
checked the flare emu python files as well and the default verbose is set to 0 so not sure what these DEBUG:root stuff is all about
here's the end of output :
...
DEBUG:root:target 0040B94C hit
DEBUG:root:we missed our target! bailing out of this function..
DEBUG:root:unmapped 0045D000 to 0045EFFF
DEBUG:root:mapping 00002000 bytes @0045D000
DEBUG:root:running on 0x43C3EE
DEBUG:root:getting paths to 0040E539, 1 of 1 targets
DEBUG:root:run #1, 1 targets remaining: 0040E539 (2 paths)
DEBUG:root:emulating path #1 of 2 from 0043C3EE to 0040E539 via basic blocks: [0, 1, 2, 3]
DEBUG:root:0040E515 is outside of block #0 (0043C3EE -> 0043C3F3), forcing PC to 0040E515
DEBUG:root:0040E538 is outside of block #1 (0040E515 -> 0040E51E), forcing PC to 0040E520
DEBUG:root:extracting stackstrings at checkpoint: 0x40E522, stacksize: 0x4
DEBUG:root:extracting global stackstrings at checkpoint: 0x40E522
DEBUG:root:extracting stackstrings at checkpoint: 0x40E52A, stacksize: 0xC
DEBUG:root:extracting global stackstrings at checkpoint: 0x40E52A
DEBUG:root:0040E538 is outside of block #2 (0040E520 -> 0040E537), forcing PC to 0040E538
DEBUG:root:target 0040E539 hit
DEBUG:root:we missed our target! bailing out of this function..
DEBUG:root:emulating path #2 of 2 from 0043C3EE to 0040E539 via basic blocks: [0, 1, 3]
DEBUG:root:0040E515 is outside of block #0 (0043C3EE -> 0043C3F3), forcing PC to 0040E515
DEBUG:root:0040E538 is outside of block #1 (0040E515 -> 0040E51E), forcing PC to 0040E538
DEBUG:root:target 0040E539 hit
DEBUG:root:we missed our target! bailing out of this function..
DEBUG:root:unmapped 0045D000 to 0045EFFF
DEBUG:root:mapping 00002000 bytes @0045D000
DEBUG:root:running on 0x43C3F8
DEBUG:root:getting paths to 0043C400, 1 of 2 targets
DEBUG:root:getting paths to 0043C406, 2 of 2 targets
DEBUG:root:run #1, 2 targets remaining: 0043C406 (1 paths)
DEBUG:root:emulating path #1 of 1 from 0043C3F8 to 0043C406 via basic blocks: [0, 1]
DEBUG:root:target 0043C400 found on the way to 0043C406
DEBUG:root:0043C406 is outside of block #0 (0043C3F8 -> 0043C400), forcing PC to 0043C406
DEBUG:root:target 0043C406 hit
DEBUG:root:run #2, 2 targets remaining: 0043C400 (1 paths)
DEBUG:root:emulating path #1 of 1 from 0043C3F8 to 0043C400 via basic blocks: [0]
DEBUG:root:target 0043C400 hit
DEBUG:root:unmapped 0045D000 to 0045EFFF
DEBUG:root:mapping 00002000 bytes @0045D000
ironstrings summary
------------------------
Ran successfully on 1296/1298 functions
Found 15 stackstrings
Commented 15 stackstrings
Encountered 2 errors
- Error analyzing function 0x410442: Invalid memory read (UC_ERR_READ_UNMAPPED)
- Error analyzing function 0x412C3E: Invalid memory read (UC_ERR_READ_UNMAPPED)
Recovered 10 unique stackstrings
------------------------
strings..
...
Finished ironstrings stackstring deobfuscation after 99.51 seconds
so I'm using ironstring to print the stack string of a sample, but the problem is the string shown in the summary don't have an address related to them, so i can't find them where in the binary they are easily, and there is no table being printed like shown in the readme, just a load of "DEBUG:root..." stuff and no table, what's the problem?
checked the flare emu python files as well and the default verbose is set to 0 so not sure what these DEBUG:root stuff is all about
here's the end of output :