search

packing-box / docker-packing-box

Docker image gathering packers and tools for making datasets of packed executables and training machine learning models for packing detection
GNU General Public License v3.0
49 stars 10 forks source link

`dataset make` doesn't create any dataset #17

Closed smarbal closed 2 years ago

smarbal commented 2 years ago

When creating a dataset, the command is almost instantly terminated and does not produce any dataset : 

┌──[user@packing-box]──[/mnt/share]──[main|✓]────────                                                                                                                                                  
$ dataset -v make PE-upx-dataset -f PE -p upx -n 60
00:00:03.682 [INFO    ] dataset            - Source directories: 
00:00:03.682 [INFO    ] dataset            - Considered formats: PE64,PE32
00:00:03.682 [INFO    ] dataset            - Selected packers:   UPX
00:00:03.682 [INFO    ] dataset            - Searching for executables...
00:00:03.683 [WARNING ] dataset            - Found too few candidate executables
00:00:03.683 [DEBUG   ] dataset            - dropping duplicates...

┌──[user@packing-box]──[/mnt/share]──[main|✓]────────                                                                            
$ dataset list 
00:00:03.787 [WARNING] No dataset found in workspace (/home/user/.packing-box/datasets)
dhondta commented 2 years ago

@smarbal In a previous version of my Dockerfile that was not completely fixed, I disabled Wine's installation for faster testing of other functionalities. As the default source folder for finding executables for the PE format points to a folder of Wine's installation, it did not exist during your generation, as the first INFO line shows (no source directory found), hence generating no dataset as it could not include any executable (and when the tool instantiates a dataset that, at the end, has no executable, when saving it, it simply does not create anything as it has no sense to create an empty dataset). The fix is to git pull the latest Dockerfile.

smarbal commented 2 years ago

Hello @dhondta, I am quite sure I have used the latest Dockerfile. I deleted my local repository last night, re-cloned from this remote and executed git pull to be extra sure.

dhondta commented 2 years ago

If the issue persists, it means that no source directory is found for Wine (applicable for PE files) because the installation of Wine probably fails without error code during the build of the Dockerfile, which is more annoying. I'm fixing another issue of yours on the Dockerfile and should be able to update it within the hour. Stay tuned...

dhondta commented 2 years ago

@smarbal it appears that the line containing wineboot & which should have created ~/.wine (with the samples used by default for creating PE datasets) was not at the right place in the Dockerfile. It should be fixed now. I also added a check to trigger wineboot via the .bashrc to ensure that ~/.wine is indeed created.

smarbal commented 2 years ago

Hello @dhondta, I updated the box and don't encounter the issue anymore. Note that when starting the container, the terminal shows this : 

┌──[user@packing-box]──[/mnt/share]──[main|✓]────────                                                                                                                                                                                                                               
$ wine: created the configuration directory '/home/user/.wine'
002c:fixme:actctx:parse_depend_manifests Could not find dependent assembly L"Microsoft.Windows.Common-Controls" (6.0.0.0)
0050:fixme:actctx:parse_depend_manifests Could not find dependent assembly L"Microsoft.Windows.Common-Controls" (6.0.0.0)
004c:fixme:actctx:parse_depend_manifests Could not find dependent assembly L"Microsoft.Windows.Common-Controls" (6.0.0.0)
004c:err:ole:StdMarshalImpl_MarshalInterface Failed to create ifstub, hr 0x80004002
004c:err:ole:CoMarshalInterface Failed to marshal the interface {6d5140c1-7436-11ce-8034-00aa006009fa}, hr 0x80004002
004c:err:ole:apartment_get_local_server_stream Failed: 0x80004002
0050:err:ole:StdMarshalImpl_MarshalInterface Failed to create ifstub, hr 0x80004002
0050:err:ole:CoMarshalInterface Failed to marshal the interface {6d5140c1-7436-11ce-8034-00aa006009fa}, hr 0x80004002
0050:err:ole:apartment_get_local_server_stream Failed: 0x80004002
004c:err:ole:start_rpcss Failed to open RpcSs service
0050:fixme:imm:ImeSetActiveContext (0x2550c0, 0): stub
0050:fixme:imm:ImmReleaseContext (0000000000010020, 00000000002550C0): stub
002c:fixme:imm:ImeSetActiveContext (0x254740, 1): stub
002c:fixme:imm:ImmReleaseContext (0000000000010050, 0000000000254740): stub
0090:fixme:imm:ImeSetActiveContext (0x25eb10, 1): stub
0090:fixme:imm:ImmReleaseContext (0000000000010086, 000000000025EB10): stub

And later printed : 

0024:err:environ:run_wineboot boot event wait timed out
wine: could not load kernel32.dll, status c0000135

I was still able to build datasets though.