search

qilingframework / qiling

A True Instrumentable Binary Emulation Framework
https://qiling.io
GNU General Public License v2.0
5.07k stars 739 forks source link

Does Ollvm de-flatten support android arm64? #1129

Open fa1conn opened 2 years ago

fa1conn commented 2 years ago

I can use the function normally on x64 platform,but It would be wrong on android arm64.

Traceback (most recent call last):
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 818, in activate
    self.action_handler.ql_handle_menu_action(self.action_type)
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 2124, in ql_handle_menu_action
    [x.handler() for x in self.menuitems if x.action == action]
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 2124, in <listcomp>
    [x.handler() for x in self.menuitems if x.action == action]
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 1868, in ql_deflat
    if not self._search_path():
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 1660, in _search_path
    ql.run(begin=self.deflatqlemu.ql_addr_from_ida(first_block.start_ea) + self.append, end=self.deflatqlemu.ql_addr_from_ida(first_block.end_ea), count=0xFFF)
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\core.py", line 730, in run
    self.os.run()
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\os\linux\linux.py", line 149, in run
    self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\core.py", line 883, in emu_start
    raise self._internal_exception
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\utils.py", line 159, in wrapper
    return func(*args, **kw)
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\core_hooks.py", line 59, in _hook_intr_cb
    raise QlErrorCoreHook("_hook_intr_cb : not handled")
qiling.exception.QlErrorCoreHook: _hook_intr_cb : not handled

I use the latest version of qiling,and error report would occur in all example on android arm64. It seem be the bug of qiling,or does it not support arm64?

wtdcode commented 2 years ago

It looks like a bug of Qiling itself, not the IDA plugin.

fa1conn commented 2 years ago

It looks like a bug of Qiling itself, not the IDA plugin. Yes,I also think so. But I‘m not familiar with the source code, so I can not fix it.

qiang commented 2 years ago

+1

chinggg commented 2 years ago

Can you provide the sample? I can try to fix it.

fa1conn commented 2 years ago

Can you provide the sample? I can try to fix it.

lib64_example.zip this is a simple sample,you can find ollvm in JNI_OnLoad function.

ljucovic commented 9 months ago

Have the same problem, with an MIPS binary. My output is

[+]     getdents64(0, /* 43 entries */, 0x1000) = 1185
[+]     0x0040365c: getdents64(fd = 0x0, dirp = 0x7ff3bc00, count = 0x1000) = 0x4a1
[+]     Received interrupt: 0xc

And the Error is same qiling.exception.QlErrorCoreHook: _hook_intr_cb : not handled