search

qilingframework / qiling

A True Instrumentable Binary Emulation Framework
https://qiling.io
GNU General Public License v2.0
5.07k stars 739 forks source link

运行system函数出现崩溃 #1369

Open tower111 opened 1 year ago

tower111 commented 1 year ago

*Describe the bug 当我运行arm架构程序,在程序执行到system函数的时候出现了崩溃,这好像是子进程的问题,有办法解决吗

[x] Syscall ERROR: ql_syscall_clone DEBUG: 'NoneType' object has no attribute 'cur_thread' Traceback (most recent call last): File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, *params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/sched.py", line 46, in ql_syscall_clone f_th = ql.os.thread_management.cur_thread AttributeError: 'NoneType' object has no attribute 'cur_thread' Traceback (most recent call last): File "./qilingstart.py", line 79, in <module> ql.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 595, in run self.os.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 184, in run self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(*args, **kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, *args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, *params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/sched.py", line 46, in ql_syscall_clone f_th = ql.os.thread_management.cur_thread AttributeError: 'NoneType' object has no attribute 'cur_thread'

tower111 commented 1 year ago

在添加multithread=True参数之后,没有了这个问题,但是有了其他问题,这是我gdb调试出现的问题,在程序运行到这里的时候qiling崩溃了 image image

tower111 commented 1 year ago

如果不开启gdb调试,报错如下,让人很懵 `[+] [Thread 2000] Received interrupt: 0x2 [+] [Thread 2000] write() CONTENT: b'/etc/conf.d/boa\n' [x] [Thread 2000] Syscall ERROR: ql_syscall_write DEBUG: [Errno 9] Bad file descriptor Traceback (most recent call last): File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 410, in ql_syscall_write f.write(data) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/filestruct.py", line 44, in write return os.write(self.__fd, write_buf) OSError: [Errno 9] Bad file descriptor [+] [Thread 2000] [Thread Manager] Stop the world. [+] [Thread 2000] [Thread Manager] Thread IDs: {2000} [+] [Thread 2000] [Thread Manager] Thread IDs: set() [+] [Thread 2000] [Thread Manager] Stop the world. Traceback (most recent call last): File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(args, *kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, *params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 410, in ql_syscall_write f.write(data) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/filestruct.py", line 44, in write return os.write(self.__fd, write_buf) OSError: [Errno 9] Bad file descriptor 2023-08-08T04:00:16Z <QlLinuxARMThread at 0x7fb95932f9a0: _run> failed with OSError

[x] [Thread 2000] Syscall ERROR: ql_syscall_execve DEBUG: [Errno 9] Bad file descriptor Traceback (most recent call last): File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 623, in ql_syscall_execve ql.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 595, in run self.os.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 164, in run thread_management.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 618, in run gevent.joinall([self.main_thread], raise_error=True) File "src/gevent/greenlet.py", line 1065, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 1081, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 373, in gevent._gevent_cgreenlet.Greenlet._raise_exception File "/usr/local/lib/python3.8/dist-packages/gevent/_compat.py", line 48, in reraise raise value.with_traceback(tb) File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(args, kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 410, in ql_syscall_write f.write(data) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/filestruct.py", line 44, in write return os.write(self.__fd, write_buf) OSError: [Errno 9] Bad file descriptor [+] [Thread 2000] [Thread Manager] Stop the world. Traceback (most recent call last): File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(*args, *kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 623, in ql_syscall_execve ql.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 595, in run self.os.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 164, in run thread_management.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 618, in run gevent.joinall([self.main_thread], raise_error=True) File "src/gevent/greenlet.py", line 1065, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 1081, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 373, in gevent._gevent_cgreenlet.Greenlet._raise_exception File "/usr/local/lib/python3.8/dist-packages/gevent/_compat.py", line 48, in reraise raise value.with_traceback(tb) File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(args, kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 410, in ql_syscall_write f.write(data) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/filestruct.py", line 44, in write return os.write(self.__fd, write_buf) OSError: [Errno 9] Bad file descriptor 2023-08-08T04:00:16Z <QlLinuxARMThread at 0x7fb95932f7c0: _run> failed with OSError

Traceback (most recent call last): File "./qilingstart.py", line 79, in ql.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 595, in run self.os.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 164, in run thread_management.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 618, in run gevent.joinall([self.main_thread], raise_error=True) File "src/gevent/greenlet.py", line 1065, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 1081, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 373, in gevent._gevent_cgreenlet.Greenlet._raise_exception File "/usr/local/lib/python3.8/dist-packages/gevent/_compat.py", line 48, in reraise raise value.with_traceback(tb) File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(*args, *kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 623, in ql_syscall_execve ql.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 595, in run self.os.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 164, in run thread_management.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 618, in run gevent.joinall([self.main_thread], raise_error=True) File "src/gevent/greenlet.py", line 1065, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 1081, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 373, in gevent._gevent_cgreenlet.Greenlet._raise_exception File "/usr/local/lib/python3.8/dist-packages/gevent/_compat.py", line 48, in reraise raise value.with_traceback(tb) File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(args, *kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, *params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 410, in ql_syscall_write f.write(data) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/filestruct.py", line 44, in write return os.write(self.__fd, write_buf) OSError: [Errno 9] Bad file descriptor [+] [Thread 2000] 0x9007bf30: wait4(pid = 0xd8cb5, wstatus = 0x7ff3bbd4, options = 0x0, rusage = 0x0) = 0xd8cb5 [+] [Thread 2000] Received interrupt: 0x2 [+] [Thread 2000] 0x9007b930: rt_sigaction(signum = 0x2, act = 0x900c5228, oldact = 0x0) = 0x0 [+] [Thread 2000] Received interrupt: 0x2 [+] [Thread 2000] 0x9007b930: rt_sigaction(signum = 0x3, act = 0x7ff3bb8c, oldact = 0x0) = 0x0 [+] [Thread 2000] Received interrupt: 0x2 [+] [Thread 2000] 0x9007b3ac: rt_sigprocmask(how = 0x2, nset = 0x7ff3bbbc, oset = 0x0, sigsetsize = 0x8) = 0x0 [x] [Thread 2000] CPU Context: [x] [Thread 2000] r0 : 0x100 [x] [Thread 2000] r1 : 0x0 [x] [Thread 2000] r2 : 0x900c5220 [x] [Thread 2000] r3 : 0x1 [x] [Thread 2000] r4 : 0x61616161 [x] [Thread 2000] r5 : 0x61616161 [x] [Thread 2000] r6 : 0x61616161 [x] [Thread 2000] r7 : 0x61616161 [x] [Thread 2000] r8 : 0x61616161 [x] [Thread 2000] r9 : 0x61616161 [x] [Thread 2000] r10 : 0x61616161 [x] [Thread 2000] r11 : 0x61616161 [x] [Thread 2000] r12 : 0x2 [x] [Thread 2000] sp : 0x7ff3bc18 [x] [Thread 2000] lr : 0x900b48c4 [x] [Thread 2000] pc : 0x18474 [x] [Thread 2000] cpsr : 0x600001d3 [x] [Thread 2000] c1_c0_2 : 0x0 [x] [Thread 2000] c13_c0_3 : 0x90001430 [x] [Thread 2000] fpexc : 0x40000000 [x] [Thread 2000] d0 : 0x0 [x] [Thread 2000] d1 : 0x0 [x] [Thread 2000] d2 : 0x0 [x] [Thread 2000] d3 : 0x0 [x] [Thread 2000] d4 : 0x0 [x] [Thread 2000] d5 : 0x0 [x] [Thread 2000] d6 : 0x0 [x] [Thread 2000] d7 : 0x0 [x] [Thread 2000] d8 : 0x0 [x] [Thread 2000] d9 : 0x0 [x] [Thread 2000] d10 : 0x0 [x] [Thread 2000] d11 : 0x0 [x] [Thread 2000] d12 : 0x0 [x] [Thread 2000] d13 : 0x0 [x] [Thread 2000] d14 : 0x0 [x] [Thread 2000] d15 : 0x0 [x] [Thread 2000] d16 : 0x0 [x] [Thread 2000] d17 : 0x0 [x] [Thread 2000] d18 : 0x0 [x] [Thread 2000] d19 : 0x0 [x] [Thread 2000] d20 : 0x0 [x] [Thread 2000] d21 : 0x0 [x] [Thread 2000] d22 : 0x0 [x] [Thread 2000] d23 : 0x0 [x] [Thread 2000] d24 : 0x0 [x] [Thread 2000] d25 : 0x0 [x] [Thread 2000] d26 : 0x0 [x] [Thread 2000] d27 : 0x0 [x] [Thread 2000] d28 : 0x0 [x] [Thread 2000] d29 : 0x0 [x] [Thread 2000] d30 : 0x0 [x] [Thread 2000] d31 : 0x0 [x] [Thread 2000] fpscr : 0x0 [x] [Thread 2000] q0 : 0x0 [x] [Thread 2000] q1 : 0x0 [x] [Thread 2000] q2 : 0x0 [x] [Thread 2000] q3 : 0x0 [x] [Thread 2000] q4 : 0x0 [x] [Thread 2000] q5 : 0x0 [x] [Thread 2000] q6 : 0x0 [x] [Thread 2000] q7 : 0x0 [x] [Thread 2000] q8 : 0x0 [x] [Thread 2000] q9 : 0x0 [x] [Thread 2000] q10 : 0x0 [x] [Thread 2000] q11 : 0x0 [x] [Thread 2000] q12 : 0x0 [x] [Thread 2000] q13 : 0x0 [x] [Thread 2000] q14 : 0x0 [x] [Thread 2000] q15 : 0x0 [x] [Thread 2000] s0 : 0x0 [x] [Thread 2000] s1 : 0x0 [x] [Thread 2000] s2 : 0x0 [x] [Thread 2000] s3 : 0x0 [x] [Thread 2000] s4 : 0x0 [x] [Thread 2000] s5 : 0x0 [x] [Thread 2000] s6 : 0x0 [x] [Thread 2000] s7 : 0x0 [x] [Thread 2000] s8 : 0x0 [x] [Thread 2000] s9 : 0x0 [x] [Thread 2000] s10 : 0x0 [x] [Thread 2000] s11 : 0x0 [x] [Thread 2000] s12 : 0x0 [x] [Thread 2000] s13 : 0x0 [x] [Thread 2000] s14 : 0x0 [x] [Thread 2000] s15 : 0x0 [x] [Thread 2000] s16 : 0x0 [x] [Thread 2000] s17 : 0x0 [x] [Thread 2000] s18 : 0x0 [x] [Thread 2000] s19 : 0x0 [x] [Thread 2000] s20 : 0x0 [x] [Thread 2000] s21 : 0x0 [x] [Thread 2000] s22 : 0x0 [x] [Thread 2000] s23 : 0x0 [x] [Thread 2000] s24 : 0x0 [x] [Thread 2000] s25 : 0x0 [x] [Thread 2000] s26 : 0x0 [x] [Thread 2000] s27 : 0x0 [x] [Thread 2000] s28 : 0x0 [x] [Thread 2000] s29 : 0x0 [x] [Thread 2000] s30 : 0x0 [x] [Thread 2000] s31 : 0x0 [x] [Thread 2000] Hexdump: [x] [Thread 2000] 1c 27 96 e5 10 12 9f e5 [x] [Thread 2000] Disassembly: [=] [Thread 2000] 00018474 [httpd + 0x010474] 1c 27 96 e5 ldr r2, [r6, #0x71c] [=] [Thread 2000] 00018478 [httpd + 0x010478] 10 12 9f e5 ldr r1, [pc, #0x210] [=] [Thread 2000] 0001847c [httpd + 0x01047c] c2 3f a0 e1 asr r3, r2, #0x1f [=] [Thread 2000] 00018480 [httpd + 0x010480] 92 01 c1 e0 smull r0, r1, r2, r1 [=] [Thread 2000] 00018484 [httpd + 0x010484] c1 31 63 e0 rsb r3, r3, r1, asr #3 [=] [Thread 2000] 00018488 [httpd + 0x010488] 03 31 83 e0 add r3, r3, r3, lsl #2 [=] [Thread 2000] 0001848c [httpd + 0x01048c] 03 31 42 e0 sub r3, r2, r3, lsl #2 [=] [Thread 2000] 00018490 [httpd + 0x010490] 1c 37 86 e5 str r3, [r6, #0x71c] [=] [Thread 2000] 00018494 [httpd + 0x010494] 43 ff ff ea b #0x181a8 [=] [Thread 2000] 00018498 [httpd + 0x010498] 04 00 a0 e1 mov r0, r4 [=] [Thread 2000] 0001849c [httpd + 0x01049c] 76 f7 ff eb bl #0x1627c [=] [Thread 2000] 000184a0 [httpd + 0x0104a0] 40 30 94 e5 ldr r3, [r4, #0x40] [=] [Thread 2000] 000184a4 [httpd + 0x0104a4] 44 20 94 e5 ldr r2, [r4, #0x44] [=] [Thread 2000] 000184a8 [httpd + 0x0104a8] b4 11 9f e5 ldr r1, [pc, #0x1b4] [=] [Thread 2000] 000184ac [httpd + 0x0104ac] 02 20 63 e0 rsb r2, r3, r2 [=] [Thread 2000] 000184b0 [httpd + 0x0104b0] 00 00 91 e5 ldr r0, [r1] [x] [Thread 2000] PC = 0x00018474 (/media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/usr/sbin/httpd + 0x10474)

[x] [Thread 2000] Memory map: [x] [Thread 2000] Start End Perm Label Image [x] [Thread 2000] 0000001000 - 0000002000 rwx my_hook [x] [Thread 2000] 0000008000 - 000002a000 r-x httpd /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/usr/sbin/httpd [x] [Thread 2000] 0000031000 - 000003f000 rw- httpd /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/usr/sbin/httpd [x] [Thread 2000] 000003f000 - 0000041000 rwx [hook_mem] [x] [Thread 2000] 0000041000 - 0000042000 rwx [brk] [x] [Thread 2000] 0000042000 - 0000043000 rwx [brk] [x] [Thread 2000] 0000043000 - 0000044000 rwx [brk] [x] [Thread 2000] 0000044000 - 0000045000 rwx [brk] [x] [Thread 2000] 0000045000 - 0000046000 rwx [brk] [x] [Thread 2000] 0000046000 - 0000047000 rwx [brk] [x] [Thread 2000] 0000047000 - 000004f000 rwx [brk] [x] [Thread 2000] 00047ba000 - 00047c0000 r-x ld-uClibc.so.0 /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/lib/ld-uClibc-0.9.33.3-git.so [x] [Thread 2000] 00047c7000 - 00047c8000 r-- ld-uClibc.so.0 /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/lib/ld-uClibc-0.9.33.3-git.so [x] [Thread 2000] 00047c8000 - 00047c9000 rw- ld-uClibc.so.0 /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/lib/ld-uClibc-0.9.33.3-git.so [x] [Thread 2000] 007ff0d000 - 007ff3d000 rwx [stack] [x] [Thread 2000] 0090000000 - 0090001000 rw- [mmap anonymous] [x] [Thread 2000] 0090001000 - 0090002000 rw- [mmap anonymous] [x] [Thread 2000] 0090002000 - 0090004000 r-x [mmap] libxmlsparser.so.1.1.0.0 [x] [Thread 2000] 0090004000 - 009000b000 --- [mmap anonymous] [x] [Thread 2000] 009000b000 - 009000c000 rw- [mmap] libxmlsparser.so.1.1.0.0 [x] [Thread 2000] 009000c000 - 0090012000 r-x [mmap] libaccount.so.1.0.0.4 [x] [Thread 2000] 0090012000 - 0090019000 --- [mmap anonymous] [x] [Thread 2000] 0090019000 - 009001a000 rw- [mmap] libaccount.so.1.0.0.4 [x] [Thread 2000] 009001a000 - 0090020000 r-x [mmap] libmessage.so.1.0.1.23 [x] [Thread 2000] 0090020000 - 0090027000 --- [mmap anonymous] [x] [Thread 2000] 0090027000 - 0090028000 rw- [mmap] libmessage.so.1.0.1.23 [x] [Thread 2000] 0090028000 - 0090047000 r-x [mmap] libexpat.so.1.5.2.0 [x] [Thread 2000] 0090047000 - 009004e000 --- [mmap anonymous] [x] [Thread 2000] 009004e000 - 0090050000 rw- [mmap] libexpat.so.1.5.2.0 [x] [Thread 2000] 0090050000 - 0090053000 r-x [mmap] libcrypt-0.9.33.3-git.so [x] [Thread 2000] 0090053000 - 009005a000 --- [mmap anonymous] [x] [Thread 2000] 009005a000 - 009005b000 r-- [mmap] libcrypt-0.9.33.3-git.so [x] [Thread 2000] 009005b000 - 009006d000 rw- [mmap anonymous] [x] [Thread 2000] 009006d000 - 00900b9000 r-x [mmap] libuClibc-0.9.33.3-git.so [x] [Thread 2000] 00900b9000 - 00900c0000 --- [mmap anonymous] [x] [Thread 2000] 00900c0000 - 00900c1000 r-- [mmap] libuClibc-0.9.33.3-git.so [x] [Thread 2000] 00900c1000 - 00900c2000 rw- [mmap] libuClibc-0.9.33.3-git.so [x] [Thread 2000] 00900c2000 - 00900c6000 rw- [mmap anonymous] [x] [Thread 2000] 00900c6000 - 00900e4000 r-x [mmap] libgcc_s.so.1 [x] [Thread 2000] 00900e4000 - 00900eb000 --- [mmap anonymous] [x] [Thread 2000] 00900eb000 - 00900ec000 rw- [mmap] libgcc_s.so.1 [x] [Thread 2000] 00ffff0000 - 00ffff1000 rwx [arm_traps] [x] [Thread 2000] Traceback (most recent call last): File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 769, in emu_start self.uc.emu_start(begin, end, timeout, count) File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 547, in emu_start raise UcError(status) unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED) Traceback (most recent call last): File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 246, in _run raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 769, in emu_start self.uc.emu_start(begin, end, timeout, count) File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 547, in emu_start raise UcError(status) unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED) 2023-08-08T04:00:17Z <QlLinuxARMThread at 0x7fb95932f7c0: _run> failed with UcError

[x] [Thread 2000] CPU Context: [x] [Thread 2000] r0 : 0x100 [x] [Thread 2000] r1 : 0x0 [x] [Thread 2000] r2 : 0x900c5220 [x] [Thread 2000] r3 : 0x1 [x] [Thread 2000] r4 : 0x61616161 [x] [Thread 2000] r5 : 0x61616161 [x] [Thread 2000] r6 : 0x61616161 [x] [Thread 2000] r7 : 0x61616161 [x] [Thread 2000] r8 : 0x61616161 [x] [Thread 2000] r9 : 0x61616161 [x] [Thread 2000] r10 : 0x61616161 [x] [Thread 2000] r11 : 0x61616161 [x] [Thread 2000] r12 : 0x2 [x] [Thread 2000] sp : 0x7ff3bc18 [x] [Thread 2000] lr : 0x900b48c4 [x] [Thread 2000] pc : 0x18474 [x] [Thread 2000] cpsr : 0x600001d3 [x] [Thread 2000] c1_c0_2 : 0x0 [x] [Thread 2000] c13_c0_3 : 0x90001430 [x] [Thread 2000] fpexc : 0x40000000 [x] [Thread 2000] d0 : 0x0 [x] [Thread 2000] d1 : 0x0 [x] [Thread 2000] d2 : 0x0 [x] [Thread 2000] d3 : 0x0 [x] [Thread 2000] d4 : 0x0 [x] [Thread 2000] d5 : 0x0 [x] [Thread 2000] d6 : 0x0 [x] [Thread 2000] d7 : 0x0 [x] [Thread 2000] d8 : 0x0 [x] [Thread 2000] d9 : 0x0 [x] [Thread 2000] d10 : 0x0 [x] [Thread 2000] d11 : 0x0 [x] [Thread 2000] d12 : 0x0 [x] [Thread 2000] d13 : 0x0 [x] [Thread 2000] d14 : 0x0 [x] [Thread 2000] d15 : 0x0 [x] [Thread 2000] d16 : 0x0 [x] [Thread 2000] d17 : 0x0 [x] [Thread 2000] d18 : 0x0 [x] [Thread 2000] d19 : 0x0 [x] [Thread 2000] d20 : 0x0 [x] [Thread 2000] d21 : 0x0 [x] [Thread 2000] d22 : 0x0 [x] [Thread 2000] d23 : 0x0 [x] [Thread 2000] d24 : 0x0 [x] [Thread 2000] d25 : 0x0 [x] [Thread 2000] d26 : 0x0 [x] [Thread 2000] d27 : 0x0 [x] [Thread 2000] d28 : 0x0 [x] [Thread 2000] d29 : 0x0 [x] [Thread 2000] d30 : 0x0 [x] [Thread 2000] d31 : 0x0 [x] [Thread 2000] fpscr : 0x0 [x] [Thread 2000] q0 : 0x0 [x] [Thread 2000] q1 : 0x0 [x] [Thread 2000] q2 : 0x0 [x] [Thread 2000] q3 : 0x0 [x] [Thread 2000] q4 : 0x0 [x] [Thread 2000] q5 : 0x0 [x] [Thread 2000] q6 : 0x0 [x] [Thread 2000] q7 : 0x0 [x] [Thread 2000] q8 : 0x0 [x] [Thread 2000] q9 : 0x0 [x] [Thread 2000] q10 : 0x0 [x] [Thread 2000] q11 : 0x0 [x] [Thread 2000] q12 : 0x0 [x] [Thread 2000] q13 : 0x0 [x] [Thread 2000] q14 : 0x0 [x] [Thread 2000] q15 : 0x0 [x] [Thread 2000] s0 : 0x0 [x] [Thread 2000] s1 : 0x0 [x] [Thread 2000] s2 : 0x0 [x] [Thread 2000] s3 : 0x0 [x] [Thread 2000] s4 : 0x0 [x] [Thread 2000] s5 : 0x0 [x] [Thread 2000] s6 : 0x0 [x] [Thread 2000] s7 : 0x0 [x] [Thread 2000] s8 : 0x0 [x] [Thread 2000] s9 : 0x0 [x] [Thread 2000] s10 : 0x0 [x] [Thread 2000] s11 : 0x0 [x] [Thread 2000] s12 : 0x0 [x] [Thread 2000] s13 : 0x0 [x] [Thread 2000] s14 : 0x0 [x] [Thread 2000] s15 : 0x0 [x] [Thread 2000] s16 : 0x0 [x] [Thread 2000] s17 : 0x0 [x] [Thread 2000] s18 : 0x0 [x] [Thread 2000] s19 : 0x0 [x] [Thread 2000] s20 : 0x0 [x] [Thread 2000] s21 : 0x0 [x] [Thread 2000] s22 : 0x0 [x] [Thread 2000] s23 : 0x0 [x] [Thread 2000] s24 : 0x0 [x] [Thread 2000] s25 : 0x0 [x] [Thread 2000] s26 : 0x0 [x] [Thread 2000] s27 : 0x0 [x] [Thread 2000] s28 : 0x0 [x] [Thread 2000] s29 : 0x0 [x] [Thread 2000] s30 : 0x0 [x] [Thread 2000] s31 : 0x0 [x] [Thread 2000] Hexdump: [x] [Thread 2000] 1c 27 96 e5 10 12 9f e5 [x] [Thread 2000] Disassembly: [=] [Thread 2000] 00018474 [httpd + 0x010474] 1c 27 96 e5 ldr r2, [r6, #0x71c] [=] [Thread 2000] 00018478 [httpd + 0x010478] 10 12 9f e5 ldr r1, [pc, #0x210] [=] [Thread 2000] 0001847c [httpd + 0x01047c] c2 3f a0 e1 asr r3, r2, #0x1f [=] [Thread 2000] 00018480 [httpd + 0x010480] 92 01 c1 e0 smull r0, r1, r2, r1 [=] [Thread 2000] 00018484 [httpd + 0x010484] c1 31 63 e0 rsb r3, r3, r1, asr #3 [=] [Thread 2000] 00018488 [httpd + 0x010488] 03 31 83 e0 add r3, r3, r3, lsl #2 [=] [Thread 2000] 0001848c [httpd + 0x01048c] 03 31 42 e0 sub r3, r2, r3, lsl #2 [=] [Thread 2000] 00018490 [httpd + 0x010490] 1c 37 86 e5 str r3, [r6, #0x71c] [=] [Thread 2000] 00018494 [httpd + 0x010494] 43 ff ff ea b #0x181a8 [=] [Thread 2000] 00018498 [httpd + 0x010498] 04 00 a0 e1 mov r0, r4 [=] [Thread 2000] 0001849c [httpd + 0x01049c] 76 f7 ff eb bl #0x1627c [=] [Thread 2000] 000184a0 [httpd + 0x0104a0] 40 30 94 e5 ldr r3, [r4, #0x40] [=] [Thread 2000] 000184a4 [httpd + 0x0104a4] 44 20 94 e5 ldr r2, [r4, #0x44] [=] [Thread 2000] 000184a8 [httpd + 0x0104a8] b4 11 9f e5 ldr r1, [pc, #0x1b4] [=] [Thread 2000] 000184ac [httpd + 0x0104ac] 02 20 63 e0 rsb r2, r3, r2 [=] [Thread 2000] 000184b0 [httpd + 0x0104b0] 00 00 91 e5 ldr r0, [r1] [x] [Thread 2000] PC = 0x00018474 (/media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/usr/sbin/httpd + 0x10474)

[x] [Thread 2000] Memory map: [x] [Thread 2000] Start End Perm Label Image [x] [Thread 2000] 0000001000 - 0000002000 rwx my_hook [x] [Thread 2000] 0000008000 - 000002a000 r-x httpd /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/usr/sbin/httpd [x] [Thread 2000] 0000031000 - 000003f000 rw- httpd /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/usr/sbin/httpd [x] [Thread 2000] 000003f000 - 0000041000 rwx [hook_mem] [x] [Thread 2000] 0000041000 - 0000042000 rwx [brk] [x] [Thread 2000] 0000042000 - 0000043000 rwx [brk] [x] [Thread 2000] 0000043000 - 0000044000 rwx [brk] [x] [Thread 2000] 0000044000 - 0000045000 rwx [brk] [x] [Thread 2000] 0000045000 - 0000046000 rwx [brk] [x] [Thread 2000] 0000046000 - 0000047000 rwx [brk] [x] [Thread 2000] 0000047000 - 000004f000 rwx [brk] [x] [Thread 2000] 00047ba000 - 00047c0000 r-x ld-uClibc.so.0 /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/lib/ld-uClibc-0.9.33.3-git.so [x] [Thread 2000] 00047c7000 - 00047c8000 r-- ld-uClibc.so.0 /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/lib/ld-uClibc-0.9.33.3-git.so [x] [Thread 2000] 00047c8000 - 00047c9000 rw- ld-uClibc.so.0 /media/psf/Home/Desktop/aiwencode/loudong_liyong/Vivotek/squashfs-root/lib/ld-uClibc-0.9.33.3-git.so [x] [Thread 2000] 007ff0d000 - 007ff3d000 rwx [stack] [x] [Thread 2000] 0090000000 - 0090001000 rw- [mmap anonymous] [x] [Thread 2000] 0090001000 - 0090002000 rw- [mmap anonymous] [x] [Thread 2000] 0090002000 - 0090004000 r-x [mmap] libxmlsparser.so.1.1.0.0 [x] [Thread 2000] 0090004000 - 009000b000 --- [mmap anonymous] [x] [Thread 2000] 009000b000 - 009000c000 rw- [mmap] libxmlsparser.so.1.1.0.0 [x] [Thread 2000] 009000c000 - 0090012000 r-x [mmap] libaccount.so.1.0.0.4 [x] [Thread 2000] 0090012000 - 0090019000 --- [mmap anonymous] [x] [Thread 2000] 0090019000 - 009001a000 rw- [mmap] libaccount.so.1.0.0.4 [x] [Thread 2000] 009001a000 - 0090020000 r-x [mmap] libmessage.so.1.0.1.23 [x] [Thread 2000] 0090020000 - 0090027000 --- [mmap anonymous] [x] [Thread 2000] 0090027000 - 0090028000 rw- [mmap] libmessage.so.1.0.1.23 [x] [Thread 2000] 0090028000 - 0090047000 r-x [mmap] libexpat.so.1.5.2.0 [x] [Thread 2000] 0090047000 - 009004e000 --- [mmap anonymous] [x] [Thread 2000] 009004e000 - 0090050000 rw- [mmap] libexpat.so.1.5.2.0 [x] [Thread 2000] 0090050000 - 0090053000 r-x [mmap] libcrypt-0.9.33.3-git.so [x] [Thread 2000] 0090053000 - 009005a000 --- [mmap anonymous] [x] [Thread 2000] 009005a000 - 009005b000 r-- [mmap] libcrypt-0.9.33.3-git.so [x] [Thread 2000] 009005b000 - 009006d000 rw- [mmap anonymous] [x] [Thread 2000] 009006d000 - 00900b9000 r-x [mmap] libuClibc-0.9.33.3-git.so [x] [Thread 2000] 00900b9000 - 00900c0000 --- [mmap anonymous] [x] [Thread 2000] 00900c0000 - 00900c1000 r-- [mmap] libuClibc-0.9.33.3-git.so [x] [Thread 2000] 00900c1000 - 00900c2000 rw- [mmap] libuClibc-0.9.33.3-git.so [x] [Thread 2000] 00900c2000 - 00900c6000 rw- [mmap anonymous] [x] [Thread 2000] 00900c6000 - 00900e4000 r-x [mmap] libgcc_s.so.1 [x] [Thread 2000] 00900e4000 - 00900eb000 --- [mmap anonymous] [x] [Thread 2000] 00900eb000 - 00900ec000 rw- [mmap] libgcc_s.so.1 [x] [Thread 2000] 00ffff0000 - 00ffff1000 rwx [arm_traps] Traceback (most recent call last): File "./qilingstart.py", line 79, in ql.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 595, in run self.os.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 164, in run thread_management.run() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 618, in run gevent.joinall([self.main_thread], raise_error=True) File "src/gevent/greenlet.py", line 1065, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 1081, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 373, in gevent._gevent_cgreenlet.Greenlet._raise_exception File "/usr/local/lib/python3.8/dist-packages/gevent/_compat.py", line 48, in reraise raise value.with_traceback(tb) File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet.Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 246, in _run raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 769, in emu_start self.uc.emu_start(begin, end, timeout, count) File "/usr/local/lib/python3.8/dist-packages/unicorn/unicorn.py", line 547, in emu_start raise UcError(status) unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)`

tower111 commented 1 year ago

我加入了write syscall的监控,定位到了这里,看起来好像是在输出的时候除了问题,但是前面的write 1就能正常执行 这是正常的write 1 [write(1, 0x900c3400, 0x14)] bytearray(b'sendto() fail 0!=61\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') 这是报错的write 1 报错的write 1 是execve系统调用里面的

system cmd : bytearray(b'/bin/sh\x00') system cmd : bytearray(b'-c\x00/dev/') system cmd : bytearray(b'pwd;pwd;') [read(6, 0x90001000, 0x1000)] bytearray(b'\x7fELF\x01\x01\x01\x00') [read(6, 0x90001000, 0x1000)] bytearray(b'\x7fELF\x01\x01\x01\x00') [read(6, 0x90001000, 0x1000)] bytearray(b'\x7fELF\x01\x01\x01\x00') [read(6, 0x7ff3cb24, 0x4)] bytearray(b'\xe7T\xc7H\x00\x00\x00\x00') [write(1, 0x9008e400, 0x10)] bytearray(b'/etc/conf.d/boa\n\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00') [x] [Thread 2000] Syscall ERROR: ql_syscall_write DEBUG: [Errno 9] Bad file descriptor Traceback (most recent call last): File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 410, in ql_syscall_write f.write(data) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/filestruct.py", line 44, in write return os.write(self.__fd, write_buf) OSError: [Errno 9] Bad file descriptor Traceback (most recent call last): File "src/gevent/greenlet.py", line 908, in gevent._gevent_cgreenlet. Greenlet.run File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 242, in _run self.ql.emu_start(start_address, self.exit_point, count=31337) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core.py", line 775, in emu_start raise self.internal_exception File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 127, in wrapper return callback(args, *kwargs) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks.py", line 170, in _hook_intr_cb ret = hook.call(ql, intno) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 25, in call return self.callback(ql, args) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall return self.load_syscall() File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 392, in load_syscall raise e File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 374, in load_syscall retval = syscall_hook(self.ql, *params) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/posix/syscall/unistd.py", line 410, in ql_syscall_write f.write(data) File "/home/tower/miniconda3/envs/iot/lib/python3.8/site-packages/qiling/os/filestruct.py", line 44, in write return os.write(self.__fd, write_buf) OSError: [Errno 9] Bad file descriptor 2023-08-09T10:11:15Z <QlLinuxARMThread at 0x7ffa3a04c2c0: _run> failed with OSError

tower111 commented 1 year ago

在删掉附加的环境变量之后,system命令执行成功了。

启动脚本前后对比如下 修复问题 ql = Qiling(["./squashfs-root/usr/sbin/httpd","-c", "/etc/conf.d/boa", "-d"], "squashfs-root",profile='./linux.ql', verbose=QL_VERBOSE.OFF, console = True ,multithread=True)#QL_VERBOSE.DEBUG)

有问题 env_vars = { "HOSTNAME": "ubuntu", }

ql = Qiling(["./squashfs-root/usr/sbin/httpd","-c", "/etc/conf.d/boa", "-d"], "squashfs-root",profile='./linux.ql',env=env_vars, verbose=QL_VERBOSE.OFF, console = True ,multithread=True)#QL_VERBOSE.DEBUG)