search

qilingframework / qiling

A True Instrumentable Binary Emulation Framework
https://qiling.io
GNU General Public License v2.0
5.06k stars 737 forks source link

Qiling fails to run Alpine Linux binaries #1441

Closed alexmullins closed 7 months ago

alexmullins commented 7 months ago

Describe the bug I am unable to run binaries from the standard docker alpine:3.18 image.

I extract the rootfs using docker export $CONTAINER_ID > alpine.tar and unpack it.

Below is the sample code I'm using to try to run the /sbin/apk binary to print its help message.

Sample Code

from qiling import Qiling
from qiling.const import QL_VERBOSE

def main():
    emu = Qiling(["sbin/apk", "--help"], ".", multithread=True, log_file="./qiling.log", verbose=QL_VERBOSE.DEBUG)
    emu.os.root = True
    emu.run()

if __name__ == "__main__":
    main()

Qiling fails with this traceback:

Traceback (most recent call last):
  File "~/docker-imgs/alpine/emu.py", line 22, in <module>
    main()
  File "~/docker-imgs/alpine/emu.py", line 18, in main
    emu.run()
  File "~/qiling/qiling/core.py", line 583, in run
    self.os.run()
  File "~/qiling/qiling/os/linux/linux.py", line 164, in run
    thread_management.run()
  File "~/qiling/qiling/os/linux/thread.py", line 607, in run
    previous_thread = self._prepare_lib_patch()
                      ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "~/qiling/qiling/os/linux/thread.py", line 587, in _prepare_lib_patch
    raise QlErrorExecutionStop('Dynamic library .init() failed!')
qiling.exception.QlErrorExecutionStop: Dynamic library .init() failed!

qiling-multithread.log

If I turn off multithread I get the following:

Traceback (most recent call last):
  File "~/docker-imgs/alpine/emu.py", line 22, in <module>
    main()
  File "~/docker-imgs/alpine/emu.py", line 18, in main
    emu.run()
  File "~/qiling/qiling/core.py", line 583, in run
    self.os.run()
  File "~/qiling/qiling/os/linux/linux.py", line 184, in run
    self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
  File "~/qiling/qiling/core.py", line 757, in emu_start
    self.uc.emu_start(begin, end, timeout, count)
  File "~/venv/qiling/lib/python3.12/site-packages/unicorn/unicorn.py", line 547, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)

qiling.log

Expected behavior Print out the help message for the apk binary.

Using qemu-x86_64 gives the following output:

$ qemu-x86_64 -L . sbin/apk --help

apk-tools 2.14.0, compiled for x86_64.

usage: apk [<OPTIONS>...] COMMAND [<ARGUMENTS>...]

Package installation and removal:
  add        Add packages to WORLD and commit changes
  del        Remove packages from WORLD and commit changes

System maintenance:
  fix        Fix, reinstall or upgrade packages without modifying WORLD
  update     Update repository indexes
  upgrade    Install upgrades available from repositories
  cache      Manage the local package cache

Querying package information:
  info       Give detailed information about packages or repositories
  list       List packages matching a pattern or other criteria
  dot        Render dependencies as graphviz graphs
  policy     Show repository policy for packages
  search     Search for packages by name or description

Repository maintenance:
  index      Create repository index file from packages
  fetch      Download packages from repositories to a local directory
  manifest   Show checksums of package contents
  verify     Verify package integrity and signature

Miscellaneous:
  audit      Audit system for changes
  stats      Show statistics about repositories and installations
  version    Compare package versions or perform tests on version strings

This apk has coffee making abilities.
For more information: man 8 apk

Additional context I'm on the qiling-dev branch.

alexmullins commented 7 months ago

The logs pointed to a missing file /etc/ld-musl-$ARCH.path. I created that with the additional library paths to search and was able to get the usage help to display.

Closing this issue.