search

qilingframework / qiling

A True Instrumentable Binary Emulation Framework
https://qiling.io
GNU General Public License v2.0
5.06k stars 737 forks source link

KeyError: 'kernel32' #1473

Open 1637848276 opened 3 months ago

1637848276 commented 3 months ago

*Describe the bug Problems with kernal32 were displayed after I ran MPRESS using qiling

Sample Code

def main():
    ql = qiling.Qiling([binary_path], rootfs_path, verbose=QL_VERBOSE.DEBUG)
    ql.run()

4d28ae128b1da30c5f65b6114c12ddd cea2ed50b860d1d887f82e5a9e4b1a4 dd36b70ad959278966a3231b8dd9dfe

1637848276 commented 3 months ago

[+] 0x0000000180324d50: WideCharToMultiByte(CodePage = 0, dwFlags = 0, lpWideCharStr = 0x500005925, cchWideChar = 0x1, lpMultiByteStr = 0, cbMultiByte = 0, lpDefaultChar = 0, lpUsedDefaultChar = 0) = 0x1 [+] 0x0000000180721930: _malloc_base(size = 0x1) = 0x500001d1a [+] 0x0000000180324d50: WideCharToMultiByte(CodePage = 0, dwFlags = 0, lpWideCharStr = 0x500005925, cchWideChar = 0x1, lpMultiByteStr = 0x500001d1a, cbMultiByte = 0x1, lpDefaultChar = 0, lpUsedDefaultChar = 0) = 0x1 [+] 0x0000000180723630: _free_base(address = 0) [+] 0x000000018036bc10: FreeEnvironmentStringsW(penv = 0x500005925) = 0x1 [+] 0x0000000180723360: _calloc_base(num = 0x1, size = 0x8) = 0x500005927 [+] 0x0000000180723630: _free_base(address = 0) [+] 0x0000000180723630: _free_base(address = 0) [+] 0x0000000180723630: _free_base(address = 0x500001d1a) [!] api _initialize_onexit_table (ucrtbase) is not implemented [!] api _initialize_onexit_table (ucrtbase) is not implemented [+] 0x000000018063c8b7: QueryPerformanceFrequency(lpFrequency = 0x80000001cf38) = 0x1 [+] 0x000000018063c87c: QueryPerformanceCounter(lpPerformanceCount = 0x80000001cf40) = 0x0 [+] 0x0000000180723360: _calloc_base(num = 0x200, size = 0x8) = 0x50000592f [+] 0x0000000180723630: _free_base(address = 0) [+] 0x00000001802402f0: InitializeCriticalSectionEx(lpCriticalSection = 0x18080f4d0, dwSpinCount = 0xfa0, Flags = 0) = 0x1 [+] 0x00000001802402f0: InitializeCriticalSectionEx(lpCriticalSection = 0x18080f528, dwSpinCount = 0xfa0, Flags = 0) = 0x1 [+] 0x00000001802402f0: InitializeCriticalSectionEx(lpCriticalSection = 0x18080f580, dwSpinCount = 0xfa0, Flags = 0) = 0x1 [=] Returned from ucrtbase.dll DllMain [=] Done loading ucrtbase.dll [+] Init imports for E:\b_project\qiling _new\qiling-master\qiling-master\examples\rootfs\x8664_windows\bin\x64_MPRESS2.19_vs2010_box.exe [+] Requesting imports from kernel32 Traceback (most recent call last): File "E:\b_project\qiling _new\qiling-master\qiling-master\tests\test_mypress2.py", line 12, in main() File "E:\b_project\qiling _new\qiling-master\qiling-master\tests\test_mypress2.py", line 8, in main ql = qiling.Qiling([binary_path], rootfs_path, verbose=QL_VERBOSE.DEBUG) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "E:\b_project\qiling _new\qiling-master\qiling-master\qiling\core.py", line 190, in init self.loader.run() File "E:\b_project\qiling _new\qiling-master\qiling-master\qiling\loader\pe.py", line 725, in run self.load(pe) File "E:\b_project\qiling _new\qiling-master\qiling-master\qiling\loader\pe.py", line 808, in load super().init_imports(pe, self.is_driver) File "E:\b_project\qiling _new\qiling-master\qiling-master\qiling\loader\pe.py", line 542, in init_imports iat = self.import_address_table[dll_name]


KeyError: 'kernel32'
racerxdl commented 2 months ago

Managed to fix that by editing qiling/loader/pe.py:

                        iat = self.import_address_table[dll_name]

to

                    try:
                        iat = self.import_address_table[dll_name]
                    except KeyError:
                        iat = self.import_address_table[dll_name + ".dll"]