search

qilingframework / qiling

A True Instrumentable Binary Emulation Framework
https://qiling.io
GNU General Public License v2.0
5.06k stars 737 forks source link

unicorn.unicorn.UcError when using timeout #1475

Open jiliguluss opened 2 months ago

jiliguluss commented 2 months ago

Describe the bug I want to use Qiling to track the block nodes of the binary hited by the input file. I hope to use the timeout mechanism when calling qiling.run, so I set the timeout parameter to 10000 (10 seconds). As a result, I encountered the following error.

[x]     000000000000400000 - 000000000000403000   r--     re2                    /home/test/re2
[x]     000000000000403000 - 000000000000425000   r-x     re2                    /home/test/re2
[x]     000000000000425000 - 000000000000438000   r--     re2                    /home/test/re2
[x]     000000000000439000 - 00000000000043b000   rw-     re2                    /home/test/re2
[x]     00000000000043b000 - 00000000000043d000   rwx     [hook_mem]             
[x]     0000007ffff7dd5000 - 0000007ffff7dfc000   r-x     ld-linux-x86-64.so.2   /home/rootfs/x8664_linux/lib64/ld-linux-x86-64.so.2
[x]     0000007ffff7ffc000 - 0000007ffff7fff000   rw-     ld-linux-x86-64.so.2   /home/rootfs/x8664_linux/lib64/ld-linux-x86-64.so.2
[x]     0000007ffffffde000 - 00000080000000e000   rwx     [stack]                
[x]     00ffffffffff600000 - 00ffffffffff601000   rwx     [vsyscall]             
Traceback (most recent call last):
  File "/home/source/cfg.py", line 220, in analyze_corpus
    self.tracer.trace_corpus(file_path)
  File "/home/source/cfg.py", line 117, in trace_corpus
    ql.run(timeout=10000)
  File "/home/angr/lib/python3.8/site-packages/qiling/core.py", line 595, in run
    self.os.run()
  File "/home/angr/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 184, in run
    self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
  File "/home/angr/lib/python3.8/site-packages/qiling/core.py", line 769, in emu_start
    self.uc.emu_start(begin, end, timeout, count)
  File "/home/angr/lib/python3.8/site-packages/unicorn/unicorn.py", line 547, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED)

When I remove the timeout parameter, the program runs normally.

Sample Code

ql = Qiling([target, os.path.abspath(corpus)], rootfs=rootfs, verbose=QL_VERBOSE.OFF)
ql.add_fs_mapper(os.path.abspath(corpus), os.path.abspath(corpus))
ql.os.stdout = open(os.devnull, 'wb')
ql.hook_block(hook_for_trace)
ql.run(timeout=10000)

Expected behavior I want Qiling to forcibly terminate after running for more than 10 seconds, but I haven't found a method to stop it, so I used the timeout parameter. I was originally expecting it to end after 10 seconds, and then I would check whether Qiling ended abnormally, but now it's throwing an error directly.

Additional context Version: 1.4.6

May I ask why the timeout triggered this error? If the timeout cannot be used, how should I handle the timeout situation?