Macbook M3 Pro crash

[tosbaha]

Describe the bug It crashes even if I try to run the example code from the examples folder.

Sample Code

python3 -m venv qilingenv
source qilingenv/bin/activate
git clone -b dev https://github.com/qilingframework/qiling.git
cd qiling && git submodule update --init --recursive
pip3 install .
cd examples
python3 crackme_x86_linux.py

Expected behavior It shouldn't crash.

Screenshots

Process:               Python [22947]
Path:                  /opt/homebrew/*/Python.framework/Versions/3.12/Resources/Python.app/Contents/MacOS/Python
Identifier:            org.python.python
Version:               3.12.6 (3.12.6)
Code Type:             ARM-64 (Native)
Parent Process:        zsh [16274]
Responsible:           iTerm2 [635]
User ID:               501

Date/Time:             2024-09-30 11:03:59.6001 +0300
OS Version:            macOS 15.0 (24A335)
Report Version:        12
Anonymous UUID:        DB2F57AC-C0A2-D812-A756-42B2828B2065

Time Awake Since Boot: 1300 seconds

System Integrity Protection: enabled

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGBUS)
Exception Codes:       KERN_PROTECTION_FAILURE at 0x0000000300000000
Exception Codes:       0x0000000000000002, 0x0000000300000000

Termination Reason:    Namespace SIGNAL, Code 10 Bus error: 10
Terminating Process:   exc handler [22947]

VM Region Info: 0x300000000 is in 0x300000000-0x340000000;  bytes after start: 0  bytes before end: 1073741823
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      unused __TEXT               29e908000-29e90c000    [   16K] r--/r-- SM=COW  unused  unknown system shared lib __TEXT
      GAP OF 0x616f4000 BYTES
--->  VM_ALLOCATE                 300000000-340000000    [  1.0G] rwx/rwx SM=PRV  
      GAP OF 0xc80000000 BYTES
      commpage (reserved)         fc0000000-1000000000   [  1.0G] ---/--- SM=NUL  reserved VM address space (unallocated)

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   libunicorn.2.dylib                     0x102befdac tcg_prologue_init_x86_64 + 88
1   libunicorn.2.dylib                     0x102c22c24 tcg_exec_init_x86_64 + 236
2   libunicorn.2.dylib                     0x102bc56d0 machine_initialize + 88
3   libunicorn.2.dylib                     0x102bc136c uc_init_engine + 164
4   libunicorn.2.dylib                     0x102bc295c uc_mem_map + 536
5   libffi.dylib                           0x196be0050 ffi_call_SYSV + 80
6   libffi.dylib                           0x196be8b04 ffi_call_int + 1208
7   _ctypes.cpython-312-darwin.so          0x101c47a00 _ctypes_callproc + 776
8   _ctypes.cpython-312-darwin.so          0x101c40a44 PyCFuncPtr_call + 220

Additional context I also tried installing unicorn via brew and changing the binaries but it didn't help either.

[elicn]

The latest Unicorn release is not stable enough for Qiling. Try reverting Unicorn to 2.0.1-post

[tosbaha]

How can I do that? Qiling’s pip version didn’t work as well. It’s puzzling that default installation via pip just doesn’t work. I will appreciate if you can write a detailed explanation.

[elicn]

As seen on your first message, it looks like you are using Qiling's dev branch, which is the best option. If you pip install-ed Qiling in parallel make sure to remove that installation and use the cloned version you downloaded at first.

When in the pyenv, use pip to enumerate all available versions of Unicorn: pip index versions unicorn

Then locate the 2.0.1-post version and use it in the following command (replace the_version_goes_here with the actual version string you saw on the list): pip install --force-reinstall -v "unicorn==the_version_goes_here"

That will revert Unicorn to the latest version that was compatible with Qiling.

[tosbaha]

but now it crashes with

➜ python crackme_x86_linux.py
[x] ialiSyscall ERROR: ql_syscall_openat DEBUG: flags were not defined for hosting ARM64 MACOS

[elicn]

Looks like this is a duplication of #1491