struct.error: argument out of range

SakiiR commented 4 years ago

Describe the bug

When emulating my binary, I get the following error on the fstat syscall:

mprotect(0x7763d000, 0x3000, 0x1) = 0
mprotect(0x47ec000, 0x1000, 0x1) = 0
ptrace(0x0, 0x0, 0x0, 0x0) = 0
[!] Syscall ERROR: ql_syscall_fstat64 DEBUG: argument out of range
Traceback (most recent call last):
  File "./exploit.py", line 22, in <module>
    main()
  File "./exploit.py", line 17, in main
    my_sandbox()
  File "./exploit.py", line 13, in my_sandbox
    ql.run()
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/core.py", line 198, in run
    self.os.run()
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 130, in run
    raise self.ql.internal_exception
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/utils.py", line 19, in wrapper
    return func(*args, **kw)
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/core_hooks.py", line 121, in _hook_intr_cb
    ret = h.call(ql, intno)
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/core_hooks.py", line 36, in call
    return self.callback(ql, *args)
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 65, in hook_syscall
    return self.load_syscall(intno)
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/os/posix/posix.py", line 167, in load_syscall
    self.syscall_map(self.ql, self.get_func_arg()[0], self.get_func_arg()[1], self.get_func_arg()[2], self.get_func_arg()[3], self.get_func_arg()[4], self.get_func_arg()[5])
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/os/posix/syscall/stat.py", line 135, in ql_syscall_fstat64
    fstat64_buf = ql.pack32(fstat64_info.st_dev)
  File "/Users/sakiir/.pyenv/versions/py3/lib/python3.8/site-packages/qiling/core_struct.py", line 63, in pack32
    return struct.pack('I', x)
struct.error: argument out of range

Sample Code

#!/usr/bin/env python

from qiling import *

# sandbox to emulate the EXE

def my_sandbox():
    # setup Qiling engine
    ql = Qiling(["./rootfs/bin/crackme200"], "./rootfs",
                output=None, log_dir="qlog")
    # now emulate the EXE
    ql.run()

def main():
    my_sandbox()

if __name__ == "__main__":
    main()

Expected behavior I should not crash on syscall tracing

SakiiR commented 4 years ago

I found a workaround by ANDing the st_dev syscall param:

            fstat64_buf = ql.pack32(fstat64_info.st_dev & 0xFFFFFFFF)

Line 135 of /os/posix/syscall/stat.py

xwings commented 4 years ago

if you are running on mac, make sure you got the latest code and on dev branch.

we found the issue and fix it two days ago

xwings commented 4 years ago

known a fixed issue

qilingframework / qiling

struct.error: argument out of range #459