search

utds3lab / multiverse

A static binary rewriter that does not use heuristics
GNU Lesser General Public License v3.0
298 stars 33 forks source link

Disassembly error #1

Closed kevinkoo001 closed 6 years ago

kevinkoo001 commented 6 years ago

I am using capstone-3.0.4 and pwn-1.0 (installed with typical pip) on Ubuntu 16.04. After a series of necessary tools for running multiverse, I got the following message during disassembly. 

$ python multiverse.py --execonly --arch x86-64 simplest64
Found .text
Writing ONLY main binary, without support for rewritten .so files
Base address: 0x400000
Generating mapping...
Starting disassembly...
Disassembly 0% complete...
Traceback (most recent call last):
  File "multiverse.py", line 317, in <module>
    rewriter.rewrite(args.filename,args.arch)
  File "multiverse.py", line 191, in rewrite
    mapping = mapper.gen_mapping()
  File "/home/hykoo/multiverse/brute_force_mapper.py", line 53, in gen_mapping
    newins = self.translator.translate_one(ins,None) #In this pass, the mapping is incomplete
  File "/home/hykoo/multiverse/x64_translator.py", line 144, in translate_one
    code = asm( '%s %s' % (ins.mnemonic, self.replace_rip(ins,mapping,len(ins.bytes) ) ) )
  File "/home/hykoo/multiverse/x64_translator.py", line 84, in replace_rip
    disp_size = ins._detail.arch.x86.encoding.disp_size

Thanks for the tool release!

baumane commented 6 years ago

It looks like Multiverse is trying to access one of the fields that was added in the forked version of Capstone that we are using (found here). We need this modified version of Capstone to access certain properties of the disassembled instructions (like disp_size). Switching to this version should solve the problem. Please let me know if this works!

kevinkoo001 commented 6 years ago

Got ya. It worked. I guess you'd better mention the (whatever) version you are using - Capstone 3.0.5rc3 here to avoid trivial errors. =)