Error in building taintgrind

[PriyankaPanigrahi]

When I run the make command in building taintgrind, I am getting the following error:

1. error: unknown type name ‘DiEpoch’
2. error: too many arguments to function ‘vgPlain_get_fnname’**

tnt_syswrap.c: In function ‘vgTaintgrind_get_fnname’: tntsyswrap.c:442:12: error: unknown type name ‘DiEpoch’ DiEpoch ep = VG(current_DiEpoch)(); ^~~ In file included from tnt_syswrap.c:29:0: ../include/pub_tool_basics.h:70:30: warning: implicit declaration of function ‘vgPlain_current_DiEpoch’; did you mean ‘vgPlain_client_fname’? [-Wimplicit-function-declaration]

define VG(str) VGAPPEND(vgPlain, str)

                          ^

../include/pub_tool_basics.h:68:29: note: in definition of macro ‘VGAPPEND’

define VGAPPEND(str1,str2) str1##str2

                         ^~~~

tntsyswrap.c:442:26: note: in expansion of macro ‘VG’ DiEpoch ep = VG_(current_DiEpoch)(); ^~~ tnt_syswrap.c:443:25: warning: passing argument 2 of ‘vgPlain_getfnname’ makes pointer from integer without a cast [-Wint-conversion] VG(get_fnname)(ep, pc, buf); ^~ In file included from tnt_syswrap.c:29:0: ../include/pub_tool_basics.h:70:30: note: expected ‘const HChar {aka const char }’ but argument is of type ‘UInt {aka unsigned int}’

define VG(str) VGAPPEND(vgPlain, str)

                          ^

../include/pub_tool_basics.h:68:29: note: in definition of macro ‘VGAPPEND’

define VGAPPEND(str1,str2) str1##str2

                         ^~~~

../include/pub_tooldebuginfo.h:80:13: note: in expansion of macro ‘VG’ extern Bool VG_(get_fnname) ( Addr a, const HChar fnname ); ^~~ ../include/pub_tool_basics.h:70:30: error: too many arguments to function ‘vgPlain_get_fnname’**

define VG(str) VGAPPEND(vgPlain, str)

                          ^

../include/pub_tool_basics.h:68:29: note: in definition of macro ‘VGAPPEND’

define VGAPPEND(str1,str2) str1##str2

                         ^~~~

tntsyswrap.c:443:5: note: in expansion of macro ‘VG’ VG_(get_fnname)(ep, pc, buf); ^~~ ../include/pub_tool_basics.h:70:30: note: declared here

define VG(str) VGAPPEND(vgPlain, str)

                          ^

../include/pub_tool_basics.h:68:29: note: in definition of macro ‘VGAPPEND’

define VGAPPEND(str1,str2) str1##str2

                         ^~~~

../include/pub_tooldebuginfo.h:80:13: note: in expansion of macro ‘VG’ extern Bool VG_(get_fnname) ( Addr a, const HChar fnname ); ^~~ tnt_syswrap.c: In function ‘vgTaintgrind_check_fd_access’: tntsyswrap.c:478:41: warning: format ‘%d’ expects argument of type ‘int’, but argument 4 has type ‘UInt {aka unsigned int}’ [-Wformat=] VG(printf)("** Sandbox %s %s (fd: %d) in method %s, but it is not allowed to. \n", access_str, fdpath, fd, fnname); ~^ %d Makefile:1044: recipe for target 'taintgrind_amd64_linux-tnt_syswrap.o' failed make[2]: [taintgrind_amd64_linux-tnt_syswrap.o] Error 1 make[2]: Leaving directory '/home/priyanka/Valgrind/valgrind-3.13.0/taintgrind' Makefile:1239: recipe for target 'all-recursive' failed make[1]: [all-recursive] Error 1 make[1]: Leaving directory '/home/priyanka/Valgrind/valgrind-3.13.0/taintgrind' Makefile:943: recipe for target 'all' failed make: *** [all] Error 2

Any suggestions ?

Thank you in advance. Good day!!!

[marekzmyslowski]

So the taintgrind is built with the script "build_taintgrind.sh". Here are the exact instructions:

1. Download Valgrind
2. Git clone taintgrind inside valgrind directory.
3. Run build_taintgrind.sh (to build valgrind, taintgrind and Capstone)

Regards Marek

[PriyankaPanigrahi]

I get the same error when I run build_taintgrind.sh also.

[marekzmyslowski]

I checked everything and it works for me. Here is what I did:

wget https://sourceware.org/pub/valgrind/valgrind-3.15.0.tar.bz2
tar jxvf valgrind-3.15.0.tar.bz2 
cd valgrind-3.15.0/
git clone http://github.com/wmkhoo/taintgrind.git
cd taintgrind/
./build_taintgrind.sh

Make sure that you compile this on the fresh version of valgrind. System: Ubuntu 18.04.3 LTS

[PriyankaPanigrahi]

Thank you for your reply.

I am following exactly the same steps and still getting these errors. I tried with valgrind-3.15.0 and also valgrind-3.13.0 .

[wmkhoo]

The current version of taintgrind will only work with valgrind-3.15.0.

[PriyankaPanigrahi]

Thank you. I successfully built taintgrind. But, when I write my own code, for ex: "dif.c" and when I run "make tests/dif" , it shows

gcc tests/dif.c -o tests/dif tests/dif.c:1:10: fatal error: taintgrind.h: No such file or directory

include "taintgrind.h"

      ^~~~~~~~~~~~~~

compilation terminated.

: recipe for target 'tests/dif' failed make: *** [tests/dif] Error 1 But it is working for all other predefined programs in the folder "tests". Any suggestions ? Thank you.

[marekzmyslowski]

gcc tests/dif.c -o tests/dif -I./taintgrind

[PriyankaPanigrahi]

gcc tests/dif.c -o tests/dif -I./taintgrind

Thank you for your reply.

I am getting the same error.

[marekzmyslowski]

So what path are you in when you run the gcc? If you are in valgrind/taintgrind try: gcc tests/dif.c -o tests/dif -I./

[PriyankaPanigrahi]

So what path are you in when you run the gcc? If you are in valgrind/taintgrind try: gcc tests/dif.c -o tests/dif -I./

I am still getting error, but when I keep the files "taintgrind.h" and "valgrind.h" in the tests folder, it is working fine.

I do not know, whether its correct or not. I just copied the files "taintgrind.h" and "valgrind.h" from valgrind-3.15.0/build/include/valgrind/ and pasted into taintgrind/tests/ .

[marekzmyslowski]

Try this: gcc tests/dif.c -o tests/dif -I./ -I../include

[PriyankaPanigrahi]

yeah, its working fine. Thank you.

May I know why "make check" does not create the executable file for "tests/dif.c" i.e. for my own code.

[marekzmyslowski]

The makefile is automatically generated for all the files in the directory while you were compiling taintgrind. You may try to run automake for taintgrind again.

[PriyankaPanigrahi]

Thank you so much for your reply.

When I run "./misprint 1 1" , it prints INFO: Hello World! When I run "VAL=readelf -s misprint | grep secret_function | awk '{print $2}' && printf "%d\n" 0x$VAL" , it prints 2237. It should show "134513809". When I run "./misprint 12 2237" , it prints INFO: Hello World!

Any suggestions ?

[wmkhoo]

I'm able to reproduce the error. The output of VAL=readelf -s tests/misprint | grep secret_function | awk '{print $2}' && printf "%d\n" 0x$VAL gives 2237 Running tests/misprint 12 2237 gives Hello World! Running tests/misprint 13 2237 gives Segmentation fault (core dumped) Running valgrind --tool=taintgrind tests/misprint 13 2237 gives ... 0x1089BD: main (misprint.c:50) | JMP t6 | Jmp | 0x8bd | t6_9973 ==24803== ==24803== Process terminating with default action of signal 11 (SIGSEGV) ==24803== Bad permissions for mapped region at address 0x8BD ==24803== at 0x8BD: ??? ==24803== by 0x4C4DB96: (below main) (libc-start.c:310) ==24803== Segmentation fault (core dumped) I suspected that the address given was a relative address, so I added 0x108000 to 0x8bd, and ran taintgrind tests/misprint 13 1083581 which gives 0x1089B9: main (misprint.c:50) | mov rax, qword ptr [rbp - 0x10] | Load | 0x1088bd | t6_9979 <- func:1ffefffd10 0x1089B9: main (misprint.c:50) | r2_10657 <- t6_9979 0x1089BD: main (misprint.c:50) | JMP t6 | Jmp | 0x1088bd | t6_9979 INFO: Oh no! The application is compromised!

Conclusion: I'm not sure how to obtain the runtime (absolute) address of secret_function, so at the moment I have to obtain it manually by running the program.

[marekzmyslowski]

file command says that the application is built as PIE. This means, there is no way to get the base address from the app.

[wmkhoo]

This test case works for me now when compiled with -no-pie.