Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trying to run unicorn-emulate with an ARM64 binary causes a syntax error #80

Open
4 tasks done
Emiluren opened this issue Aug 30, 2022 · 4 comments
Open
4 tasks done

Trying to run unicorn-emulate with an ARM64 binary causes a syntax error #80

Emiluren opened this issue Aug 30, 2022 · 4 comments

Comments

@Emiluren
Copy link

  • Did you use the latest version of GEF from dev branch?
  • Is your bug specific to GEF (not GDB)? - Try to reproduce it running gdb -nx
  • Did you search through the documentation first?
  • Did you check issues (including
    the closed ones) - and the PR?

Step 1: Describe your environment

  • Operating System / Distribution: Arch linux
  • Architecture: x64 (using aarch64-linux-gnu-gdb)
  • GEF version: [2830670] (btw, the version command gives the hash for my dotfiles repo since I have that cloned in ~)

Step 2: Describe your problem

I tried to run unicorn-emulate with a program compiled for ARM64 but ran into a syntax error in a generated file.

For a minimal test case I used this program compiled with aarch64-linux-gnu-gcc.

int main(){ return 0; }

I then ran aarch64-linux-gnu-gdb a.out followed by target sim, load, starti and emu.

Observed Results

Running emu gave me this error:

gef➤  emu
[+] Starting emulation: 0x0  →  0x4
[!] Command 'unicorn-emulate' failed to execute properly, reason: Command '[PosixPath('/usr/bin/python3'), '/tmp/gef-uc-4hoxcpjm.py']' returned non-zero exit status 1.

I then tried running the generated file outside gdb and got this error message:

% python3 /tmp/gef-uc-815xbo0q.py
  File "/tmp/gef-uc-815xbo0q.py", line 18
    cs = capstone.Cs(capstone.CS_ARCH_ARM64, capstone.0|capstone.CS_MODE_LITTLE_ENDIAN)
                                             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SyntaxError: invalid syntax. Perhaps you forgot a comma?

I noticed that the 0 comes from gef_to_cs_arch returning "0" as the mode in the case of ARM64. Should this perhaps be "CS_MODE_ARM" instead.
@Grazfather
Copy link
Collaborator

This is caused by this line.

That "0" should be something else, but I am not sure what. If it's supposed to be a string 0, then we should change it to '"0"'. Could you please try that?

@Grazfather
Copy link
Collaborator

Grazfather commented Aug 30, 2022
edited

(You could also try "CS_MODE_ARM". That looks correct.)

If you test and make a PR we could merge it in.

@Emiluren
Copy link
Author

Well I tried "CS_MODE_ARM" and it worked for a while but somehow gef_to_cs_arch started returning "0" again at some point.

I have no idea why but it seems like the old version of get_to_cs_arch got loaded and I couldn't figure out where it came from. I added prints but they were never executed (also suggesting the old version was used), but changes in other parts of the same file did have an effect. I feel like my python installation is cursed...

@Grazfather
Copy link
Collaborator

Yeah I would guess that it's somehow importing an old version of the file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Grazfather @Emiluren