Unable to Uplift x86 PE: Check failed 'seg_type' Must be non NULL

[SaifRushdHadad]

I am getting the error Check failed: 'seg_type' Must be non NULL when trying to uplift a x86 PE skeleton helloworld file. I am not sure if it is my install, based on the documentation McSema should fully support x86 PEs, I was wondering if there is a test suite corpus that is available that I could test my installation against?

Tool versioning:

• McSema v3.0.23 LLVM 10 - Ubuntu 18.04
• IDA Pro 7.1

Steps to reproduce:

echo 'void main() {};' > hello.c && \
i686-w64-mingw32-gcc hello.c -fPIC -pie -o hello.exe

"${MCSEMAPATH}/mcsema/bin/mcsema-disass-3" \
>     --disassembler "${IDAPATH}/idat" \
>     --arch x86 \
>     --os windows \
>     --entrypoint main\
>     --binary "${WORKDIR}/${TARGET}.exe" \
>     --output "${WORKDIR}/${TARGET}.cfg" \
>     --log_file "${WORKDIR}/${TARGET}.log"

"${MCSEMAPATH}/mcsema/bin/mcsema-lift-10.0" \
>     --arch x86 \
>     --os windows \
>     --cfg "${WORKDIR}/${TARGET}.cfg" \
>     --output "${WORKDIR}/${TARGET}.bc"\
>     --explicit_args \
>     --merge_segments \
>     --name_lifted_sections \
>     -semantics_search_paths "${MCSEMAPATH}/remill/share/remill/10.0/semantics/"
E20210304 14:17:08.631868 19859 Arch.cpp:379] Unable to decode instruction at 4026c0 with bytes ff ff ff ff b0 26 40 00 00 00 00 00 ff ff ff and error: GENERAL_ERROR
E20210304 14:17:08.632352 19859 Arch.cpp:957] DecodeXED() could not decode the following opcodes: (X86 4026c0 (BYTES ff ff ff ff b0 26 40 00 00 00 00 00 ff ff ff) !NO-FUNCTION!)
E20210304 14:17:08.632378 19859 Function.cpp:1644] Could not decode instruction at 4026c0 reachable from instruction 4026bf in function _register_frame_ctor at 4026b0: (X86 4026c0 (BYTES ff ff ff ff b0 26 40 00 00 00 00 00 ff ff ff) !NO-FUNCTION!)
E20210304 14:17:09.014456 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_401010 in function sub_401010__pre_c_init
E20210304 14:17:09.014518 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_4022ca in function sub_4022b0___FindPESectionByName
E20210304 14:17:09.014537 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_402340 in function sub_402340____mingw_GetSectionForAddress
E20210304 14:17:09.014551 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_4023b0 in function sub_4023b0____mingw_GetSectionCount
E20210304 14:17:09.014565 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_4023e0 in function sub_4023e0___FindPESectionExec
E20210304 14:17:09.014585 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_402450 in function sub_402450___GetPEImageBase
E20210304 14:17:09.014602 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_402480 in function sub_402480___IsNonwritableInCurrentImage
E20210304 14:17:09.014619 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 400000 in block inst_402500 in function sub_402500____mingw_enum_import_library_names
E20210304 14:17:09.014639 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 40003c in block inst_4010b0 in function sub_401010__pre_c_init
E20210304 14:17:09.014963 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 40003c in block inst_4022ee in function sub_4022b0___FindPESectionByName
E20210304 14:17:09.015137 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 40003c in block inst_402360 in function sub_402340____mingw_GetSectionForAddress
E20210304 14:17:09.015158 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 40003c in block inst_4023ce in function sub_4023b0____mingw_GetSectionCount
E20210304 14:17:09.015174 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 40003c in block inst_40240e in function sub_4023e0___FindPESectionExec
E20210304 14:17:09.015190 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 40003c in block inst_4024a0 in function sub_402480___IsNonwritableInCurrentImage
E20210304 14:17:09.015213 19859 Optimize.cpp:1252] Missed cross-reference to absolute address 40003c in block inst_40252e in function sub_402500____mingw_enum_import_library_names
F20210304 14:17:09.156836 19859 Segment.cpp:484] Check failed: 'seg_type' Must be non NULL
*** Check failure stack trace: ***
    @           0x85c08c  google::LogMessageFatal::~LogMessageFatal()
    @           0x481292  mcsema::DefineDataSegments()
    @           0x471f31  mcsema::LiftCodeIntoModule()
    @           0x487856  main
    @     0x7fd79dcd8bf7  __libc_start_main
    @           0x43897a  _start
[1]    19859 abort (core dumped)  "${MCSEMAPATH}/mcsema/bin/mcsema-lift-10.0" --arch x86 --os windows --cfg

Relevant code:

mcsema/mcsema/BC/Segment.cpp

Lines 479 to 484 in b0f7790

	auto seg_type = llvm::dyn_cast<llvm::StructType>(remill::GetValueType(seg));
	// This might be null if there are two lifted variables with same name and
	// one of them is exported and the exported variable is having xrefs or
	// notnull.
	CHECK_NOTNULL(seg_type);

  auto seg_type = llvm::dyn_cast<llvm::StructType>(remill::GetValueType(seg));

  // This might be null if there are two lifted variables with same name and
  // one of them is exported and the exported variable is having xrefs or
  // notnull.
  CHECK_NOTNULL(seg_type);
  seg->setInitializer(FillDataSegment(cfg_module, cfg_seg, seg_type));