Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Context exceptions with ARM target #2153

Open
mat-pr opened this issue May 8, 2024 · 1 comment
Open

Context exceptions with ARM target #2153

mat-pr opened this issue May 8, 2024 · 1 comment
Labels
bug

Comments

@mat-pr
Copy link

mat-pr commented May 8, 2024

Description

Vaguely similar to #1097.
When debugging an ARM target with qemu-system-arm, the context command fails to execute with the following backtraces:

'context': Print out the current register, instruction, and stack context.
Traceback (most recent call last):
  File "/home/m/Desktop/pwndbg/pwndbg/commands/__init__.py", line 197, in __call__
    return self.function(*args, **kwargs)
  File "/home/m/Desktop/pwndbg/pwndbg/commands/__init__.py", line 357, in _OnlyWhenRunning
    return function(*a, **kw)
  File "/home/m/Desktop/pwndbg/pwndbg/commands/context.py", line 406, in context
    func(
  File "/home/m/Desktop/pwndbg/pwndbg/commands/context.py", line 514, in context_regs
    regs = get_regs()
  File "/home/m/Desktop/pwndbg/pwndbg/commands/context.py", line 606, in get_regs
    desc = pwndbg.chain.format(value)
  File "/home/m/Desktop/pwndbg/pwndbg/chain.py", line 174, in format
    enhanced = pwndbg.enhance.enhance(
  File "/home/m/Desktop/pwndbg/pwndbg/enhance.py", line 119, in enhance
    pwndbg_instr = pwndbg.disasm.one(value, enhance=False)
  File "/home/m/Desktop/pwndbg/pwndbg/disasm/__init__.py", line 244, in one
    for insn in get(address, 1, emu, enhance=enhance, from_cache=from_cache, put_cache=put_cache):
  File "/home/m/Desktop/pwndbg/pwndbg/disasm/__init__.py", line 278, in get
    i = get_one_instruction(
  File "/home/m/Desktop/pwndbg/pwndbg/disasm/__init__.py", line 211, in get_one_instruction
    md = get_disassembler(address)
  File "/home/m/Desktop/pwndbg/pwndbg/disasm/__init__.py", line 161, in get_disassembler
    extra = CS_MODE_THUMB if (pwndbg.gdblib.regs.cpsr & (1 << 5)) else CS_MODE_ARM
TypeError: unsupported operand type(s) for &: 'NoneType' and 'int'

and

'context': Print out the current register, instruction, and stack context.
Traceback (most recent call last):
  File "/home/m/Desktop/pwndbg/pwndbg/commands/__init__.py", line 197, in __call__
    return self.function(*args, **kwargs)
  File "/home/m/Desktop/pwndbg/pwndbg/commands/__init__.py", line 357, in _OnlyWhenRunning
    return function(*a, **kw)
  File "/home/m/Desktop/pwndbg/pwndbg/commands/context.py", line 406, in context
    func(
  File "/home/m/Desktop/pwndbg/pwndbg/commands/context.py", line 635, in context_disasm
    result = pwndbg.gdblib.nearpc.nearpc(
  File "/home/m/Desktop/pwndbg/pwndbg/gdblib/nearpc.py", line 129, in nearpc
    instructions, index_of_pc = pwndbg.disasm.near(
  File "/home/m/Desktop/pwndbg/pwndbg/disasm/__init__.py", line 349, in near
    emu = pwndbg.emu.emulator.Emulator()
  File "/home/m/Desktop/pwndbg/pwndbg/emu/emulator.py", line 194, in __init__
    self.uc_mode = self.get_uc_mode()
  File "/home/m/Desktop/pwndbg/pwndbg/emu/emulator.py", line 544, in get_uc_mode
    mode |= U.UC_MODE_THUMB if (pwndbg.gdblib.regs.cpsr & (1 << 5)) else U.UC_MODE_ARM
TypeError: unsupported operand type(s) for &: 'NoneType' and 'int'

Patching the two reported lines in pwndbg/pwndbg/disasm/__init__.py and pwndbg/pwndbg/emu/emulator.py, the debugging process seems reasonable.

Steps to reproduce

I ran gdb-multiarch on the ARM binary. Then the first exception is triggered with

set exception-verbose on
target remote localhost:1234

and the second with an additional next command.

My setup

Platform: Linux-6.5.0-28-generic-x86_64-with-glibc2.35
OS: Ubuntu 22.04.4 LTS
OS ABI: #29~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Apr  4 14:39:20 UTC 2
Architecture: x86_64
Endian: little
Charset: utf-8
Width: 101
Height: 57
Gdb:      12.1
Python:   3.10.12 (main, Nov 20 2023, 15:14:05) [GCC 11.4.0]
Pwndbg:   2024.02.14 build: 00adfbbb
Capstone: 5.0.1280
Unicorn:  2.0.1
This GDB was configured as follows:
   configure --host=x86_64-linux-gnu --target=x86_64-linux-gnu
	     --with-auto-load-dir=$debugdir:$datadir/auto-load
	     --with-auto-load-safe-path=$debugdir:$datadir/auto-load
	     --with-expat
	     --with-gdb-datadir=/usr/share/gdb (relocatable)
	     --with-jit-reader-dir=/usr/lib/gdb (relocatable)
	     --without-libunwind-ia64
	     --with-lzma
	     --with-babeltrace
	     --with-intel-pt
	     --with-mpfr
	     --with-xxhash
	     --with-python=/usr (relocatable)
	     --with-python-libdir=/usr/lib (relocatable)
	     --with-debuginfod
	     --without-guile
	     --enable-source-highlight
	     --with-separate-debug-dir=/usr/lib/debug (relocatable)
	     --with-system-gdbinit=/etc/gdb/gdbinit
	     --with-system-gdbinit-dir=/etc/gdb/gdbinit.d

("Relocatable" means the directory can be moved with the GDB installation
tree, and GDB will still find it.)

pwndbg commit: 00adfbb
@mat-pr mat-pr added the bug label May 8, 2024
@gsingh93 gsingh93 assigned gsingh93 and unassigned gsingh93 May 9, 2024
@gsingh93
Copy link
Member

gsingh93 commented May 9, 2024

cc: @OBarronCS since this is in the emulation code you'll be refactoring.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gsingh93 @mat-pr