Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

re-compilation error on bzip2 #3

Closed
pwnslinger opened this issue Jan 6, 2021 · 5 comments
Closed

re-compilation error on bzip2 #3

pwnslinger opened this issue Jan 6, 2021 · 5 comments

Comments

@pwnslinger
Copy link

I have a bzp2 binary and I tried to use gtirb-pprinter to recompile it. However, I received the following error and couldn't fix it. Do you have any suggestions?

bzip2 link: https://drive.google.com/file/d/1OpzrWRCHur2e20knUkMRe1mz55qcPAWh/view?usp=sharing

command:

gtirb-pprinter bzip2_base.amd64-m64-gcc42-nn.gtirb --keep-all --skip-section .eh_frame_hdr --compiler-args -shared -b test -c -nostartfiles
[INFO]  Reading GTIRB file:     "bzip2_base.amd64-m64-gcc42-nn.gtirb"
Generating binary file
Printing modulebzip2_base.amd64-m64-gcc42-nn to temporary file /tmp/file89sJBs.s
Calling compiler
Compiler arguments: -o test /tmp/file89sJBs.s -shared -nostartfiles -no-pie
/usr/bin/ld: error in /tmp/cc9CWQau.o(.eh_frame); no .eh_frame_hdr table will be created.

When I tun the test file I get the following:

 ./test
spec_init
Loading Input Data
Can't open file input.combined: No such file or directory
[1]    3755 segmentation fault (core dumped)  ./test
@pwnslinger
Copy link
Author

Here is more information on the issue:

backtrace:

#0  0x0000000000000000 in ?? ()
#1  0x00007ffff7de5bc3 in _dl_fini () at dl-fini.c:138
#2  0x00007ffff7a270f1 in __run_exit_handlers (status=0, listp=0x7ffff7dcf718 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true,
    run_dtors=run_dtors@entry=true) at exit.c:108
#3  0x00007ffff7a271ea in __GI_exit (status=<optimized out>) at exit.c:139
#4  0x00000000004012b2 in spec_load ()
#5  0x0000000000400b67 in main ()

disasm at spec_load function, where the error initiated:

0x401288 <spec_load+296>        callq  0x400ac0 <strerror@plt>                                                                                        │
   │0x40128d <spec_load+301>        mov    %rbx,%rcx                                                                                                      │
   │0x401290 <spec_load+304>        mov    %rax,%r8                                                                                                       │
   │0x401293 <spec_load+307>        mov    $0x40ba8c,%edx                                                                                                 │
   │0x401298 <spec_load+312>        mov    0x20db01(%rip),%rdi        # 0x60eda0 <stderr@@GLIBC_2.2.5>                                                    │
   │0x40129f <spec_load+319>        mov    $0x1,%esi                                                                                                      │
   │0x4012a4 <spec_load+324>        xor    %eax,%eax                                                                                                      │
   │0x4012a6 <spec_load+326>        callq  0x400ab0 <__fprintf_chk@plt>                                                                                   │
   │0x4012ab <spec_load+331>        xor    %edi,%edi                                                                                                      │
   │0x4012ad <spec_load+333>        callq  0x400a90 <exit@plt>                                                                                            │
  >│0x4012b2 <spec_load+338>        callq  0x4009b0 <__errno_location@plt>                                                                                │
   │0x4012b7 <spec_load+343>        mov    (%rax),%edi                                                                                                    │
   │0x4012b9 <spec_load+345>        callq  0x400ac0 <strerror@plt>                                                                                        │
   │0x4012be <spec_load+350>        mov    %rbx,%rcx

@junghee
Copy link
Contributor

junghee commented Jan 8, 2021

I have a bzp2 binary and I tried to use gtirb-pprinter to recompile it. However, I received the following error and couldn't fix it. Do you have any suggestions?

bzip2 link: https://drive.google.com/file/d/1OpzrWRCHur2e20knUkMRe1mz55qcPAWh/view?usp=sharing

command:

gtirb-pprinter bzip2_base.amd64-m64-gcc42-nn.gtirb --keep-all --skip-section .eh_frame_hdr --compiler-args -shared -b test -c -nostartfiles
[INFO]  Reading GTIRB file:     "bzip2_base.amd64-m64-gcc42-nn.gtirb"
Generating binary file
Printing modulebzip2_base.amd64-m64-gcc42-nn to temporary file /tmp/file89sJBs.s
Calling compiler
Compiler arguments: -o test /tmp/file89sJBs.s -shared -nostartfiles -no-pie
/usr/bin/ld: error in /tmp/cc9CWQau.o(.eh_frame); no .eh_frame_hdr table will be created.

When I tun the test file I get the following:

 ./test
spec_init
Loading Input Data
Can't open file input.combined: No such file or directory
[1]    3755 segmentation fault (core dumped)  ./test

Thank you for taking time to raise the issue.
We were able to reproduce the error on our end.

Your command line was

gtirb-pprinter bzip2_base.amd64-m64-gcc42-nn.gtirb --keep-all --skip-section .eh_frame_hdr --compiler-args -shared -b test -c -nostartfiles

We are not sure of the purpose of each argument you passed, but the desired command-line to rewrite the input binary would be

gtirb-pprinter bzip2_base.amd64-m64-gcc42-nn.gtirb -b test

However, we found a problem with the rewritten binary seg-faulting.
The problem is related to the remaining .ctors and .dtors sections, which seems to conflict with the ones added by the linker.

We have to investigate this issue further on our end.
Meanwhile, to make the rewriting succeed on your input binary, you can skip the .ctors and .dtors sections by passing "--skip-section .ctors --skip-section .dtors":

gtirb-pprinter bzip2_base.amd64-m64-gcc42-nn.gtirb -b test --skip-section .ctors --skip-section .dtors

Hope this helps.

@pwnslinger
Copy link
Author

Thanks for your response. We leveraged your hints and could reproduce results. As part of the research collaboration, we evaluated ddisasm with rev.ng on binary mutation analysis. Here is the link to our Github repo and the accepted paper. we are going to present our results at Binary Analysis Research (BAR) workshop co-located with NDSS'21. It would be a pleasure for us to have your insights on the paper before the camera-ready deadline (March 11th).

Rewriter: https://github.com/pwnslinger/sn4ke

Paper: https://github.com/pwnslinger/sn4ke/blob/master/paper/Sn4ke:Practical_Mutation_Analysis_of_Tests_at_Binary_Level.pdf

https://bar2021.moyix.net/accepted.html

@aeflores
Copy link
Collaborator

@pwnslinger thanks for sharing, very cool! We will certainly take a look.

@eschulte
Copy link
Contributor

I believe this issue has been addressed. Please re-open if that's not the case.

@avncharlie avncharlie mentioned this issue Mar 20, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@eschulte @junghee @aeflores @pwnslinger