Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disassembly (capstone) messed up #459

Closed
gyorokpeter opened this issue Jan 10, 2017 · 10 comments
Closed

Disassembly (capstone) messed up #459

gyorokpeter opened this issue Jan 10, 2017 · 10 comments
Assignees
@JonathanSalwan
Labels
Bug Disassembly
Milestone
v0.5

Comments

@gyorokpeter
Copy link
Contributor 

>>> from triton import *
>>> setArchitecture(ARCH.X86)
>>> inst = Instruction('\xa3\x04\x00\x00\x00')
>>> processing(inst)
True
>>> inst
0: mov dword ptr [4], eax
>>> inst.getStoreAccess()
[]
>>> inst.getLoadAccess()
[([@0x4]:32 bv[31..0], (concat ((_ extract 7 0) (_ bv0 8)) ((_ extract 7 0) (_ bv0 8)) ((_ extract 7 0) (_ bv0 8)) ((_ extract 7 0) (_ bv0 8))))]

It should be a store access. The result is correct for the opposite direction, mov eax,[4].
@JonathanSalwan JonathanSalwan self-assigned this Jan 10, 2017
@JonathanSalwan JonathanSalwan added this to the v0.5 milestone Jan 10, 2017
@JonathanSalwan
Copy link
Owner

JonathanSalwan commented Jan 10, 2017
edited

Looks like it's a capstone issue. Capstone decodes the instruction mov dword ptr [4], eax as 3 operands:

  • op1: register (eax)
  • op2: memory @4
  • op3: register (eax)

Can you please report this issue to the capstone support (cc @aquynh)?

PoC

from capstone import *
from capstone.x86 import *

# mov dword ptr [4], eax
CODE = b"\xa3\x04\x00\x00\x00"

md = Cs(CS_ARCH_X86, CS_MODE_32)
md.detail = True

for inst in md.disasm(CODE, 0x1000):
    print("%x:\t%s\t%s" %(inst.address, inst.mnemonic, inst.op_str))

    for op in inst.operands:
        if op.type == X86_OP_REG:
            print inst.reg_name(op.value.reg)

        if op.type == X86_OP_MEM:
            print 'mem'

PS: Decoding mov qword ptr [4], rax on 64-bits mode is correct.

@JonathanSalwan JonathanSalwan changed the title load/store access messed up Disassembly messed up Jan 10, 2017
@JonathanSalwan JonathanSalwan changed the title Disassembly messed up Disassembly (capstone) messed up Jan 10, 2017
@JonathanSalwan
Copy link
Owner

It's fixed into their next branch (capstone 4.0.0).

@gyorokpeter
Copy link
Contributor Author

I'm having trouble building against that branch:

D:\Projects\c++\Triton\src\libtriton\arch\x86\x86Specifications.cpp:2923:16: error: 'X86_INS_FCOMPI' is not a member of 'triton::extlibs::capstone'
case triton::extlibs::capstone::X86_INS_FCOMPI:

...and the same error for X86_INS_VCMP, X86_INS_FUCOMPI, X86_INS_VBROADCASTI128 and X86_INS_VPCMP.

@JonathanSalwan
Copy link
Owner

JonathanSalwan commented Jan 11, 2017
edited

Yep I know. You can remove these enums to solve this issue, but then, you will get others troubles because capstone defines some immediate operands with a size of 0... Actually, I cannot port Triton on capstone 4.x until the 4.x is not into their master branch.

@JonathanSalwan
Copy link
Owner

JonathanSalwan commented Jan 11, 2017
edited

@gyorokpeter checkout dev-capstone-4.x.

@gyorokpeter
Copy link
Contributor Author

It works. I had to change the CMake config parameter from "D:/Projects/lib/capstone/include" to "D:/Projects/lib/capstone/include/capstone".

@enkomio
Copy link

enkomio commented Nov 5, 2018

Hi,

compiling the project on Linux ubuntu 4.15.0-38-generic #41-Ubuntu SMP Wed Oct 10 10:59:38 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux I receive the same error due to Capstone. Was the dev-capstone-4.x branch removed?

Below the error:

	Triton/build$ sudo make install
	[  1%] Built target gen-syscall64
	[  2%] Built target gen-syscall32
	[  3%] Building CXX object src/libtriton/CMakeFiles/triton.dir/api/api.cpp.o
	[  4%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/irBuilder.cpp.o
	[  6%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/operandWrapper.cpp.o
	[  7%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/bitsVector.cpp.o
	[  8%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/instruction.cpp.o
	[  9%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/memoryAccess.cpp.o
	[ 10%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/x86/x8664Cpu.cpp.o
	[ 12%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/x86/x86Cpu.cpp.o
	[ 13%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/x86/x86Semantics.cpp.o
	[ 14%] Building CXX object src/libtriton/CMakeFiles/triton.dir/arch/x86/x86Specifications.cpp.o
	/Triton/src/libtriton/arch/x86/x86Specifications.cpp: In member function 'triton::uint32 triton::arch::x86::x86Specifications::capstoneInstructionToTritonInstruction(triton::uint32) const':
	/Triton/src/libtriton/arch/x86/x86Specifications.cpp:1044:16: error: 'X86_INS_VCMP' is not a member of 'triton::extlibs::capstone'
			   case triton::extlibs::capstone::X86_INS_VCMP:
					^
	/Triton/src/libtriton/arch/x86/x86Specifications.cpp:3008:16: error: 'X86_INS_VBROADCASTI128' is not a member of 'triton::extlibs::capstone'
			   case triton::extlibs::capstone::X86_INS_VBROADCASTI128:
					^
	/Triton/src/libtriton/arch/x86/x86Specifications.cpp:4040:16: error: 'X86_INS_VPCMP' is not a member of 'triton::extlibs::capstone'
			   case triton::extlibs::capstone::X86_INS_VPCMP:
					^
	src/libtriton/CMakeFiles/triton.dir/build.make:360: recipe for target 'src/libtriton/CMakeFiles/triton.dir/arch/x86/x86Specifications.cpp.o' failed
	make[2]: *** [src/libtriton/CMakeFiles/triton.dir/arch/x86/x86Specifications.cpp.o] Error 1
	CMakeFiles/Makefile2:1148: recipe for target 'src/libtriton/CMakeFiles/triton.dir/all' failed
	make[1]: *** [src/libtriton/CMakeFiles/triton.dir/all] Error 2
	Makefile:140: recipe for target 'all' failed
	make: *** [all] Error 2

@aquynh
Copy link

aquynh commented Nov 5, 2018 via email

@JonathanSalwan
Copy link
Owner

@enkomio can you please try the version 3.x of capstone.

@enkomio
Copy link

enkomio commented Nov 5, 2018

Hi,

by installing Capstone 3.0.5 I was able to proceed, but now I received another error:

	/Triton/build$ cmake ..
	-- Found Z3 include directory: /usr/include
	-- Found Z3 library: /usr/lib/libz3.so
	-- Found CAPSTONE include directory: /usr/include
	-- Found CAPSTONE library: /usr/lib/libcapstone.so
	-- Boost version: 1.65.1
	-- Configuring done
	WARNING: Target "triton" requests linking to directory "/usr/lib/python2.7".  Targets may link only to libraries.  CMake is dropping the item.
	WARNING: Target "info_reg" requests linking to directory "/usr/lib/python2.7".  Targets may link only to libraries.  CMake is dropping the item.
	WARNING: Target "constraint" requests linking to directory "/usr/lib/python2.7".  Targets may link only to libraries.  CMake is dropping the item.
	WARNING: Target "taint_reg" requests linking to directory "/usr/lib/python2.7".  Targets may link only to libraries.  CMake is dropping the item.
	WARNING: Target "ctest_api" requests linking to directory "/usr/lib/python2.7".  Targets may link only to libraries.  CMake is dropping the item.
	WARNING: Target "ir" requests linking to directory "/usr/lib/python2.7".  Targets may link only to libraries.  CMake is dropping the item.
	WARNING: Target "simplification" requests linking to directory "/usr/lib/python2.7".  Targets may link only to libraries.  CMake is dropping the item.
	-- Generating done
	-- Build files have been written to: /Triton/build
	/Triton/build$ sudo make install
	[  1%] Built target gen-syscall64
	[  2%] Built target gen-syscall32
	[  3%] Linking CXX shared library libtriton.so
	/usr/bin/ld: cannot find -lz3
	/usr/bin/ld: cannot find -lz3
	/usr/bin/ld: cannot find -lcapstone
	/usr/bin/ld: cannot find -lcapstone
	collect2: error: ld returned 1 exit status
	src/libtriton/CMakeFiles/triton.dir/build.make:1772: recipe for target 'src/libtriton/libtriton.so' failed
	make[2]: *** [src/libtriton/libtriton.so] Error 1
	CMakeFiles/Makefile2:1148: recipe for target 'src/libtriton/CMakeFiles/triton.dir/all' failed
	make[1]: *** [src/libtriton/CMakeFiles/triton.dir/all] Error 2
	Makefile:140: recipe for target 'all' failed
	make: *** [all] Error 2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JonathanSalwan JonathanSalwan

Labels
Bug Disassembly
Projects
None yet
Milestone
v0.5
Development

No branches or pull requests
4 participants
@JonathanSalwan @gyorokpeter @enkomio @aquynh