Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Unknown Error" while decompiling RISC-V binary #2466

Closed
bruce30262 opened this issue Nov 14, 2020 · 3 comments
Closed

"Unknown Error" while decompiling RISC-V binary #2466

bruce30262 opened this issue Nov 14, 2020 · 3 comments
Assignees
@emteere

Comments

@bruce30262
Copy link

Describe the bug

I've been testing the RISC-V decompiler with the following RISC-V binaries:

rrr

hitree

Both of them are ELF 64-bit, UCB RISC-V, statically linked binary
( To download : Right click --> Save link as --> Remove the .jpg extension )

Ghidra failed to decompile some of the functions ( e.g. main ) in those binaries, showing "Unknown Error" in the decompile window.

For example, in the rrr binary, ghidra failed to decompile the following functions :

  • __do_global_dtors_aux
  • print_flag
  • game
  • main

The other functions seems to be decompiled normally ( did not check all of them though ).

Same errors occur in hitree as well. At least the main function is not being decompiled.

To Reproduce

Steps to reproduce the behavior:

  1. Create a new non-shared project, drag those binaries into the project.
  2. Ghidra will detect the language as RISCV:LE:64:RV64I (1.2) ( on both binaries ).
  3. Click OK and start analyze ( all options are default ).
  4. Goto the main funtion and check the decompile window.
  5. Decompile window will show "Unknown Error".

Expected behavior

Expected the decompiler work flawlessly.

Screenshots

rrr's main function:
rrr_main

hitree's main function:
hitree_main

Attachments

application.log

Environment

  • OS: Windows 10
  • Java Version: 11.0.2
  • Ghidra Version: 9.2 ( 2020/11/13 )
@mumbel
Copy link
Contributor

mumbel commented Nov 14, 2020
edited
Loading

Ah, looks like the issue is gp most likely. The RISC-V java analyzer code definitely needs improvement, I only (barely) implemented code to do this. Calculate the gp off the auipc and addi in the entry function and in functions where gp is used you can right-click and set register values (or ctrl-A and do the whole program).

(<auipc's imm> << 12) + <pc_of_auipc> + <addi's imm>

@bruce30262
Copy link
Author

@mumbel thanks for providing the solution !

Here for the above two binaries, I created a simple workaround script after learning some ghidra python. The script will calculate the value of gp register base on the code in entry() and apply the value to all functions.

However I think this only works in the RV64I language, since I found another RISC-V binary ( RV64GC language ) which will set the gp register in a non-entry function ( entry() will call that function though ).

I think a better way to fix this is to emulate the entry() function with EmulatorHelper ( till it jumps to main() ). Once the value of gp register is confirmed, it then can be applied to the entire binary.

@emteere emteere self-assigned this Nov 10, 2022
@emteere emteere added the Status: Triage Information is being gathered label Nov 10, 2022
@bruce30262
Copy link
Author

Not sure when the issue was fixed, but have notice that in version 10.3 the issue no longer exist. Closing issue.

@ryanmkurtz ryanmkurtz removed the Status: Triage Information is being gathered label Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@emteere emteere

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bruce30262 @ryanmkurtz @mumbel @emteere