Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

null pointer dereference when remote debug #534

Closed
bb33bb opened this issue Jan 29, 2024 · 3 comments
Closed

null pointer dereference when remote debug #534

bb33bb opened this issue Jan 29, 2024 · 3 comments

Comments

@bb33bb
Copy link

bb33bb commented Jan 29, 2024

Version and Platform (required):

Bug Description:
01- arm64 mac , following command to start emulator
emulator -avd Pixel_6_Pro_API_TiramisuPrivacySandbox -no-snapshot-load -qemu -s

02 - in manjaro use binary Ninja, open the file which the emulator use, its name is kernel-ranchu~
after finish the analysis by Ninja, we go to connect the remote emulator
and will see the crash.

Thread 1 "binaryninja" received signal SIGSEGV, Segmentation fault.
0x00007fc8766fca1a in ?? ()
   from /run/media/avboy/9e4b17d7-a9ed-4cee-90f7-e8b4e511c8c1/opt/binaryninja/plugins/libdebuggerui.so

  0x7fc8766fca12                  cmp    eax, 0x1
   0x7fc8766fca15                  jne    0x7fc8766fca50
   0x7fc8766fca17                  mov    rdi, QWORD PTR [rbx]
 → 0x7fc8766fca1a                  mov    rax, QWORD PTR [rdi]
   0x7fc8766fca1d                  call   QWORD PTR [rax+0x10]
   0x7fc8766fca20                  mov    rsi, QWORD PTR [rsp+0x8]
   0x7fc8766fca25                  mov    rdi, r13
   0x7fc8766fca28                  mov    r12, rax
   0x7fc8766fca2b                  call   0x7fc876702c80


gef➤  info reg
rax            0x1                 0x1
rbx            0x56408eb64b20      0x56408eb64b20
rcx            0x5640972fa7d0      0x5640972fa7d0
rdx            0x2                 0x2
rsi            0x5640972e76d0      0x5640972e76d0
rdi            0x0                 0x0
rbp            0x56408ea818a8      0x56408ea818a8
rsp            0x7fffdae093b0      0x7fffdae093b0
r8             0x5640972e7         0x5640972e7
r9             0x7                 0x7
r10            0x5640972e76e0      0x5640972e76e0
r11            0xe085bccd3329be1b  0xe085bccd3329be1b
r12            0x564096dbb3d0      0x564096dbb3d0
r13            0x7fffdae09400      0x7fffdae09400
r14            0x7fffdae093b8      0x7fffdae093b8
r15            0x7fc888006300      0x7fc888006300
rip            0x7fc8766fca1a      0x7fc8766fca1a
eflags         0x10246             [ PF ZF IF RF ]
cs             0x33                0x33
ss             0x2b                0x2b
ds             0x0                 0x0
es             0x0                 0x0
fs             0x0                 0x0
gs             0x0                 0x0
@xusheng6 xusheng6 transferred this issue from Vector35/binaryninja-api Jan 29, 2024
@bb33bb
Copy link
Author

bb33bb commented Jan 29, 2024

这个环境稍微有点复杂,在进一步投入做之前,可以等我再复现一次

@bb33bb
Copy link
Author

bb33bb commented Jan 30, 2024

这个环境稍微有点复杂,在进一步投入做之前,可以等我再复现一次

已经复现完,并同步视频。

@xusheng6
Copy link
Member

This is fixed in dev 4.6.4812.

However, due to a recently discovered upstream bug in LLDB, the remote debugging would not work properly: #534

D0ntPanic pushed a commit that referenced this issue Feb 14, 2024
@xusheng6 @D0ntPanic
Fix crashing when doing remote debugging. Fix #534
f5849cb
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bb33bb @xusheng6