Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TracerMisfollowError multiple paths #4

Closed
bannsec opened this issue Aug 27, 2016 · 5 comments
Closed

TracerMisfollowError multiple paths #4

bannsec opened this issue Aug 27, 2016 · 5 comments
Labels
stale

Comments

@bannsec
Copy link
Contributor

bannsec commented Aug 27, 2016
edited
Loading

When running rex on an input that I know to cause control of eip, I receive an error about tracer misfollowing. The example binary is a recent IceCTF one (attached). The vulnerability is a use-after-free where a pointer can be overwritten to gain execution.

The command is:

crash = rex.Crash("./drumpf","1\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n4294967295\n3\n2\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n4294967295\n4\n")

drumpf.zip

EDIT: Error is "TracerMisfollowError: program did not behave correctly, expected only one path"
@zardus
Copy link
Member

zardus commented Aug 27, 2016

My guess is that this is caused by either a missing syscall or a simprocedure that's not implemented properly. One thing to try is to disable loading simprocedures, if rex doesn't already do that. With all the input preconstrained, it shouldn't cause problems with path explosions.

@Wan-YunPeng
Copy link

@Owlz The same problem happens to me , how do you solve it?

@bannsec
Copy link
Contributor Author

bannsec commented Oct 9, 2016

Not sure. Haven't been able to. For the most part when I run into this error I stop trying to use rex for that :-)

@github-actions
Copy link

This issue has been marked as stale because it has no recent activity. Please comment or add the pinned tag to prevent this issue from being closed.

@github-actions github-actions bot added the stale label May 28, 2022
@github-actions
Copy link

github-actions bot commented Jun 4, 2022

This issue has been closed due to inactivity.

@github-actions github-actions bot closed this as completed Jun 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zardus @bannsec @Wan-YunPeng