Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Unsupported target format 'COFF64'" when using --mode raw #431

Closed
user7 opened this issue Nov 20, 2018 · 3 comments
Closed

"Unsupported target format 'COFF64'" when using --mode raw #431

user7 opened this issue Nov 20, 2018 · 3 comments
Labels
bug P-run T-format-raw

Comments

@user7
Copy link

user7 commented Nov 20, 2018

I use --mode raw to decompile x86 code. It mostly works, but if input file contains 18 leading zeroes, then it complains about file being COFF64. For example the following bash script:

offset=18
dd if=/dev/zero bs=$offset count=1 >raw.bin
printf "\x31\xc0\xc3" >>raw.bin # xor eax, eax; ret
./retdec-decompiler.py \
    --mode raw \
    --arch x86 \
    --endian little \
    --raw-section-vma 0 \
    --raw-entry-point $offset \
    raw.bin

produces an error:

##### Gathering file information...
RUN: /media/data/b/u/p/retdec/sandbox/bin/retdec-fileinfo -c /media/data/b/u/p/retdec/140/raw.bin.c.json --similarity /media/data/b/u/p/retdec/140/raw.bin --no-hashes=all --crypto /media/data/b/u/p/retdec/sandbox/bin/../share/retdec/support/generic/yara_patterns/signsrch/signsrch.yara --max-memory-half-ram
Input file               : /media/data/b/u/p/retdec/140/raw.bin
File format              : COFF
File class               : 64-bit
File type                : Relocatable file
Architecture             : Unknown machine type (0)
Overlay offset           : 0
Overlay size             : 0x15
Warning: Unknown compiler or packer.

##### Trying to unpack /media/data/b/u/p/retdec/140/raw.bin into /media/data/b/u/p/retdec/140/raw.bin-unpacked.tmp by using generic unpacker...
RUN: /media/data/b/u/p/retdec/sandbox/bin/retdec-unpacker /media/data/b/u/p/retdec/140/raw.bin -o /media/data/b/u/p/retdec/140/raw.bin-unpacked.tmp --max-memory-half-ram
##### Unpacking by using generic unpacker: nothing to do

##### Trying to unpack /media/data/b/u/p/retdec/140/raw.bin into /media/data/b/u/p/retdec/140/raw.bin-unpacked.tmp by using UPX...
RUN: upx -d /media/data/b/u/p/retdec/140/raw.bin -o /media/data/b/u/p/retdec/140/raw.bin-unpacked.tmp
upx: /media/data/b/u/p/retdec/140/raw.bin: EOFException: premature end of file
##### Unpacking by using UPX: nothing to do
Error: Unsupported target format 'COFF64'. Supported formats: ELF32, PE32, Intel HEX 32, Mach-O 32.

while if I change offset to 17 or less, then decompilation works.

I thought --mode raw is supposed to skip format guessing and unpacking. Is this right?
@mbandzi
Copy link
Contributor

mbandzi commented Nov 27, 2018

may be related to #421

@jkbenaim
Copy link

jkbenaim commented Jan 9, 2019

I ran into this bug too. My file started with a few kilobytes of padding zeroes. I was able to work around the problem by replacing the zeroes with random bytes.

PeterMatula added a commit to avast/retdec-regression-tests that referenced this issue Mar 4, 2019
@PeterMatula
bugs: add tests for avast/retdec#431
3f71a11
@PeterMatula
Copy link
Collaborator

Indeed related to #421, but it should not matter - even if COFF detection is wrong, when user specifies mode raw it should be used.

Fixed by forcing raw mode if user set it.

PeterMatula added a commit that referenced this issue Mar 4, 2019
@PeterMatula
CHANGELOG.md: add entry for #421 and #431.
cbbcb17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug P-run T-format-raw
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jkbenaim @user7 @mbandzi @PeterMatula