Skip to content
This repository has been archived by the owner on Aug 23, 2022. It is now read-only.

stderr causing problems. #33

Closed
ianamason opened this issue Mar 12, 2015 · 9 comments
Closed

stderr causing problems. #33

ianamason opened this issue Mar 12, 2015 · 9 comments

Comments

@ianamason
Copy link

We are trying to lift a simple helloworld.c example on ubuntu 14.0 i386 where we print to
stderr rather than the implicit stdout.

bitcode_from_cfg/cfg_to_bc -i version0.cfg -driver=mcsema_main,main,2,return,C -o version0.bc
Already have driver for: main
Inserted function: sub_8000000
inserting global data section named data_0x800007d
error:
Line: 90
File: /home/cib/Repositories/mcsema/mc-sema/cfgToLLVM/x86Instrs_MOV.h
Could not find external: stderr

Is there something we can do to make progress here?

We are still trying to figure out where and why our lifted bytecode is SIGSEGV-ing.
@artemdinaburg
Copy link
Contributor

Its looking for stderr as an external symbol and can't find it. Create a definitions (e.g. std_defs.txt) with:
DATA: stderr 1

Use the -func-map argument with IDA/bin_descend.

The format for data entries is:
DATA: <symbol> <size of symbol in bytes>

@ianamason
Copy link
Author

We tried both:

DATA: stderr 4

and

DATA: stderr 1

But either way we end up with:

Already have driver for: main
Inserted function: sub_8000000
inserting global data section named data_0x800007d
Adding entry point: mcsema_main
invalid linkage type for global declaration
i32* @stderr
Could not verify module!

or

Already have driver for: main
Inserted function: sub_8000000
inserting global data section named data_0x800007d
Adding entry point: mcsema_main
invalid linkage type for global declaration
i8* @stderr
Could not verify module!

@ianamason
Copy link
Author

And peeping into the bytecode reveals:

declare i32 @stderr()

which doesn't look right...

@artemdinaburg
Copy link
Contributor

Hmm yes that does look bad. I'll investigate and see why its not processing it properly.

@farlies
Copy link

farlies commented Dec 2, 2015

I tripped across the same issue with stdout, and tried DATA: with similar lack of effect. (32-bit ELF) Presumably any .dynbss refs will have this glitch. My peeping (in gdb) suggests it is just being handled as uninitialized storage. Is there a workaround?

@artemdinaburg
Copy link
Contributor

Thanks for that tip. Let me look into this and see what special about .dynbss. I'm hoping its simply a case of handling R_386_COPY relocations...

@ghost
Copy link

ghost commented Sep 26, 2016

Hello, I am also having the same issue. Did you guys figure out the solution? If so, please share it with me so that I can make some progress with my work.

Thanks

@artemdinaburg
Copy link
Contributor

I'd have to see if this is fixed in the very latest merge to master. I remember attempting to fix it, but not sure if the fix made it.

The core issue is that stderr is the first item in the start of a new section. IDA sees references to stderr as references to the .data section, and not to the external symbol named stderr. The reference does not get correctly detected during CFG recovery, and therefore is not correctly emitted in the translated binary.

@pgoodman
Copy link
Collaborator

@ianamason or @mcuramen Are you having this issue in the llvm38 branch? Make sure to read the README to see the new build and running process.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pgoodman @artemdinaburg @ianamason @farlies