"ql.debugger = True" in thumb mode doesn`t work #1282

squarepants0 · 2022-12-05T07:03:37Z

gcc command: arm-linux-gnueabihf-gcc-5 ./thumb.c -o thumb
Describe the bug
the process can`t stop at the _start segment when using target remote :9999 in gdb-multiarch

here is my script：

sys.path.append('/home/iot/workspace/Emulator/qiling')
import qiling
from qiling.const import QL_INTERCEPT, QL_VERBOSE
from qiling.core import Qiling
from qiling.os.const import PARAM_INT32
import struct
path = ['/home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/bin/thumb']
rootfs = '/home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux'
ql = qiling.Qiling(path, rootfs=rootfs, verbose=QL_VERBOSE.DEBUG)
ql.debugger = True
ql.run()

And here is my gdb-multiarch content:

 → 0x9009f454 <_exit+16>       cmn    r0,  #4096	; 0x1000
   0x9009f458 <_exit+20>       bhi    0x9009f474 <_exit+48>
   0x9009f45c <_exit+24>       mov    r0,  r2
   0x9009f460 <_exit+28>       mov    r7,  #1
   0x9009f464 <_exit+32>       svc    0x00000000
   0x9009f468 <_exit+36>       cmn    r0,  #4096	; 0x1000
──────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "thumb", stopped 0x9009f454 in _exit (), reason: SIGTRAP
────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x9009f454 → _exit()
[#1] 0x90030d88 → ldr r2,  [pc,  #136]	; 0x90030e18
─────────────────────────────────────────────────────────────────────────────────────
0x9009f454 in _exit () from target:/lib/tls/libc.so.6
gef➤

Expected behavior
I thought the process should waiting at _start code, but it turns out the process is about to exit

00000454 <_start>:
 454:	f04f 0b00 	mov.w	fp, #0
 458:	f04f 0e00 	mov.w	lr, #0
 45c:	bc02      	pop	{r1}
 45e:	466a      	mov	r2, sp
 460:	b404      	push	{r2}
 462:	b401      	push	{r0}
00000454 <_start>:
 454:	f04f 0b00 	mov.w	fp, #0
 458:	f04f 0e00 	mov.w	lr, #0
 45c:	bc02      	pop	{r1}
 45e:	466a      	mov	r2, sp
 460:	b404      	push	{r2}
 462:	b401      	push	{r0}

Please help me with the problem, thanks!

The text was updated successfully, but these errors were encountered:

elicn · 2022-12-05T10:22:50Z

Hi there, and welcome to Qiling.

This is indeed strange, but there is a similarity between the entry point address and the one that finally got trapped: both are on offset 0x454. The first log records should show some information about the loaded executable (e.g. entry point address, etc.). Could you please paste them here?

BTW - I am not an ARM erxpert, but it doesn't look like your code is operating at thumb mode.
You can manually specify values for thumb and endian in the Qiling constructor, if needed.

squarepants0 · 2022-12-05T11:46:41Z

@elicn Thanks for replying immediately
As far as I know the ARM mode executes 4 bytes code constantly but executes 2 or 4 bytes code in THUMB mode (maybe I got it wrong). So it should be fine.

Anyway here is execution log(default log):

$ python3 ./run.py 
[=] 	brk(inp = 0x0) = 0x56569000
[=] 	uname(buf = 0x7ff3ca88) = 0x0
[=] 	access(path = 0x47d8f64, mode = 0x0) = -0x1 (EPERM)
[=] 	mmap2(addr = 0x0, length = 0x3000, prot = 0x3, flags = 0x22, fd = 0xffffffff, pgoffset = 0x0) = 0x90000000
[=] 	access(path = 0x47d7fb8, mode = 0x4) = -0x1 (EPERM)
[=] 	open(filename = 0x47d9df0, flags = 0x80000, mode = 0x1) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[=] 	stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[=] 	open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = 0x3
[=] 	read(fd = 0x3, buf = 0x7ff3c788, length = 0x200) = 0x200
[=] 	lseek(fd = 0x3, offset = 0x12cbcc, origin = 0x0) = 0x12cbcc
[=] 	read(fd = 0x3, buf = 0x7ff3ba10, length = 0xb40) = 0xb40
[=] 	lseek(fd = 0x3, offset = 0x12bdfc, origin = 0x0) = 0x12bdfc
[=] 	read(fd = 0x3, buf = 0x7ff3b9d8, length = 0x2f) = 0x2f
[=] 	fstat64(fd = 0x3, buf_ptr = 0x7ff3c6b0) = 0x0
[=] 	mmap2(addr = 0x0, length = 0x13e540, prot = 0x5, flags = 0x802, fd = 0x3, pgoffset = 0x0) = 0x90003000
[=] 	mprotect(start = 0x9012c000, mlen = 0x10000, prot = 0x0) = 0x0
[=] 	mmap2(addr = 0x9013c000, length = 0x3000, prot = 0x3, flags = 0x812, fd = 0x3, pgoffset = 0x129) = 0x9013c000
[=] 	mmap2(addr = 0x9013f000, length = 0x2540, prot = 0x3, flags = 0x32, fd = 0xffffffff, pgoffset = 0x0) = 0x9013f000
[=] 	close(fd = 0x3) = 0x0
[=] 	set_tls(address = 0x900027b0) = ?
[=] 	mprotect(start = 0x9013c000, mlen = 0x2000, prot = 0x1) = 0x0
[=] 	mprotect(start = 0x56565000, mlen = 0x1000, prot = 0x1) = 0x0
[=] 	mprotect(start = 0x47ea000, mlen = 0x1000, prot = 0x1) = 0x0
[=] 	fstat64(fd = 0x1, buf_ptr = 0x7ff3cc70) = 0x0
[=] 	brk(inp = 0x0) = 0x56569000
[=] 	brk(inp = 0x5658a000) = 0x5658a000
This is Thumb!
[=] 	write(fd = 0x1, buf = 0x56569008, count = 0xf) = 0xf
[=] 	nanosleep(req = 0x7ff3cd28, rem = 0x7ff3cd28) = 0x0
[=] 	exit_group(code = 0x1) = ?
[=] 	gdb> listening on 127.0.0.1:9999

You can see that gdb start work in the end but my code has already done.
I try to follow in the source code and find out that the hook_address didn't work out if the target hook_address is a thumb addr(e.g. entry opint)

And here is disassem:

$ arm-linux-gnueabihf-objdump -d ./thumb    

./thumb:     file format elf32-littlearm


Disassembly of section .init:

000003ec <_init>:
 3ec:	e92d4008 	push	{r3, lr}
 3f0:	eb000029 	bl	49c <call_weak_fn>
 3f4:	e8bd8008 	pop	{r3, pc}

Disassembly of section .plt:

000003f8 <.plt>:
 3f8:	e52de004 	push	{lr}		; (str lr, [sp, #-4]!)
 3fc:	e59fe004 	ldr	lr, [pc, #4]	; 408 <.plt+0x10>
 400:	e08fe00e 	add	lr, pc, lr
 404:	e5bef008 	ldr	pc, [lr, #8]!
 408:	00010bb4 	.word	0x00010bb4

0000040c <__cxa_finalize@plt>:
 40c:	e28fc600 	add	ip, pc, #0, 12
 410:	e28cca10 	add	ip, ip, #16, 20	; 0x10000
 414:	e5bcfbb4 	ldr	pc, [ip, #2996]!	; 0xbb4

00000418 <sleep@plt>:
 418:	e28fc600 	add	ip, pc, #0, 12
 41c:	e28cca10 	add	ip, ip, #16, 20	; 0x10000
 420:	e5bcfbac 	ldr	pc, [ip, #2988]!	; 0xbac

00000424 <puts@plt>:
 424:	e28fc600 	add	ip, pc, #0, 12
 428:	e28cca10 	add	ip, ip, #16, 20	; 0x10000
 42c:	e5bcfba4 	ldr	pc, [ip, #2980]!	; 0xba4

00000430 <__libc_start_main@plt>:
 430:	e28fc600 	add	ip, pc, #0, 12
 434:	e28cca10 	add	ip, ip, #16, 20	; 0x10000
 438:	e5bcfb9c 	ldr	pc, [ip, #2972]!	; 0xb9c

0000043c <__gmon_start__@plt>:
 43c:	e28fc600 	add	ip, pc, #0, 12
 440:	e28cca10 	add	ip, ip, #16, 20	; 0x10000
 444:	e5bcfb94 	ldr	pc, [ip, #2964]!	; 0xb94

00000448 <abort@plt>:
 448:	e28fc600 	add	ip, pc, #0, 12
 44c:	e28cca10 	add	ip, ip, #16, 20	; 0x10000
 450:	e5bcfb8c 	ldr	pc, [ip, #2956]!	; 0xb8c

Disassembly of section .text:

00000454 <_start>:
 454:	f04f 0b00 	mov.w	fp, #0
 458:	f04f 0e00 	mov.w	lr, #0
 45c:	bc02      	pop	{r1}
 45e:	466a      	mov	r2, sp
 460:	b404      	push	{r2}
 462:	b401      	push	{r0}
 464:	f8df a024 	ldr.w	sl, [pc, #36]	; 48c <_start+0x38>
 468:	a308      	add	r3, pc, #32	; (adr r3, 48c <_start+0x38>)
 46a:	449a      	add	sl, r3
 46c:	f8df c020 	ldr.w	ip, [pc, #32]	; 490 <_start+0x3c>
 470:	f85a c00c 	ldr.w	ip, [sl, ip]
 474:	f84d cd04 	str.w	ip, [sp, #-4]!
 478:	4b06      	ldr	r3, [pc, #24]	; (494 <_start+0x40>)
 47a:	f85a 3003 	ldr.w	r3, [sl, r3]
 47e:	4806      	ldr	r0, [pc, #24]	; (498 <_start+0x44>)
 480:	f85a 0000 	ldr.w	r0, [sl, r0]
 484:	f7ff efd4 	blx	430 <__libc_start_main@plt>
 488:	f7ff efde 	blx	448 <abort@plt>
 48c:	00010b30 	.word	0x00010b30
 490:	00000024 	.word	0x00000024
 494:	00000034 	.word	0x00000034
 498:	00000038 	.word	0x00000038

0000049c <call_weak_fn>:
 49c:	e59f3014 	ldr	r3, [pc, #20]	; 4b8 <call_weak_fn+0x1c>
 4a0:	e59f2014 	ldr	r2, [pc, #20]	; 4bc <call_weak_fn+0x20>
 4a4:	e08f3003 	add	r3, pc, r3
 4a8:	e7932002 	ldr	r2, [r3, r2]
 4ac:	e3520000 	cmp	r2, #0
 4b0:	012fff1e 	bxeq	lr
 4b4:	eaffffe0 	b	43c <__gmon_start__@plt>
 4b8:	00010b10 	.word	0x00010b10
 4bc:	00000030 	.word	0x00000030

000004c0 <deregister_tm_clones>:
 4c0:	4b07      	ldr	r3, [pc, #28]	; (4e0 <deregister_tm_clones+0x20>)
 4c2:	4808      	ldr	r0, [pc, #32]	; (4e4 <deregister_tm_clones+0x24>)
 4c4:	447b      	add	r3, pc
 4c6:	4a08      	ldr	r2, [pc, #32]	; (4e8 <deregister_tm_clones+0x28>)
 4c8:	4478      	add	r0, pc
 4ca:	3303      	adds	r3, #3
 4cc:	1a1b      	subs	r3, r3, r0
 4ce:	447a      	add	r2, pc
 4d0:	2b06      	cmp	r3, #6
 4d2:	d903      	bls.n	4dc <deregister_tm_clones+0x1c>
 4d4:	4b05      	ldr	r3, [pc, #20]	; (4ec <deregister_tm_clones+0x2c>)
 4d6:	58d3      	ldr	r3, [r2, r3]
 4d8:	b103      	cbz	r3, 4dc <deregister_tm_clones+0x1c>
 4da:	4718      	bx	r3
 4dc:	4770      	bx	lr
 4de:	bf00      	nop
 4e0:	00010b40 	.word	0x00010b40
 4e4:	00010b3c 	.word	0x00010b3c
 4e8:	00010aea 	.word	0x00010aea
 4ec:	0000002c 	.word	0x0000002c

000004f0 <register_tm_clones>:
 4f0:	4908      	ldr	r1, [pc, #32]	; (514 <register_tm_clones+0x24>)
 4f2:	4809      	ldr	r0, [pc, #36]	; (518 <register_tm_clones+0x28>)
 4f4:	4479      	add	r1, pc
 4f6:	4b09      	ldr	r3, [pc, #36]	; (51c <register_tm_clones+0x2c>)
 4f8:	4478      	add	r0, pc
 4fa:	1a09      	subs	r1, r1, r0
 4fc:	447b      	add	r3, pc
 4fe:	1089      	asrs	r1, r1, #2
 500:	eb01 71d1 	add.w	r1, r1, r1, lsr #31
 504:	1049      	asrs	r1, r1, #1
 506:	d003      	beq.n	510 <register_tm_clones+0x20>
 508:	4a05      	ldr	r2, [pc, #20]	; (520 <register_tm_clones+0x30>)
 50a:	589b      	ldr	r3, [r3, r2]
 50c:	b103      	cbz	r3, 510 <register_tm_clones+0x20>
 50e:	4718      	bx	r3
 510:	4770      	bx	lr
 512:	bf00      	nop
 514:	00010b10 	.word	0x00010b10
 518:	00010b0c 	.word	0x00010b0c
 51c:	00010abc 	.word	0x00010abc
 520:	00000040 	.word	0x00000040

00000524 <__do_global_dtors_aux>:
 524:	b508      	push	{r3, lr}
 526:	4b0a      	ldr	r3, [pc, #40]	; (550 <__do_global_dtors_aux+0x2c>)
 528:	4a0a      	ldr	r2, [pc, #40]	; (554 <__do_global_dtors_aux+0x30>)
 52a:	447b      	add	r3, pc
 52c:	447a      	add	r2, pc
 52e:	781b      	ldrb	r3, [r3, #0]
 530:	b96b      	cbnz	r3, 54e <__do_global_dtors_aux+0x2a>
 532:	4b09      	ldr	r3, [pc, #36]	; (558 <__do_global_dtors_aux+0x34>)
 534:	58d3      	ldr	r3, [r2, r3]
 536:	b123      	cbz	r3, 542 <__do_global_dtors_aux+0x1e>
 538:	4b08      	ldr	r3, [pc, #32]	; (55c <__do_global_dtors_aux+0x38>)
 53a:	447b      	add	r3, pc
 53c:	6818      	ldr	r0, [r3, #0]
 53e:	f7ff ef66 	blx	40c <__cxa_finalize@plt>
 542:	f7ff ffbd 	bl	4c0 <deregister_tm_clones>
 546:	4b06      	ldr	r3, [pc, #24]	; (560 <__do_global_dtors_aux+0x3c>)
 548:	2201      	movs	r2, #1
 54a:	447b      	add	r3, pc
 54c:	701a      	strb	r2, [r3, #0]
 54e:	bd08      	pop	{r3, pc}
 550:	00010ada 	.word	0x00010ada
 554:	00010a8c 	.word	0x00010a8c
 558:	00000028 	.word	0x00000028
 55c:	00010ac6 	.word	0x00010ac6
 560:	00010aba 	.word	0x00010aba

00000564 <frame_dummy>:
 564:	4807      	ldr	r0, [pc, #28]	; (584 <frame_dummy+0x20>)
 566:	b508      	push	{r3, lr}
 568:	4478      	add	r0, pc
 56a:	6802      	ldr	r2, [r0, #0]
 56c:	4b06      	ldr	r3, [pc, #24]	; (588 <frame_dummy+0x24>)
 56e:	447b      	add	r3, pc
 570:	b912      	cbnz	r2, 578 <frame_dummy+0x14>
 572:	e8bd 4008 	ldmia.w	sp!, {r3, lr}
 576:	e7bb      	b.n	4f0 <register_tm_clones>
 578:	4a04      	ldr	r2, [pc, #16]	; (58c <frame_dummy+0x28>)
 57a:	589b      	ldr	r3, [r3, r2]
 57c:	2b00      	cmp	r3, #0
 57e:	d0f8      	beq.n	572 <frame_dummy+0xe>
 580:	4798      	blx	r3
 582:	e7f6      	b.n	572 <frame_dummy+0xe>
 584:	00010954 	.word	0x00010954
 588:	00010a4a 	.word	0x00010a4a
 58c:	0000003c 	.word	0x0000003c

00000590 <main>:
 590:	b580      	push	{r7, lr}
 592:	af00      	add	r7, sp, #0
 594:	4b06      	ldr	r3, [pc, #24]	; (5b0 <main+0x20>)
 596:	447b      	add	r3, pc
 598:	4618      	mov	r0, r3
 59a:	f7ff ef44 	blx	424 <puts@plt>
 59e:	2001      	movs	r0, #1
 5a0:	f7ff ef3a 	blx	418 <sleep@plt>
 5a4:	4603      	mov	r3, r0
 5a6:	2b00      	cmp	r3, #0
 5a8:	d1f4      	bne.n	594 <main+0x4>
 5aa:	2301      	movs	r3, #1
 5ac:	4618      	mov	r0, r3
 5ae:	bd80      	pop	{r7, pc}
 5b0:	0000006a 	.word	0x0000006a

000005b4 <__libc_csu_init>:
 5b4:	e92d 43f8 	stmdb	sp!, {r3, r4, r5, r6, r7, r8, r9, lr}
 5b8:	4607      	mov	r7, r0
 5ba:	4e0c      	ldr	r6, [pc, #48]	; (5ec <__libc_csu_init+0x38>)
 5bc:	4688      	mov	r8, r1
 5be:	4d0c      	ldr	r5, [pc, #48]	; (5f0 <__libc_csu_init+0x3c>)
 5c0:	4691      	mov	r9, r2
 5c2:	447e      	add	r6, pc
 5c4:	f7ff ef12 	blx	3ec <_init>
 5c8:	447d      	add	r5, pc
 5ca:	1b76      	subs	r6, r6, r5
 5cc:	10b6      	asrs	r6, r6, #2
 5ce:	d00a      	beq.n	5e6 <__libc_csu_init+0x32>
 5d0:	3d04      	subs	r5, #4
 5d2:	2400      	movs	r4, #0
 5d4:	3401      	adds	r4, #1
 5d6:	f855 3f04 	ldr.w	r3, [r5, #4]!
 5da:	464a      	mov	r2, r9
 5dc:	4641      	mov	r1, r8
 5de:	4638      	mov	r0, r7
 5e0:	4798      	blx	r3
 5e2:	42a6      	cmp	r6, r4
 5e4:	d1f6      	bne.n	5d4 <__libc_csu_init+0x20>
 5e6:	e8bd 83f8 	ldmia.w	sp!, {r3, r4, r5, r6, r7, r8, r9, pc}
 5ea:	bf00      	nop
 5ec:	000108f6 	.word	0x000108f6
 5f0:	000108ec 	.word	0x000108ec

000005f4 <__libc_csu_fini>:
 5f4:	4770      	bx	lr
 5f6:	bf00      	nop

Disassembly of section .fini:

000005f8 <_fini>:
 5f8:	e92d4008 	push	{r3, lr}
 5fc:	e8bd8008 	pop	{r3, pc}

elicn · 2022-12-05T13:17:02Z

Your log is set to default verbosity.
Could you set it to debug verbosity and copy here the first ~20 lines of the log? I want to see where Qiling thinks the entry point is.

[as for the thumb, I think that in thumb mode the addresses are always odd and not even; that is, the address LSB is set.]

squarepants0 · 2022-12-06T00:43:51Z

Sorry for waiting so long

here is debug log:

$ python3 ./run.py
[+] 	Profile: default
[+] 	Set kernel trap: memory_barrier at 0xffff0fa0
[+] 	Set kernel trap: cmpxchg at 0xffff0fc0
[+] 	Set kernel trap: get_tls at 0xffff0fe0
[+] 	Mapped 0x56555000-0x56556000
[+] 	Mapped 0x56565000-0x56567000
[+] 	mem_start : 0x56555000
[+] 	mem_end   : 0x56567000
[+] 	Interpreter path: /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/ld-linux-armhf.so.3
[+] 	Interpreter addr: 0x47ba000
[+] 	Mapped 0x47ba000-0x47db000
[+] 	Mapped 0x47ea000-0x47ec000
[+] 	mmap_address is : 0x90000000
[+] 	rel name b'__cxa_finalize'
[+] 	rel name b'_ITM_deregisterTMCloneTable'
[+] 	rel name b'__gmon_start__'
[+] 	rel name b'_Jv_RegisterClasses'
[+] 	rel name b'_ITM_registerTMCloneTable'
[+] 	rel name b'__cxa_finalize'
[+] 	rel name b'sleep'
[+] 	rel name b'puts'
[+] 	rel name b'__libc_start_main'
[+] 	rel name b'__gmon_start__'
[+] 	rel name b'abort'
[+] 	Received interrupt: 0x2
[+] 	0x047d3548: brk(inp = 0x0) = 0x56569000
[+] 	Received interrupt: 0x2
[+] 	0x047d479c: uname(buf = 0x7ff3ca88) = 0x0
[+] 	Received interrupt: 0x2
[+] 	No such file or directory: /etc/ld.so.nohwcap
[+] 	0x047d45ac: access(path = 0x47d8f64, mode = 0x0) = -0x1 (EPERM)
[+] 	Received interrupt: 0x2
[+] 	mmap2 - mapping needed for 0x90000000
[+] 	mmap2 - addr range  0x90000000 - 0x90002fff: 
[+] 	0x047d46bc: mmap2(addr = 0x0, length = 0x3000, prot = 0x3, flags = 0x22, fd = 0xffffffff, pgoffset = 0x0) = 0x90000000
[+] 	Received interrupt: 0x2
[+] 	No such file or directory: /etc/ld.so.preload
[+] 	0x047d45ac: access(path = 0x47d7fb8, mode = 0x4) = -0x1 (EPERM)
[+] 	Received interrupt: 0x2
[+] 	open(/etc/ld.so.cache, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/etc/ld.so.cache
[+] 	0x047d44ac: open(filename = 0x47d9df0, flags = 0x80000, mode = 0x1) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/i686/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/i686/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls/i686/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/i686/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/i686/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls/i686/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/i686/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/i686/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls/i686/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/i686/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/i686/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls/i686", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/tls/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/tls/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/tls", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/i686/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/i686/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/i686/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/i686/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/i686/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/i686/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/i686/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/i686/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/i686/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/i686/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/i686/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/i686", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/arm-linux-gnueabihf/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/arm-linux-gnueabihf/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/arm-linux-gnueabihf", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/i686/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/i686/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls/i686/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/i686/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/i686/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls/i686/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/i686/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/i686/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls/i686/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/i686/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/i686/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls/i686", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/tls/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/tls/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/tls", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/i686/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/i686/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/i686/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/i686/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/i686/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/i686/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/i686/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/i686/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/i686/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/i686/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/i686/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/i686", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/usr/lib/arm-linux-gnueabihf/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/usr/lib/arm-linux-gnueabihf/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/usr/lib/arm-linux-gnueabihf", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/i686/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/i686/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/tls/i686/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/i686/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/i686/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/tls/i686/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/i686/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/i686/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/tls/i686/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/i686/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/i686/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/tls/i686", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/neon/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/neon/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/tls/neon/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/neon/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/neon/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/tls/neon", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/vfp/libc.so.6, 0o0) = -2
[+] 	File not found /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/vfp/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	stat64("/lib/tls/vfp", 0x7ff3c6b0) read/write fail
[+] 	0x047d43dc: stat64(path = 0x7ff3c618, buf_ptr = 0x7ff3c6b0) = -0x2 (ENOENT)
[+] 	Received interrupt: 0x2
[+] 	open(/lib/tls/libc.so.6, 0o0) = 3
[+] 	File found: /home/iot/workspace/Emulator/qiling/examples/rootfs/arm_linux/lib/tls/libc.so.6
[+] 	0x047d44ac: open(filename = 0x7ff3c618, flags = 0x80000, mode = 0x47eb960) = 0x3
[+] 	Received interrupt: 0x2

....
....

[+] 	syscalls called
[+] 	------------------------
[+] 	ql_syscall_brk:
[+] 	  {"params": {"inp": 0}, "retval": 1448513536, "address": 75314504, "retaddr": null, "position": 0}
[+] 	  {"params": {"inp": 0}, "retval": 1448513536, "address": 2416756344, "retaddr": null, "position": 101}
[+] 	  {"params": {"inp": 1448648704}, "retval": 1448648704, "address": 2416756344, "retaddr": null, "position": 102}
[+] 	ql_syscall_uname:
[+] 	  {"params": {"buf": 2146683528}, "retval": 0, "address": 75319196, "retaddr": null, "position": 1}
[+] 	ql_syscall_access:
[+] 	  {"params": {"path": 75337572, "mode": 0}, "retval": -1, "address": 75318700, "retaddr": null, "position": 2}
[+] 	  {"params": {"path": 75333560, "mode": 4}, "retval": -1, "address": 75318700, "retaddr": null, "position": 4}
[+] 	ql_syscall_mmap2:
[+] 	  {"params": {"addr": 0, "length": 12288, "prot": 3, "flags": 34, "fd": 4294967295, "pgoffset": 0}, "retval": 2415919104, "address": 75318972, "retaddr": null, "position": 3}
[+] 	  {"params": {"addr": 0, "length": 1303872, "prot": 5, "flags": 2050, "fd": 3, "pgoffset": 0}, "retval": 2415931392, "address": 75318972, "retaddr": null, "position": 91}
[+] 	  {"params": {"addr": 2417213440, "length": 12288, "prot": 3, "flags": 2066, "fd": 3, "pgoffset": 297}, "retval": 2417213440, "address": 75318972, "retaddr": null, "position": 93}
[+] 	  {"params": {"addr": 2417225728, "length": 9536, "prot": 3, "flags": 50, "fd": 4294967295, "pgoffset": 0}, "retval": 2417225728, "address": 75318972, "retaddr": null, "position": 94}
[+] 	ql_syscall_open:
[+] 	  {"params": {"filename": 75341296, "flags": 524288, "mode": 1}, "retval": -2, "address": 75318444, "retaddr": null, "position": 5}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 6}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 8}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 10}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 12}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 14}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 16}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 18}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 20}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 22}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 24}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 26}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 28}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 30}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 32}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 34}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 36}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 38}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 40}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 42}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 44}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 46}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 48}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 50}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 52}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 54}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 56}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 58}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 60}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 62}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 64}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 66}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 68}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 70}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 72}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 74}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 76}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 78}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 80}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": -2, "address": 75318444, "retaddr": null, "position": 82}
[+] 	  {"params": {"filename": 2146682392, "flags": 524288, "mode": 75413856}, "retval": 3, "address": 75318444, "retaddr": null, "position": 84}
[+] 	ql_syscall_stat64:
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 7}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 9}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 11}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 13}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 15}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 17}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 19}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 21}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 23}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 25}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 27}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 29}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 31}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 33}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 35}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 37}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 39}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 41}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 43}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 45}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 47}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 49}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 51}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 53}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 55}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 57}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 59}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 61}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 63}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 65}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 67}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 69}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 71}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 73}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 75}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 77}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 79}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 81}
[+] 	  {"params": {"path": 2146682392, "buf_ptr": 2146682544}, "retval": -2, "address": 75318236, "retaddr": null, "position": 83}
[+] 	ql_syscall_read:
[+] 	  {"params": {"fd": 3, "buf": 2146682760, "length": 512}, "retval": 512, "address": 75318508, "retaddr": null, "position": 85}
[+] 	  {"params": {"fd": 3, "buf": 2146679312, "length": 2880}, "retval": 2880, "address": 75318508, "retaddr": null, "position": 87}
[+] 	  {"params": {"fd": 3, "buf": 2146679256, "length": 47}, "retval": 47, "address": 75318508, "retaddr": null, "position": 89}
[+] 	ql_syscall_lseek:
[+] 	  {"params": {"fd": 3, "offset": 1231820, "origin": 0}, "retval": 1231820, "address": 75318636, "retaddr": null, "position": 86}
[+] 	  {"params": {"fd": 3, "offset": 1228284, "origin": 0}, "retval": 1228284, "address": 75318636, "retaddr": null, "position": 88}
[+] 	ql_syscall_fstat64:
[+] 	  {"params": {"fd": 3, "buf_ptr": 2146682544}, "retval": 0, "address": 75318304, "retaddr": null, "position": 90}
[+] 	  {"params": {"fd": 1, "buf_ptr": 2146684016}, "retval": 0, "address": 2416719364, "retaddr": null, "position": 100}
[+] 	ql_syscall_mprotect:
[+] 	  {"params": {"start": 2417147904, "mlen": 65536, "prot": 0}, "retval": 0, "address": 75319132, "retaddr": null, "position": 92}
[+] 	  {"params": {"start": 2417213440, "mlen": 8192, "prot": 1}, "retval": 0, "address": 75319132, "retaddr": null, "position": 97}
[+] 	  {"params": {"start": 1448497152, "mlen": 4096, "prot": 1}, "retval": 0, "address": 75319132, "retaddr": null, "position": 98}
[+] 	  {"params": {"start": 75407360, "mlen": 4096, "prot": 1}, "retval": 0, "address": 75319132, "retaddr": null, "position": 99}
[+] 	ql_syscall_close:
[+] 	  {"params": {"fd": 3}, "retval": 0, "address": 75318892, "retaddr": null, "position": 95}
[+] 	ql_syscall_set_tls:
[+] 	  {"params": {"address": 2415929264}, "retval": null, "address": 75213104, "retaddr": null, "position": 96}
[+] 	ql_syscall_write:
[+] 	  {"params": {"fd": 1, "buf": 1448513544, "count": 15}, "retval": 15, "address": 2416722268, "retaddr": null, "position": 103}
[+] 	ql_syscall_nanosleep:
[+] 	  {"params": {"req": 2146684200, "rem": 2146684200}, "retval": 0, "address": 2416570380, "retaddr": null, "position": 104}
[+] 	ql_syscall_exit_group:
[+] 	  {"params": {"code": 1}, "retval": null, "address": 2416571476, "retaddr": null, "position": 105}
[+] 	
[+] 	strings ocurrences

I also attached the system call information if that could be helpful

elicn · 2022-12-06T09:26:10Z

Hmm.. it looks like I don't have all the information I need here.
Can you attach the compiled binary here? I'll try to have a look.

squarepants0 · 2022-12-06T09:59:32Z

thumb.zip

squarepants0 · 2022-12-07T06:06:13Z

I tried the gdb with patched code you submitted, it could normally stop at the _start part but I can`t step into or step over .
Here is the situation i just met:

$ gdb-multiarch ./thumb
GNU gdb (Ubuntu 8.1.1-0ubuntu1) 8.1.1
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
GEF for linux ready, type `gef' to start, `gef config' to configure
90 commands loaded and 5 functions added for GDB 8.1.1 in 0.00ms using Python engine 3.6
Reading symbols from ./thumb...(no debugging symbols found)...done.
gef➤  target remote :9999
Remote debugging using :9999
Reading /lib/tls/libc.so.6 from remote target...
warning: File transfers from remote targets can be slow. Use "set sysroot" to access files locally instead.
Reading /lib/ld-linux-armhf.so.3 from remote target...
Reading symbols from target:/lib/tls/libc.so.6...Reading /lib/tls/11755699fcc430cadc85f73d9aad326cd758a8.debug from remote target...
Reading /lib/tls/.debug/11755699fcc430cadc85f73d9aad326cd758a8.debug from remote target...
(no debugging symbols found)...done.
[*] Failed to find objfile or not a valid file format: [Errno 2] No such file or directory: 'target:/lib/tls/libc.so.6'
Reading symbols from target:/lib/ld-linux-armhf.so.3...Reading /lib/ea942b1c123793352877a2fdb1197465de7fd7.debug from remote target...
Reading /lib/.debug/ea942b1c123793352877a2fdb1197465de7fd7.debug from remote target...
(no debugging symbols found)...done.
[*] Failed to find objfile or not a valid file format: [Errno 2] No such file or directory: 'target:/lib/ld-linux-armhf.so.3'

[ Legend: Modified register | Code | Heap | Stack | String ]
────────────────────────────────────────────────────────────────────── registers ────
$r0  : 0x47cb2a4
$r1  : 0x00000000000001  →  0x00000000000001
$r2  : 0x7ff3cea4
$r3  : 0x7ff3ceac
$r4  : 0x00000000000000  →  0x00000000000000
$r5  : 0x00000000000000  →  0x00000000000000
$r6  : 0x56555455
$r7  : 0x00000000000000  →  0x00000000000000
$r8  : 0x00000000000000  →  0x00000000000000
$r9  : 0x00000000000000  →  0x00000000000000
$r10 : 0x47eb000
$r11 : 0x00000000000000  →  0x00000000000000
$r12 : 0x00000000000000  →  0x00000000000000
$sp  : 0x7ff3cea0
$lr  : 0x47ebc48
$pc  : 0x56555454
$cpsr: [negative ZERO CARRY overflow INTERRUPT FAST THUMB]
────────────────────────────────────────────────────────────────────────── stack ────
[!] Unmapped address: '0x7ff3cea0'
───────────────────────────────────────────────────────────────── code:arm:THUMB ────
   0x5655544d <abort@plt+5>    ldmia  r2!,  {r4}
   0x5655544f <abort@plt+7>    b.n    0x5655596a
   0x56555451 <abort@plt+9>    ;      <UNDEFINED> instruction: 0xfb8ce5bc
 → 0x56555455 <_start+1>       mov.w  r11,  #0
   0x56555459 <_start+5>       mov.w  lr,  #0
   0x5655545d <_start+9>       pop    {r1}
   0x5655545f <_start+11>      mov    r2,  sp
   0x56555461 <_start+13>      push   {r2}
   0x56555463 <_start+15>      push   {r0}
──────────────────────────────────────────────────────────────────────── threads ────
[#0] Id 1, Name: "thumb", stopped 0x56555454 in _start (), reason: SIGTRAP
────────────────────────────────────────────────────────────────────────── trace ────
[#0] 0x56555454 → _start()
─────────────────────────────────────────────────────────────────────────────────────
0x56555454 in _start ()
gef➤  si
[Inferior 1 (process 42000) exited with code 01]
gef➤

As you can see that the process just run till exit when I trying si in gdb

elicn · 2022-12-07T16:22:40Z

Thumb mode is a sneaky thing.. I made a few additional changes and it should work now.
Would appreciate if you could test the updated version a little bit more to see if works properly.

squarepants0 · 2022-12-08T01:43:13Z

Hi, I just tried the fix-gdb-thumb branch with the same binary and the gdb works pretty well.
Neat:)

elicn mentioned this issue Dec 6, 2022

Fix gdb attach on ARM thumb mode #1285

Merged

squarepants0 closed this as completed Dec 8, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

"ql.debugger = True" in thumb mode doesn`t work #1282

"ql.debugger = True" in thumb mode doesn`t work #1282

squarepants0 commented Dec 5, 2022

elicn commented Dec 5, 2022

squarepants0 commented Dec 5, 2022

elicn commented Dec 5, 2022

squarepants0 commented Dec 6, 2022

elicn commented Dec 6, 2022

squarepants0 commented Dec 6, 2022

squarepants0 commented Dec 7, 2022

elicn commented Dec 7, 2022

squarepants0 commented Dec 8, 2022

"ql.debugger = True" in thumb mode doesn`t work #1282

"ql.debugger = True" in thumb mode doesn`t work #1282

Comments

squarepants0 commented Dec 5, 2022

elicn commented Dec 5, 2022

squarepants0 commented Dec 5, 2022

elicn commented Dec 5, 2022

squarepants0 commented Dec 6, 2022

elicn commented Dec 6, 2022

squarepants0 commented Dec 6, 2022

squarepants0 commented Dec 7, 2022

elicn commented Dec 7, 2022

squarepants0 commented Dec 8, 2022