Comments (16)
I should have mentioned in my email, all the recent development was taking place on the wip/funkycat
branch. I just merged all that to master (and we'll use master going forward), so you should be able to pull and resolve the issue! You might need to blow away /tmp/archr_mounts
as well.
from archr.
Thanks! Look forward to playing more today.
from archr.
from archr.
Update: So, reinstalled angr in virtualenv in a new vm. Followed reinstall of archr with fresh pull on Ubuntu 16.04 64 vm and installing dependencies (apt-get...scrypt python-oslo-log gdb libssl-dev and pip3 docker nclib pygdbmi shellphish_qemu-0.9.10-py2.py3-none-manylinux1_x86_64.whl python-dateutil six idna==2.5)
python3 setup.py build
python3 setup.py install
Used same docker-cat image using Dockerfile...
from ubuntu:latest
entrypoint ["/bin/cat"]
and...
docker build -t docker-cat [directory to find dockerfile]
Wrote the following python file and ran...
import pygdbmi.gdbcontroller
import archr
import angr
import os
t = archr.targets.DockerImageTarget('docker-cat').build().start()
dsb = archr.arsenal.DataScoutBow(t)
apb = archr.arsenal.angrProjectBow(t, dsb)
asb = archr.arsenal.angrStateBow(t, apb)
project = apb.fire(use_sim_procedures=False)
state = asb.fire(add_options={angr.sim_options.STRICT_PAGE_ACCESS})
# for now
simgr = project.factory.simulation_manager(state)
simgr.run()
Got the resulting error...
WARNING | 2018-12-07 16:27:27,679 | archinfo.arch | Keystone is not installed! Traceback (most recent call last):
File "my_test.py", line 11, in <module> project = apb.fire(use_sim_procedures=False)
File "/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arsenal/angr_project.py", line 24, in fire _,_,_,self._mem_mapping = self.scout_bow.fire() File "/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/arsenal/datascout.py", line 79, in fire with self.target.shellcode_context(asm_code=self.sendfile_shellcode("/proc/self/cmdline") + self.exit_shellcode(), aslr=aslr, **kwargs) as p: File "/usr/lib/python3.5/contextlib.py", line 59, in __enter__ return next(self.gen)
File "/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/targets/__init__.py", line 364, in shellcode_context hooked_binary = hook_entry(original_binary, asm_code=asm_code, bin_code=bin_code)
File "/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/utils.py", line 42, in hook_entry main_bin.write(b.main_object.arch.asm(asm_code) if asm_code else bin_code)
File "/usr/local/lib/python3.5/dist-packages/archinfo/arch.py", line 401, in asm encoding, _ = ks.asm(string, addr, as_bytes) # pylint: disable=too-many-function-args
AttributeError: 'NoneType' object has no attribute 'asm'
Installed keystone and got...
Traceback (most recent call last):
File "my_archr_test.py", line 2, in <module> import archr
File "/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/__init__.py", line 1, in <module> from . import targets
File "/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/targets/__init__.py", line 388, in <module> from ..utils import hook_entry
File "/usr/local/lib/python3.5/dist-packages/archr-8.18.10.5-py3.5.egg/archr/utils.py", line 2, in <module> import cle
File "/usr/local/lib/python3.5/dist-packages/cle/__init__.py", line 16, in <module> from .loader import *
File "/usr/local/lib/python3.5/dist-packages/cle/loader.py", line 8, in <module> import archinfo
File "/usr/local/lib/python3.5/dist-packages/archinfo/__init__.py", line 12, in <module> from .arch_amd64 import ArchAMD64
File "/usr/local/lib/python3.5/dist-packages/archinfo/arch_amd64.py", line 29, in <module> class ArchAMD64(Arch):
File "/usr/local/lib/python3.5/dist-packages/archinfo/arch_amd64.py", line 128, in ArchAMD64 ks_arch = _keystone.KS_ARCH_X86
AttributeError: module 'keystone' has no attribute 'KS_ARCH_X86'
Which from your angr site means keystone should not be installed. Does it require keystone-engine?
from archr.
Yes, you want the package keystone-engine and not keystone. One is relevant to binary analysis and one is not.
from archr.
Thanks @rhelmot. Seem to be back to the original problem. After running same python as above...
docker: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /tmp/archr_mounts/.
See 'docker run --help'.
docker: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /tmp/archr_mounts/.
See 'docker run --help'.
WARNING | 2018-12-10 18:52:19,976 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2018-12-10 18:52:20,764 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2018-12-10 18:52:21,565 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
WARNING | 2018-12-10 18:52:22,357 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000.
Traceback (most recent call last):
File "my_archr_test.py", line 10, in
project = apb.fire(use_sim_procedures=False)
File "/home/archr/archr/arsenal/angr_project.py", line 30, in fire
self.project =angr.Project(the_binary, force_load_libs=the_libs, lib_opts=lib_opts, main_opts=bin_opts, **kwargs)
File "/usr/local/lib/python3.5/dist-packages/angr/project.py", line 120, in init
raise Exception("Not a valid binary file: %s" % repr(thing))
Exception: Not a valid binary file: '/tmp/archr_mounts/418e739ba36069244bdb50e74dfe8cd4facd6ef1b953f2dbe53c62ac9c5c6b9b/bin/cat'
from archr.
What's under /tmp/archr_mounts/418e739ba36069244bdb50e74dfe8cd4facd6ef1b953f2dbe53c62ac9c5c6b9b/
? Is it empty?
from archr.
docker: Error response from daemon: invalid mount config for type "bind": bind source path does not exist: /tmp/archr_mounts/.
My guess is that archr (in fact, docker) failed to mount the guest file system to the host file system. Are you running docker
as root? Or did you add your current user to the docker
group?
from archr.
Thanks @ltfish. The /tmp/archr_mount/ was non-existent. After creating, got further to the below error.
WARNING | 2018-12-11 12:52:42,631 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000. WARNING | 2018-12-11 12:52:43,472 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000. WARNING | 2018-12-11 12:52:44,273 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000. WARNING | 2018-12-11 12:52:45,118 | cle.loader | The main binary is a position-independent executable. It is being loaded with a base address of 0x400000. WARNING | 2018-12-11 12:52:47,466 | angr.sim_state | Unused keyword arguments passed to SimState: stack_end brk Traceback (most recent call last): File "my_archr_test.py", line 11, in <module> state = asb.fire(add_options={angr.sim_options.STRICT_PAGE_ACCESS}) # for now File "/home/tbfinkl/archr/archr/arsenal/angr_state.py", line 30, in fire **kwargs File "/usr/local/lib/python3.5/dist-packages/angr/factory.py", line 111, in full_init_state return self.project.simos.state_full_init(**kwargs) File "/usr/local/lib/python3.5/dist-packages/angr/simos/linux.py", line 287, in state_full_init return super(SimLinux, self).state_full_init(**kwargs) File "/usr/local/lib/python3.5/dist-packages/angr/simos/simos.py", line 188, in state_full_init return self.state_entry(**kwargs) File "/usr/local/lib/python3.5/dist-packages/angr/simos/linux.py", line 216, in state_entry table.append_env(env) File "/usr/local/lib/python3.5/dist-packages/angr/tablespecs.py", line 16, in append_env for k, v in env.items(): AttributeError: 'list' object has no attribute 'items'
from archr.
OK that's the first bug we should fix - if /tmp/archr_mount/
does not exist, we should automatically create it (from inside the docker container).
Regarding the env.items()
issue, can you please print out what that env
is? How is it possible that the env
is a list, not a dict?
from archr.
Below is env
in the docker-cat container that was created...
root@a48a498ca52b:/# env
LS_COLORS=rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=00:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.zst=01;31:*.tzst=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.wim=01;31:*.swm=01;31:*.dwm=01;31:*.esd=01;31:*.jpg=01;35:*.jpeg=01;35:*.mjpg=01;35:*.mjpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=00;36:*.au=00;36:*.flac=00;36:*.m4a=00;36:*.mid=00;36:*.midi=00;36:*.mka=00;36:*.mp3=00;36:*.mpc=00;36:*.ogg=00;36:*.ra=00;36:*.wav=00;36:*.oga=00;36:*.opus=00;36:*.spx=00;36:*.xspf=00;36:
HOSTNAME=a48a498ca52b
PWD=/
HOME=/root
TERM=xterm
SHLVL=1
LD_BIND_NOW=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env`
from archr.
from archr.
from archr.
@zardus we should merge wip/funkycat
branches to master as soon as possible...
from archr.
This issue has been marked as stale
because it has no recent activity. Please comment or add the pinned
tag to prevent this issue from being closed.
from archr.
This issue has been closed due to inactivity.
from archr.
Related Issues (20)
- archr generates files on import in its source/install directory HOT 1
- `test_analyzer_angr.test_angr_fauxware_custom_plt_hooks` is failing in CI HOT 1
- `test_analyzer_bintrace_qemu.TestAnalyzerBintraceQemu ` is failing in CI HOT 4
- flaky test_cat_stderr CI test HOT 2
- Several tests are disabled
- coredump load failed in shellphish-qemu-linux-arm with a KeyError HOT 4
- Fix Docker Target FS test HOT 2
- Fix tests in test_sync.py HOT 2
- Stop depending on /usr/bin/docker HOT 3
- Stop hard-depending on shellphish-qemu HOT 2
- Datascout bow fails to get argv when the target binary is in another directory HOT 1
- License HOT 1
- Unable to generate trace for certain CGC binaries using PoVs: BrokenPipeError HOT 5
- Temporary directories cleanup seems to not be working in some cases HOT 5
- fd leaks everywhere. what do we do... HOT 4
- QEMUTracerAnalyzer fails to set taint_fd when emulating CGC binaries HOT 2
- QEMUTracerAnalyzer crashes with BrokenPipeError before entire input can be written to stdin of CGC binary HOT 2
- MacOS Support HOT 6
- Tracing - QEMU stuck on help screen? HOT 13
- DataScoutAnalzyer: Recent Linux Kernels do not Support Sendfile from /proc/<pid> Files HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from archr.