googleprojectzero / tinyinst Goto Github PK
View Code? Open in Web Editor NEWA lightweight dynamic instrumentation library
License: Apache License 2.0
tinyinst's People
Contributors
Stargazers
Watchers
Forkers
lallouslab asdyxcyxc zenhumany thomasking2014 yhzx2013 crackercat devkw fengjixuchui blockspacer 0x09al tpn fcccode 5l1v3r1 linecode arryboom lalospidey longjohncoder ptyspawn b0q1 daydayup40 yangboyd 3v1lw1th1n kernullist killvxk jack51706 csky6688 ltears yuaom avniculae ufwt edgar-pek duanshuaimin explife0011 richinseattle ezhangle idkwim tathanhdinh cooolie hardtobelieve yashomer1994 asdlei99 whiteslack nicks-eip findo microsvuln geekwish clayne wtfcsl greyd0g zclfly r4b3rt y0ny0ns0n cl-g jrmadsen rmallof sekuryti hfutxqd tai-rex nathanawmk tokatoka inori retinadb delsner mcgrady1 geeksonsecurity amesianx xiaobye-ctf ark-reactor gmh5225 parikhakshat elbiazo xaviergeecedarville ink-splatters s0duku 0xhellord aahmad097 myeyes s4tellitenemy qpc-github x-tinkerer aoniam lsw29475 psyirius webstorage119 ycmint zcutlip michalbiesek exiahan d0now ruffalolavoisier 78researchlab wbaby mewbak huanglei3 dnsmaitreya mspublic build-testing k3v1n1990s ethicalsecurity-agency 0x7fancytinyinst's Issues
Improving fuzzing speed ideas
Hello @ifratric! I really enjoyed an elegant instrumentation idea behind the TinyInst.
However, I was thinking about reducing the slowdown caused by "entries" into the instrumented module and first idea that came to my mind was next.
Why not to put int3s on whole code section, instrument code as usual, and after that, put jump instead of particular int3s?
Several issues with this approach immediately arisen:
- Basicblock size could be less than 5 bytes, this is not enough to place
jmp <rel32>.
This could be tackled in several ways, which seams realistically solvable.
- Code section could have data in it, thus int3s are damaging that data. For example some switch cases causing image relative offsets in code section.
This is major problem to me and this is actually my question. Several solutions came into my mind
2.1) It could be solved by taking information about basicblocks from huge disassemblers like IDA or Ghydra (this is what Mesos does) and placing int3s only at the start of the basicblock. This solution works (at least for my tests on regular Microsoft's dlls), but requires additional dependency.
2.1) Instrument each indirect mov instruction and check if the data is taken from code section and redirect it to proper data (similarly to the indirect branches current instrumentation). This is actually slow and would be a bit complex task to implement.
Am I'm overlooking anything? Maybe there is some fast code flow analysis tactic to distinguish data from code?
Build failed with vs 2022 error MSB8066
D:\fuzzing\TinyInst>git submodule update --init --recursive
Submodule 'third_party/mbuild' (https://github.com/intelxed/mbuild) registered for path 'third_party/mbuild'
Submodule 'third_party/xed' (https://github.com/intelxed/xed) registered for path 'third_party/xed'
Cloning into 'D:/fuzzing/TinyInst/third_party/mbuild'...
Cloning into 'D:/fuzzing/TinyInst/third_party/xed'...
fatal: unable to access 'https://github.com/intelxed/xed/': OpenSSL SSL_read: Connection was reset, errno 10054
fatal: clone of 'https://github.com/intelxed/xed' into submodule path 'D:/fuzzing/TinyInst/third_party/xed' failed
Failed to clone 'third_party/xed'. Retry scheduled
Cloning into 'D:/fuzzing/TinyInst/third_party/xed'...
Submodule path 'third_party/mbuild': checked out '03ee9d52adb7f01d476ced0dba1534cfc7edff36'
Submodule path 'third_party/xed': checked out '5976632eeaaaad7890c2109d0cfaf4012eaca3b8'
Submodule path 'third_party/xed': checked out '5976632eeaaaad7890c2109d0cfaf4012eaca3b8'
D:\fuzzing\TinyInst>mkdir build
D:\fuzzing\TinyInst>cd build
D:\fuzzing\TinyInst\build>cmake -G "Visual Studio 17 2022" -A x64 ..
-- Selecting Windows SDK version 10.0.22000.0 to target Windows 10.0.19044.
-- The C compiler identification is MSVC 19.31.31104.0
-- The CXX compiler identification is MSVC 19.31.31104.0
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: D:/VS/Microsoft Visual Studio/2022/Professional/VC/Tools/MSVC/14.31.31103/bin/Hostx64/x64/cl.exe - skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: D:/VS/Microsoft Visual Studio/2022/Professional/VC/Tools/MSVC/14.31.31103/bin/Hostx64/x64/cl.exe - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Python3: C:/Lan/Python/Python310/python.exe (found version "3.10.2") found components: Interpreter
-- Selecting Windows SDK version 10.0.22000.0 to target Windows 10.0.19044.
-- Configuring done
-- Generating done
-- Build files have been written to: D:/fuzzing/TinyInst/build
D:\fuzzing\TinyInst\build>cmake --build . --config Release
用于 .NET Framework 的 Microsoft (R) 生成引擎版本 17.1.0+ae57d105c
版权所有(C) Microsoft Corporation。保留所有权利。
Checking Build System
Building Xed
[MBUILD ERROR] Did not find MSVS version!
File "D:\fuzzing\TinyInst\third_party\xed\mfile.py", line 109, in <module>
retval = work()
File "D:\fuzzing\TinyInst\third_party\xed\mfile.py", line 103, in work
retval = xed_mbuild.execute()
File "D:\fuzzing\TinyInst\third_party\xed\xed_mbuild.py", line 2804, in execute
xed_args(env) # parse command line knobs
File "D:\fuzzing\TinyInst\third_party\xed\xed_mbuild.py", line 965, in xed_args
env.parse_args(env['xed_defaults'])
File "C:\Lan\Python\Python310\lib\site-packages\mbuild\env.py", line 1082, in parse_args
self.process_user_settings()
File "C:\Lan\Python\Python310\lib\site-packages\mbuild\env.py", line 988, in process_user_settings
self.set_compiler_env()
File "C:\Lan\Python\Python310\lib\site-packages\mbuild\env.py", line 1309, in set_compiler_env
build_env.set_env_ms(self)
File "C:\Lan\Python\Python310\lib\site-packages\mbuild\build_env.py", line 417, in set_env_ms
find_ms_toolchain(env)
File "C:\Lan\Python\Python310\lib\site-packages\mbuild\build_env.py", line 255, in find_ms_toolchain
env['vc_dir'] = msvs.set_msvs_env(env)
File "C:\Lan\Python\Python310\lib\site-packages\mbuild\msvs.py", line 1417, in set_msvs_env
die("Did not find MSVS version!")
D:\VS\Microsoft Visual Studio\2022\Professional\MSBuild\Microsoft\VC\v170\Microsoft.CppCommon.targets(245,5): error MSB8066: “D:\fuzzing\TinyInst\build\CMakeFiles\d6e37e99e96048e7237ea1122
0acc1c7\xed.lib.rule;D:\fuzzing\TinyInst\build\CMakeFiles\b7a948e40366c8aff482e0195f570b40\xed.rule;D:\fuzzing\TinyInst\third_party\CMakeLists.txt”的自定义生成已退出,代码为 1。 [D:\fuzzing\TinyInst\bui
ld\third_party\xed.vcxproj]
Any example for using the library?
Hello ifratric,
Thank you very much for your sharing first.
I'm very interested in the library, any plan to share some examples for using the library?
There is a typo in the function LiteCov::OnModuleInstrumented
hello Ivan
Thank you for your great project,I found a possible b typo.
It looks like the parameter should be data->coverage_buffer_size instead of module->instrumented_code_size.
// map as readonly initially
// this causes an exception the first time coverage is written to the buffer
// this enables us to quickly determine if we had new coverage or not
data->coverage_buffer_remote =
(unsigned char *)RemoteAllocateBefore(min_address,
max_address,
**module->instrumented_code_size,<<?data->coverage_buffer_size**
READONLY);
if (!data->coverage_buffer_remote) {
FATAL("Could not allocate coverage buffer");
https://github.com/googleprojectzero/TinyInst/blob/master/litecov.cpp#L97
Coverage file generated by litecov is empty on MacOS
I was just playing with TinyInst and trying to get coverage of /usr/bin/file on my macOS Catalina (10.15.6) and noticed that the generated coverage file is empty. Its weird because when I trace with the basic blocks option enabled (-trace_basic_blocks), I do see multiple TRACE: Executing basic block messages.
$ sudo ./Release/litecov -instrument_module file -trace_module_entries -coverage_file coverage.log -- /usr/bin/file /usr/bin/lsm
Instrumented module file, code size: 106496
TRACE: Entered module file at address 0x10ab7b49c
[!] WARNING: Relative jump to a differen module in bb at 0x10ab7410c
/usr/bin/lsm: Mach-O 64-bit executable x86_64
Process finished normally
$ ls -l coverage.log
-rw-r--r-- 1 root staff 0 Sep 12 17:25 coverage.log
$ file -v
file-5.37Switching to edge coverage (-covtype edge) gets me one entry:
$ sudo ./Release/litecov -covtype edge -instrument_module file -trace_module_entries -coverage_file coverage.log -- /usr/bin/file /usr/bin/lsm
Instrumented module file, code size: 106496
TRACE: Entered module file at address 0x1070fe49c
[!] WARNING: Relative jump to a differen module in bb at 0x1070f710c
/usr/bin/lsm: Mach-O 64-bit executable x86_64
Process finished normally
Found 1 new offsets in file
$ cat coverage.log
file+0x1349c
I'm compiling with AppleClang 11.0.3.11030032
Empty coverage file in Win10 64bit 2004
While I was making some project with tinyinst, I found out that coverage.size() is 0 after calling GetCoverage.
So I tested with litecov.exe on notepad.exe and got empty result as follows.
PS C:\Users\thegr\temp\TinyInst\build\Release> .\litecov.exe -instrumentation_module notepad.exe -trace_debug_events -trace_basic_blocks -trace_module_entries -- notepad.exe
Debugger: Process created or attached
Debugger: Exception 80000003 at address 00007FF904AE06D0
Debugger: Loaded module notepad.exe at 00007FF7A84D0000
Debugger: Loaded module ntdll.dll at 00007FF904A10000
...
Debugger: Loaded module msvcp110_win.dll at 00007FF901250000
Debugger: Loaded module IMJKAPI.DLL at 00007FF8E1A20000
Debugger: Process exit
Process finished normally
I am using Windows 10 64bit, version 2004(10.0.19041). Do you have any ideas on this?
Thanks.
- BTW, I tested with both VS17 and VS19 build but none of the outputs worked. I also turned off Windows Defender real-time protection.
ARM64 Support
I wanted to try out https://github.com/googleprojectzero/Jackalope on the new M1 Mac but I while compiling I got the following error:
MBUILD ERROR] Unknown cpu arm64
File "/Users/yoav/dev/Jackalope/TinyInst/third_party/xed/mfile.py", line 109, in <module>
retval = work()
File "/Users/yoav/dev/Jackalope/TinyInst/third_party/xed/mfile.py", line 103, in work
retval = xed_mbuild.execute()
File "/Users/yoav/dev/Jackalope/TinyInst/third_party/xed/xed_mbuild.py", line 2800, in execute
env = mkenv()
File "/Users/yoav/dev/Jackalope/TinyInst/third_party/xed/xed_mbuild.py", line 579, in mkenv
env = mbuild.env_t()
File "/Users/yoav/dev/Jackalope/TinyInst/third_party/xed/../mbuild/mbuild/env.py", line 508, in __init__
self._normalize_cpu_name(x)
File "/Users/yoav/dev/Jackalope/TinyInst/third_party/xed/../mbuild/mbuild/env.py", line 1241, in _normalize_cpu_name
die("Unknown cpu " + name)
make[2]: *** [TinyInst/third_party/obj/wkit/lib/libxed.a] Error 1
make[1]: *** [TinyInst/third_party/CMakeFiles/xed.dir/all] Error 2
make: *** [all] Error 2
Is ARM64 support planned? If so I would love to assist in making it happen
How to link TinyInst with Visual Studio project?
Hello,
first of all, thank you for developing such a convenient framework.
As you noted on README.md, I'm trying to use this library on my Visual Studio project.
I added additional include path, link path, library filename on project configuration as usual and tried to build the solution. (Release, x64) However, I eventually failed all the times with the following error on both VS19 and VS17.
Severity Code Description Project File Line Suppression State
Error LNK2001 unresolved external symbol __imp_SymLoadModuleEx ttf-fuzz c:\Users\thegr\source\repos\ttf-fuzz\ttf-fuzz\tinyinst.lib(debugger.obj) 1
Error (active) E1097 unknown attribute "no_init_all" ttf-fuzz C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h 3901
Error LNK2001 unresolved external symbol __imp_SymCleanup ttf-fuzz c:\Users\thegr\source\repos\ttf-fuzz\ttf-fuzz\tinyinst.lib(debugger.obj) 1
Error LNK2001 unresolved external symbol __imp_SymInitialize ttf-fuzz c:\Users\thegr\source\repos\ttf-fuzz\ttf-fuzz\tinyinst.lib(debugger.obj) 1
... (86 same LNK2001 errors follow)
Is there a way to link the built tinyinst.lib file with existing Visual Studio C++ project?
TinyInst fails to build on macOS
I'm getting the following error
[ 12%] Building CXX object TinyInst/CMakeFiles/tinyinst.dir/macOS/debugger.cpp.o
/Users/john/research/fuzzing/Jackalope/TinyInst/macOS/debugger.cpp:82:5: error: non-void function 'FreeSharedMemory' should return a value
[-Wreturn-type]
return;
^
It seems to have been introduced at this commit 8f77afa
edit:
There's another failure after that:
[ 77%] Building CXX object CMakeFiles/fuzzerlib.dir/sampledelivery.cpp.o
/Users/john/research/fuzzing/Jackalope/sampledelivery.cpp:92:3: error: constructor 'SHMSampleDelivery' should not return a value
[-Wreturn-type]
return 0;
^ ~
Debugger::RemoteRead often crashes on macos
When I fuzz some targets on macos big sur, TinyInst often crashes in Debugger::RemoteRead. I can’t reproduce it, so I’m not sure if it’s a bug.
CRASH STACK:
0 0x00007fff204200cd _platform_memmove$VARIANT$Haswell + 77
1 0x000000010003c506 Debugger::RemoteRead(void*, void*, unsigned long) + 326
2 0x000000010003caed Debugger::GetMachHeader(void*, mach_header_64*) + 45
3 0x000000010003ee9e Debugger::GetModuleEntrypoint(void*) + 46
4 0x000000010003fac7 Debugger::OnModuleLoaded(void*, char*) + 87
5 0x00000001000121ff TinyInst::OnModuleLoaded(void*, char*) + 47
6 0x000000010003ff65 Debugger::OnDyldImageNotifier(unsigned long, unsigned long, unsigned long long*) + 821
7 0x0000000100040380 Debugger::HandleDebuggerBreakpoint() + 272
8 0x00000001000406b8 Debugger::HandleExceptionInternal(Debugger::MachException*) + 104
9 0x00000001000413c6 catch_mach_exception_raise_state_identity + 566
10 0x000000010004b4f8 _Xmach_exception_raise_state_identity + 248
11 0x000000010004b671 mach_exc_server + 241
12 0x0000000100040fc9 Debugger::DebugLoop(unsigned int) + 601
13 0x000000010004219a Debugger::Continue(unsigned int) + 90
14 0x0000000100005a60 RunTarget(int, char**, unsigned int, unsigned int) + 704
15 0x000000010000617c main + 796
16 0x00007fff203f9621 start + 1
Can't build project in Big Sur beta
It is a GRATE JOB ,very much looking forward to trying it .
when I am trying to build the project in Big Sur, it failed with log attached.
waiting for the response :)
➜ build git:(master) ✗ cmake --build . --config Release
Command line invocation:
/Applications/Xcode.app/Contents/Developer/usr/bin/xcodebuild -project litecov.xcodeproj build -target ALL_BUILD -configuration Release -hideShellScriptEnvironment
User defaults from command line:
HideShellScriptEnvironment = YES
Prepare build
note: Using legacy build system
=== BUILD AGGREGATE TARGET xed OF PROJECT litecov WITH CONFIGURATION Release ===
Check dependencies
PhaseScriptExecution CMake\ Rules /Users/test/src/TinyInst/build/third_party/litecov.build/Release/xed.build/Script-05BEADB651BC46FEB56938EF.sh
cd /Users/test/Documents/src/TinyInst
/bin/sh -c /Users/test/src/TinyInst/build/third_party/litecov.build/Release/xed.build/Script-05BEADB651BC46FEB56938EF.sh
echo "Building Xed"
Building Xed
/usr/local/Frameworks/Python.framework/Versions/3.9/bin/python3.9 /Users/test/src/TinyInst/third_party/xed/mfile.py
[PYTHON VERSION] 3.9.0
[GIT VERSION] 11.2.0-6-gafbb851
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/files-xregs.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/files-via-padlock.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/files-amd.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/amdxop/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/mpx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/cet/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/rdrand/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/glm/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/sha/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/xsaveopt/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/xsaves/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/xsavec/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/clflushopt/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/rdseed/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/fsgsbase/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/smap/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/sgx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/rdpid/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/pt/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/tremont/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/movdir/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/waitpkg/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/cldemote/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/sgx-enclv/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/avx/files.cfg
[Clearing file list for type dec-spine: [ /Users/test/src/TinyInst/third_party/xed/datafiles/xed-spine.txt ]]
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/ivbavx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/hswavx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/hswbmi/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/hsw/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/bdw/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/skl/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/skx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/pku/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/clwb/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/clx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/vnni/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/cpx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/bf16/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/knl/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/knm/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/4fmaps-512/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/4vnniw-512/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/vpopcntdq-512/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/avx512f/shared-files.cfg
[Clearing file list for type dec-spine: [ /Users/test/src/TinyInst/third_party/xed/datafiles/avx/avx-spine.txt ]]
CONSIDERING SOURCE /Users/test/src/TinyInst/third_party/xed/datafiles/knc/xed-operand-values-interface-uisa.c source 1
ADDING SOURCE /Users/test/src/TinyInst/third_party/xed/datafiles/knc/xed-operand-values-interface-uisa.c source 1
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/avx512f/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/avx512cd/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/avx512-skx/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/cnl/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/avx512ifma/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/avx512vbmi/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/icl/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/wbnoinvd/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/pconfig/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/bitalg/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/vbmi2/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/gfni-vaes-vpcl/files-sse.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/gfni-vaes-vpcl/files-avx-avx512.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/vpopcntdq-vl/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/tgl/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/vp2intersect/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/spr/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/enqcmd/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/tsx-ldtrk/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/serialize/files.cfg
[EXTF PROCESSING] /Users/test/src/TinyInst/third_party/xed/datafiles/future/files.cfg
[REUSING BUILD DEFINES HEADER FILE]
R: 0 P: 0 C: 0 E: 0 / 25 msecs
<lambda>() takes 6 positional arguments but 7 were given
make: *** [/Users/test/src/TinyInst/build/third_party/obj/wkit/lib/libxed.a] Error 1
Command /bin/sh failed with exit code 2flac binary instrumentation problem
-
description: When I use the following prompt to perform DynamoRIO instrumentation, everything works fine, but when using TinyInst as the instrumentation mode, there is a crash issue (no crash occurs when executing the seed directly). All information is listed below.
-
Env
- windows server 2019
- flac: 1.3.3
- TintInst commit: 9cdc11e
-
prompt:
litecov.exe -instrument_module flac.exe -target_module flac.exe -target_offset 0xdf70 -nargs 3 -iterations 1 -persist -loop -trace_debug_events -- flac.exe in\sample.flac --force -
output:
Debugger: Process created or attached
Debugger: Exception 80000003 at address 00007FF820BD338C
Debugger: Exception 4000001f at address 0000000076F6F886
Debugger: Loaded module flac.exe at 0000000000860000
Debugger: Loaded module ntdll.dll at 0000000076EC0000
Debugger: Loaded module KERNEL32.DLL at 0000000074FB0000
Debugger: Loaded module KERNELBASE.dll at 0000000075090000
Debugger: Loaded module ntdll.dll at 00007FF820B00000
Debugger: Loaded module wow64.dll at 00007FF81E8E0000
Debugger: Loaded module wow64win.dll at 00007FF81EA70000
Debugger: Loaded module wow64cpu.dll at 0000000076EB0000
Debugger: Process entrypoint reached
Target method reached
Instrumented module flac.exe, code size: 438272
Debugger: Loaded module msvcrt.dll at 0000000076190000
Debugger: Unloaded module from 0000000076190000
flac 1.3.3
Copyright (C) 2000-2009 Josh Coalson, 2011-2016 Xiph.Org Foundation
flac comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
welcome to redistribute it under certain conditions. Type `flac' for details.
Debugger: Exception c0000005 at address 00000000006C0518
Exception at address 00000000006C0518
Access address: 0000000000002420
Exception in instrumented module flac.exe 0000000000860000
Code before:
c7 0f 6a ff 0f fe f8 0f e2 fe
Code after:
0f 6e 0e 0f fe f9 0f 7e 3f 0f 73 f7 30 0f 73 d4
Process crashed
Debugger: Process exit
Found 4113 new offsets in flac.exe
Generate coverage of main module on MacOS attach mode
Hi ifratric,
Can Tinyinst generate coverage of main module on MacOS attach mode?
I tried sudo ./litecov -instrument_module test -coverage_file coverage.txt -pid 13845 but no coverage generated.
It seems attach mode on Mac can only instrument dylib?
Typo in TinyInst CMakeLists.txt
Cached instrumented code on TinyInst debugged target process
Hi Ivan,
I have implemented a debugger detachment routine which looks like following:
void LiteCov::PostDetach() {
CollectCoverage();
for (auto iter = instrumented_modules.begin(); iter != instrumented_modules.end(); iter++) {
ModuleInfo *cur_module = *iter;
RestoreExecutableCode(&(cur_module->executable_ranges));
cur_module->ClearInstrumentations();
//TinyInst::OnProcessExit();
}
DetachDebuggee(); // Note: Child handles will be closed here so we don't need to close them explicitly
}
The debugged process can be detached just fine and the target process runs as normal. However, one interesting behavior I noticed from the target process is that, the instrumented code will be hit and crashed immediately if i performed the same operation when the target process is being debugged, for example:
- Open notepad.exe
- Instrument the target process using litecov.exe:
litecov.exe -trace_debug_events -instrument_module notepad.exe -pid <process_id> - Observed the
instrumented_code_remotebuffer address:instrumented_code_remote: 0x00007FF639380000. Obviously, I did that by adding printf function. - Perform some deterministic operations on notepad.exe. For example, save the document.
- Detach the debugger. notepad.exe should be still up and running
- From the same notepad.exe, perform the same operation as in Step 4
- Observe the crash on notepad.exe with the following debugging info:
0:017> dps 0x00007FF639380000 l5
00007ff6`39380000 00007ff6`39390008
00007ff6`39380008 00007ff6`39390008
00007ff6`39380010 00007ff6`39390008
00007ff6`39380018 00007ff6`39390008
00007ff6`39380020 00007ff6`39390008
0:017> u 00007ff6`39390008
00007ff6`39390008 cc int 3
00007ff6`39390009 c605f0fffbff01 mov byte ptr [00007ff6`39350000],1
00007ff6`39390010 4055 push rbp
00007ff6`39390012 53 push rbx
00007ff6`39390013 56 push rsi
00007ff6`39390014 57 push rdi
00007ff6`39390015 4154 push r12
00007ff6`39390017 4155 push r13
0:017> g
(1134.1ee4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
00007ff6`393b4fdc c605b9bef9ff01 mov byte ptr [00007ff6`39350e9c],1 ds:00007ff6`39350e9c=00
0:000> u 00007ff6`393b4fdc
00007ff6`393b4fdc c605b9bef9ff01 mov byte ptr [00007ff6`39350e9c],1
00007ff6`393b4fe3 0f1f440000 nop dword ptr [rax+rax]
00007ff6`393b4fe8 85c0 test eax,eax
00007ff6`393b4fea 0f8505000000 jne 00007ff6`393b4ff5
00007ff6`393b4ff0 e9a0020000 jmp 00007ff6`393b5295
00007ff6`393b4ff5 e900000000 jmp 00007ff6`393b4ffa
00007ff6`393b4ffa c6059cbef9ff01 mov byte ptr [00007ff6`39350e9d],1
00007ff6`393b5001 837def50 cmp dword ptr [rbp-11h],50h
0:000> kb
# RetAddr : Args to Child : Call Site
00 00000000`00000000 : 000001c6`b575708c 00000000`0a840665 00007ff6`39461218 00000039`00001134 : 0x00007ff6`393b4fdc
0:000> .exr -1
ExceptionAddress: 00007ff6393b4fdc
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 0000000000000001
Parameter[1]: 00007ff639350e9c
Attempt to write to address 00007ff639350e9c
0:000> kb
# RetAddr : Args to Child : Call Site
00 00000000`00000000 : 000001c6`b575708c 00000000`0a840665 00007ff6`39461218 00000039`00001134 : 0x00007ff6`393b4fdc
Based on my observation, the instrumented code will always be triggered even if the instrumented code got released by uncommenting TinyInst::OnProcessExit(); in the LiteCov::PostDetach. I'm still trying to figure out why the instrumented code is triggered. I was hoping you could shed some light.
Thanks.
Broken Litecov offsets
Extracting coverage with -covtype edge option, breaks coverage offset output.
- Tested Environment
- Windows 10 20H2
- TinyInst commit 374af07
- Visual Studio 2019 (Community 16.8.4)
Reproduce:
git clone --recursive https://github.com/googleprojectzero/TinyInst.git
cd TinyInst
mkdir build
cd build
cmake -G"Visual Studio 16 2019" ..
cmake --build . --config Release
"Release\litecov.exe" -instrument_module notepad.exe -covtype edge -coverage_file cov.txt -- "notepad.exe"after closing notepad, cov.txt file is created.
notepad.exe+0x1300
notepad.exe+0x1440
notepad.exe+0x1460
notepad.exe+0x1480
[snip...]
notepad.exe+0x25900
notepad.exe+0x25960
notepad.exe+0x25990
notepad.exe+0x259d0
notepad.exe+0x130000001316 <----- What happened here?
notepad.exe+0x131600001321
notepad.exe+0x132100001326
notepad.exe+0x134800001372
[snip...]
notepad.exe+0x258bf000258c6
notepad.exe+0x259000002590d
notepad.exe+0x2590d00025919
notepad.exe+0x2591f00025926
notepad.exe+0x259600002597c
notepad.exe+0x25990000259a8
notepad.exe+0x259d0000259ec
[EOF]
Is this means 0x1300 to 0x1316? or broken?
testing with -covtype bb, cov.txt contents is:
notepad.exe+0x1300
notepad.exe+0x1316
notepad.exe+0x1321
notepad.exe+0x1326
[snip...]
notepad.exe+0x25990
notepad.exe+0x259a8
notepad.exe+0x259b9
notepad.exe+0x259d0
notepad.exe+0x259ec
[EOF]
Integrate stack walking on Windows
Howdy,
I managed to add stack walking for Windows using the library https://github.com/JochenKalmbach/StackWalker
Now I was thinking on doing a pull request and add that as API to TinyInst.
Something simple like a string GetCallstack() that one can call directly from the exception handler (e.g. OnCrashed()) and even combine with the translate address we discussed in #56 to have proper addresses.
Would make sense to have it upstreamed?
Linux: elf compiled with `-no-pie` target not work correctly.
test.sh
#!/bin/bash
LITECOV=$(realpath $1)
mkdir -p test
echo "- x64 PIE ----"
gcc -o test/pie.x64 test.c
$LITECOV -- test/pie.x64
echo "- x32 PIE ----"
gcc -o test/pie.x32 test.c -m32
$LITECOV -patch_return_addresses -- test/pie.x32
echo "- x64 NO PIE -"
gcc -o test/nopie.x64 test.c -no-pie
$LITECOV -- test/nopie.x64
echo "- x32 NO PIE -"
gcc -o test/nopie.x32 test.c -no-pie -m32
$LITECOV -patch_return_addresses -- test/nopie.x32test.c
#include <stdio.h>
int main(void) {
puts("Hello, World!\n");
return 0;
}test output (ubuntu 22.04, x64, commit 2c8c5ad)
$ ./test.sh ~/TinyInst/build_x64/litecov
- x64 PIE ----
Hello, World!
Process finished normally
- x32 PIE ----
Hello, World!
Process finished normally
- x64 NO PIE -
[-] PROGRAM ABORT : Error reading target memory Location : RemoteRead(), /home/lab/TinyInst/src/Linux/debugger.cpp:190
- x32 NO PIE -
[-] PROGRAM ABORT : Error reading target memory Location : RemoteRead(), /home/lab/TinyInst/src/Linux/debugger.cpp:190
backtrace (gdb)
(gdb) r -- test/nopie.x64
Starting program: /home/lab/TinyInst/build_x64/litecov -- test/nopie.x64
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7ffff7ff8640 (LWP 436706)]
[Detaching after fork from child process 436707]
Thread 1 "litecov" hit Breakpoint 1, 0x00000000004044a4 in Debugger::RemoteRead(void*, void*, unsigned long) ()
(gdb) bt
#0 0x00000000004044a4 in Debugger::RemoteRead(void*, void*, unsigned long) ()
#1 0x0000000000408f71 in Debugger::GetSegment(unsigned long, unsigned int, unsigned long*) ()
#2 0x0000000000406e1b in Debugger::SetupModules() ()
#3 0x000000000040677e in Debugger::OnEntrypoint() ()
#4 0x000000000041e134 in TinyInst::OnEntrypoint() ()
#5 0x0000000000407a8b in Debugger::HandleDebuggerBreakpoint() ()
#6 0x0000000000409dea in Debugger::HandleStopped(int) ()
#7 0x000000000040a492 in Debugger::DebugLoop(unsigned int) ()
#8 0x000000000040a696 in Debugger::Continue(unsigned int) ()
#9 0x000000000040a9cf in Debugger::Run(int, char**, unsigned int) ()
#10 0x00000000004024a3 in RunTarget(int, char**, unsigned int, unsigned int) ()
#11 0x0000000000402abf in main ()
analysis
Lines 1627 to 1640 in 9970af7
as we can see, there are no base address addition to calculate program_table.
so if pie_offset is 0,
Lines 1642 to 1646 in 9970af7
debugger tries to read invalid address.
Unexpected timeout when fuzzing
Hello!
I use jackalope to fuzz my target binary. Executing my binary on the command line alone can execute and exit normally in less than 1 second, but when using jackalope, it will timeout, even if the -t option is set to a very long time, such as 10 seconds, it will also timeout. The log is as followings, is there any ideas about what is happening? I tried to add -trace_debug_events and -trace_basic_blocks, the output shows that same basic block set is executed over and over again and seems to never stop. I suspect that the issue may lie in the instrumentation module of TinyInst.
~/workspace/apple_fuzz/webaudio_fuzz(master*) » sudo ~/softwares/Jackalope/build/Release/fuzzer -in corpus_in/test -out corpus_out/tmp -t 10000 -delivery file -instrument_module AudioToolboxCore -instrument_module AudioCodecs -stack_offset 0x1000 -covtype edge -cmp_coverage true -patch_return_addresses -trace_debug_events -- ./audio_dec @@
Fuzzer version 0.01
1 input files read
Running input sample corpus_in/test/timeout.caf
Debugger: Mach exception (5) @ address 0x119b96000
Debugger: Process created or attached
Debugger: Loaded module /usr/lib/dyld at 0x119b95000
Debugger: Loaded module audio_dec at 0x10cee8000
Debugger: Loaded module Foundation at 0x7fff2120e000
Debugger: Loaded module AudioToolbox at 0x7fff2cc31000
Debugger: Loaded module libSystem.B.dylib at 0x7fff2a5bf000
Debugger: Loaded module CoreFoundation at 0x7fff2045f000
Debugger: Loaded module libobjc.A.dylib at 0x7fff2027f000
Debugger: Loaded module CoreAutoLayout at 0x7fff2720a000
Debugger: Loaded module SystemConfiguration at 0x7fff20f22000
Debugger: Loaded module libz.1.dylib at 0x7fff2a4f7000
Debugger: Loaded module libfakelink.dylib at 0x7fff2a5c1000
Debugger: Loaded module libcompression.dylib at 0x7fff2a836000
Debugger: Loaded module CFNetwork at 0x7fff24745000
Debugger: Loaded module DiskArbitration at 0x7fff265dd000
Debugger: Loaded module libarchive.2.dylib at 0x7fff2a701000
Debugger: Loaded module libDiagnosticMessagesClient.dylib at 0x7fff264f2000
Debugger: Loaded module libicucore.A.dylib at 0x7fff225ce000
Debugger: Loaded module libxml2.2.dylib at 0x7fff27252000
Debugger: Loaded module CoreServices at 0x7fff2ff5d000
Debugger: Loaded module liblangid.dylib at 0x7fff29060000
Debugger: Loaded module IOKit at 0x7fff22b9e000
Debugger: Loaded module libCRFSuite.dylib at 0x7fff20fa0000
Debugger: Loaded module SoftLinking at 0x7fff2a5c5000
Debugger: Loaded module libc++abi.dylib at 0x7fff2039b000
Debugger: Loaded module liboah.dylib at 0x7fff2a58c000
Debugger: Loaded module libc++.1.dylib at 0x7fff20345000
Debugger: Loaded module libcache.dylib at 0x7fff2a5b9000
Debugger: Loaded module libcommonCrypto.dylib at 0x7fff2a575000
Debugger: Loaded module libcompiler_rt.dylib at 0x7fff2a59f000
Debugger: Loaded module libcopyfile.dylib at 0x7fff2a594000
Debugger: Loaded module libcorecrypto.dylib at 0x7fff2016f000
Debugger: Loaded module libdispatch.dylib at 0x7fff2023a000
Debugger: Loaded module libdyld.dylib at 0x7fff203ed000
Debugger: Loaded module libkeymgr.dylib at 0x7fff2a5b0000
Debugger: Loaded module liblaunch.dylib at 0x7fff2d9c8000
Debugger: Loaded module libmacho.dylib at 0x7fff2a553000
Debugger: Loaded module libquarantine.dylib at 0x7fff29d4b000
Debugger: Loaded module libremovefile.dylib at 0x7fff2a5ad000
Debugger: Loaded module libsystem_asl.dylib at 0x7fff24c51000
Debugger: Loaded module libsystem_blocks.dylib at 0x7fff2011f000
Debugger: Loaded module libsystem_c.dylib at 0x7fff202bc000
Debugger: Loaded module libsystem_collections.dylib at 0x7fff2a5a7000
Debugger: Loaded module libsystem_configuration.dylib at 0x7fff29051000
Debugger: Loaded module libsystem_containermanager.dylib at 0x7fff2833d000
Debugger: Loaded module libsystem_coreservices.dylib at 0x7fff2a2f6000
Debugger: Loaded module libsystem_darwin.dylib at 0x7fff2282e000
Debugger: Loaded module libsystem_dnssd.dylib at 0x7fff2a5b1000
Debugger: Loaded module libsystem_featureflags.dylib at 0x7fff202b9000
Debugger: Loaded module libsystem_info.dylib at 0x7fff20433000
Debugger: Loaded module libsystem_m.dylib at 0x7fff2a50a000
Debugger: Loaded module libsystem_malloc.dylib at 0x7fff2020d000
Debugger: Loaded module libsystem_networkextension.dylib at 0x7fff24be4000
Debugger: Loaded module libsystem_notify.dylib at 0x7fff22c4d000
Debugger: Loaded module libsystem_product_info_filter.dylib at 0x7fff2fe5f000
Debugger: Loaded module libsystem_sandbox.dylib at 0x7fff29055000
Debugger: Loaded module libsystem_secinit.dylib at 0x7fff2a5aa000
Debugger: Loaded module libsystem_kernel.dylib at 0x7fff203b1000
Debugger: Loaded module libsystem_platform.dylib at 0x7fff20429000
Debugger: Loaded module libsystem_pthread.dylib at 0x7fff203e1000
Debugger: Loaded module libsystem_symptoms.dylib at 0x7fff2632e000
Debugger: Loaded module libsystem_trace.dylib at 0x7fff20157000
Debugger: Loaded module libunwind.dylib at 0x7fff2a581000
Debugger: Loaded module libxpc.dylib at 0x7fff20121000
Debugger: Loaded module libbsm.0.dylib at 0x7fff29d72000
Debugger: Loaded module libnetwork.dylib at 0x7fff240be000
Debugger: Loaded module libpcap.A.dylib at 0x7fff2a5c6000
Debugger: Loaded module libdns_services.dylib at 0x7fff26327000
Debugger: Loaded module libcoretls_cfhelpers.dylib at 0x7fff2ac63000
Debugger: Loaded module Security at 0x7fff22276000
Debugger: Loaded module libapple_nghttp2.dylib at 0x7fff2a800000
Debugger: Loaded module libenergytrace.dylib at 0x7fff24bf3000
Debugger: Loaded module libkxld.dylib at 0x7fff2a559000
Debugger: Loaded module libsqlite3.dylib at 0x7fff25fa0000
Debugger: Loaded module libMobileGestalt.dylib at 0x7fff24bf4000
Debugger: Loaded module AppleFSCompression at 0x7fff2a2d9000
Debugger: Loaded module libcoretls.dylib at 0x7fff29d5a000
Debugger: Loaded module libpam.2.dylib at 0x7fff2a831000
Debugger: Loaded module libxar.1.dylib at 0x7fff2ad61000
Debugger: Loaded module AppleSystemInfo at 0x7fff2905c000
Debugger: Loaded module IOMobileFramebuffer at 0x7fff2999c000
Debugger: Loaded module IOSurface at 0x7fff2834e000
Debugger: Loaded module libbz2.1.0.dylib at 0x7fff2a2e9000
Debugger: Loaded module liblzma.5.dylib at 0x7fff2ac4a000
Debugger: Loaded module libiconv.2.dylib at 0x7fff2a5fe000
Debugger: Loaded module libcharset.1.dylib at 0x7fff2a552000
Debugger: Loaded module FSEvents at 0x7fff271d5000
Debugger: Loaded module CarbonCore at 0x7fff22838000
Debugger: Loaded module Metadata at 0x7fff26542000
Debugger: Loaded module OSServices at 0x7fff2a2fb000
Debugger: Loaded module SearchKit at 0x7fff2a773000
Debugger: Loaded module AE at 0x7fff262b2000
Debugger: Loaded module LaunchServices at 0x7fff208fd000
Debugger: Loaded module DictionaryServices at 0x7fff2abfa000
Debugger: Loaded module SharedFileList at 0x7fff271e2000
Debugger: Loaded module libCheckFix.dylib at 0x7fff29d4e000
Debugger: Loaded module TCC at 0x7fff24c68000
Debugger: Loaded module CoreNLP at 0x7fff29062000
Debugger: Loaded module MetadataUtilities at 0x7fff264f5000
Debugger: Loaded module libmecabra.dylib at 0x7fff20fd5000
Debugger: Loaded module MLCompute at 0x7fff2a058000
Debugger: Loaded module Accelerate at 0x7fff30119000
Debugger: Loaded module libmecab.dylib at 0x7fff29d83000
Debugger: Loaded module libgermantok.dylib at 0x7fff29dcd000
Debugger: Loaded module libThaiTokenizer.dylib at 0x7fff2a7db000
Debugger: Loaded module libChineseTokenizer.dylib at 0x7fff2ad9c000
Debugger: Loaded module MetalPerformanceShaders at 0x7fff2a82f000
Debugger: Loaded module Metal at 0x7fff2836a000
Debugger: Loaded module vImage at 0x7fff265e4000
Debugger: Loaded module vecLib at 0x7fff2ff37000
Debugger: Loaded module libvMisc.dylib at 0x7fff2ada7000
Debugger: Loaded module libvDSP.dylib at 0x7fff297b7000
Debugger: Loaded module libBLAS.dylib at 0x7fff20c08000
Debugger: Loaded module libLAPACK.dylib at 0x7fff2a85c000
Debugger: Loaded module libLinearAlgebra.dylib at 0x7fff29dd3000
Debugger: Loaded module libSparseBLAS.dylib at 0x7fff2a818000
Debugger: Loaded module libQuadrature.dylib at 0x7fff2a856000
Debugger: Loaded module libBNNS.dylib at 0x7fff2910e000
Debugger: Loaded module libSparse.dylib at 0x7fff20eb3000
Debugger: Loaded module MPSCore at 0x7fff28fea000
Debugger: Loaded module MPSImage at 0x7fff2a248000
Debugger: Loaded module MPSNeuralNetwork at 0x7fff29de9000
Debugger: Loaded module MPSMatrix at 0x7fff2a1ba000
Debugger: Loaded module MPSRayIntersector at 0x7fff2a008000
Debugger: Loaded module MPSNDArray at 0x7fff2a1f1000
Debugger: Loaded module MetalTools at 0x7fff20b33000
Debugger: Loaded module AggregateDictionary at 0x7fff2905a000
Debugger: Loaded module CoreAnalytics at 0x7fff264c2000
Debugger: Loaded module AppleSauce at 0x7fff2a7dd000
Debugger: Loaded module IOAccelerator at 0x7fff28360000
Debugger: Loaded module libCoreFSCache.dylib at 0x7fff6babc000
Debugger: Loaded module LanguageModeling at 0x7fff2156d000
Debugger: Loaded module CoreEmoji at 0x7fff2998a000
Debugger: Loaded module LinguisticData at 0x7fff29107000
Debugger: Loaded module Lexicon at 0x7fff20e65000
Debugger: Loaded module libcmph.dylib at 0x7fff2a6ef000
Debugger: Loaded module CFOpenDirectory at 0x7fff271b5000
Debugger: Loaded module OpenDirectory at 0x7fff271a5000
Debugger: Loaded module APFS at 0x7fff2ac65000
Debugger: Loaded module SecurityFoundation at 0x7fff29cb0000
Debugger: Loaded module libutil.dylib at 0x7fff2ad6f000
Debugger: Loaded module libapp_launch_measurement.dylib at 0x7fff27207000
Debugger: Loaded module CoreServicesStore at 0x7fff22b63000
Debugger: Loaded module ServiceManagement at 0x7fff29d46000
Debugger: Loaded module libxslt.1.dylib at 0x7fff2ad73000
Debugger: Loaded module BackgroundTaskManagement at 0x7fff29d3c000
Debugger: Loaded module AudioToolboxCore at 0x7fff2178d000
Debugger: Loaded module AudioSession at 0x7fff2cd66000
Debugger: Loaded module caulk at 0x7fff2848e000
Debugger: Loaded module CoreAudio at 0x7fff21be4000
Debugger: Loaded module libAudioToolboxUtility.dylib at 0x7fff2bc4c000
Debugger: Loaded module ProtocolBuffer at 0x7fff25f8a000
Debugger: Loaded module AppServerSupport at 0x7fff2b6ce000
Debugger: Loaded module perfdata at 0x7fff2d76b000
Debugger: Loaded module AssertionServices at 0x7fff29c9f000
Debugger: Loaded module SystemPolicy at 0x7fff3cc17000
Debugger: Loaded module libIOReport.dylib at 0x7fff2aefd000
Debugger: Loaded module libSMC.dylib at 0x7fff2cfa7000
Debugger: Loaded module BaseBoard at 0x7fff261e9000
Debugger: Loaded module RunningBoardServices at 0x7fff26269000
Debugger: Loaded module PersistentConnection at 0x7fff2b232000
Debugger: Loaded module CoreGraphics at 0x7fff24fe7000
Debugger: Loaded module ImageIO at 0x7fff28a31000
Debugger: Loaded module CommonUtilities at 0x7fff261d1000
Debugger: Loaded module Bom at 0x7fff2b94b000
Debugger: Loaded module SkyLight at 0x7fff24c81000
Debugger: Loaded module libFontParser.dylib at 0x7fff28596000
Debugger: Loaded module WatchdogClient at 0x7fff2bab2000
Debugger: Loaded module CoreDisplay at 0x7fff21656000
Debugger: Loaded module CoreMedia at 0x7fff284ab000
Debugger: Loaded module CoreVideo at 0x7fff27335000
Debugger: Loaded module MultitouchSupport at 0x7fff2bab6000
Debugger: Loaded module QuartzCore at 0x7fff26c4c000
Debugger: Loaded module VideoToolbox at 0x7fff2baed000
Debugger: Loaded module GPUWrangler at 0x7fff2bd24000
Debugger: Loaded module IOPresentment at 0x7fff2bd07000
Debugger: Loaded module DSExternalDisplay at 0x7fff2bd30000
Debugger: Loaded module CMCaptureCore at 0x7fff2bd90000
Debugger: Loaded module libspindump.dylib at 0x7fff2b6e8000
Debugger: Loaded module ColorSync at 0x7fff25671000
Debugger: Loaded module libate.dylib at 0x7fff2ae65000
Debugger: Loaded module libRadiance.dylib at 0x7fff2bd2c000
Debugger: Loaded module libJPEG.dylib at 0x7fff2bd36000
Debugger: Loaded module libPng.dylib at 0x7fff2bc80000
Debugger: Loaded module libTIFF.dylib at 0x7fff2bca7000
Debugger: Loaded module libGIF.dylib at 0x7fff2bd8b000
Debugger: Loaded module libJP2.dylib at 0x7fff2b9d2000
Debugger: Loaded module libexpat.1.dylib at 0x7fff2b0ee000
Debugger: Loaded module AppleJPEG at 0x7fff2b988000
Debugger: Loaded module OpenGL at 0x7fff6bac8000
Debugger: Loaded module libGLU.dylib at 0x7fff6bb18000
Debugger: Loaded module libGFXShared.dylib at 0x7fff6badb000
Debugger: Loaded module libGL.dylib at 0x7fff6bce9000
Debugger: Loaded module libGLImage.dylib at 0x7fff6bae4000
Debugger: Loaded module libCVMSPluginSupport.dylib at 0x7fff6bad8000
Debugger: Loaded module libCoreVMClient.dylib at 0x7fff6bac3000
Debugger: Loaded module CoreImage at 0x7fff28c6e000
Debugger: Loaded module CoreText at 0x7fff219fe000
Debugger: Loaded module OpenCL at 0x7fff6d133000
Debugger: Loaded module GraphVisualizer at 0x7fff2b25b000
Debugger: Loaded module FaceCore at 0x7fff2b26a000
Debugger: Loaded module OTSVG at 0x7fff2b686000
Debugger: Loaded module libFontRegistry.dylib at 0x7fff26f2a000
Debugger: Loaded module libhvf.dylib at 0x7fff2b6d5000
Debugger: Loaded module AppleVA at 0x7fff2b09a000
Debugger: Loaded module libmis.dylib at 0x7fff3d574000
Debugger: Loaded module libAudioStatistics.dylib at 0x7fff2cdcc000
Debugger: Loaded module MediaExperience at 0x7fff2b193000
Debugger: Loaded module libSessionUtility.dylib at 0x7fff2cbff000
Debugger: Loaded module libperfcheck.dylib at 0x7fff2d777000
Debugger: Loaded module AudioResourceArbitration at 0x7fff2d116000
Debugger: Loaded module CoreData at 0x7fff25b6a000
Debugger: Loaded module libSimplifiedChineseConverter.dylib at 0x7fff5cef7000
Debugger: Process entrypoint reached
Instrumented module AudioToolboxCore, code size: 2560000
Debugger: Loaded module AudioCodecs at 0x10cf0b000
Instrumented module AudioCodecs, code size: 6176768
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 1
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Total execs: 1
Unique samples: 0 (0 discarded)
Crashes: 0 (0 unique)
Hangs: 0
Offsets: 0
Execs/s: 0
Debugger: Process exit
Coverage file generated by litecov is empty on MacOS
I have read the closed issue and readme for MacOS, and I wrote a sample code for litecov in MacOS, added -target_method in my case
sudo ./litecov -coverage_file coverage.txt -target_method _main -target_module test -trace_basic_blocks -trace_module_entries -instrument_module test -- test
output
trument_module test -- test
Password:
symbol_name: __dyld_debugger_notification
symbol_name: _main
Instrumented module test, code size: 16384
TRACE: Entered module test at address 0x1029e1ee0
TRACE: Executing basic block, original at 0x1029e1ee0, instrumented at 0x102a13009
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f07, instrumented at 0x102a13042
TRACE: Executing basic block, original at 0x1029e1efd, instrumented at 0x102a13061
TRACE: Executing basic block, original at 0x1029e1f1e, instrumented at 0x102a1307d
TRACE: Executing basic block, original at 0x1029e1f28, instrumented at 0x102a13099
TRACE: Executing basic block, original at 0x1029e1f68, instrumented at 0x102a1311e
TRACE: Breakpoint
TRACE: Executing basic block, original at 0x1029e1f80, instrumented at 0x102a13143
TRACE: Executing basic block, original at 0x1029e1f70, instrumented at 0x102a13155
TRACE: Breakpoint
count > 100
TRACE: Executing basic block, original at 0x1029e1f36, instrumented at 0x102a130b9
TRACE: Executing basic block, original at 0x1029e1f49, instrumented at 0x102a130e6
TRACE: Executing basic block, original at 0x1029e1f68, instrumented at 0x102a1311e
TRACE: Breakpoint
count is 4950
TRACE: Executing basic block, original at 0x1029e1f5a, instrumented at 0x102a13109
Target function returned normally
coverage file
➜ Release git:(master) ✗ ls -lh coverage.txt
-rw-r--r-- 1 root staff 0B 11 4 10:33 coverage.txt
➜ Release git:(master) ✗ cat coverage.txt
➜ Release git:(master) ✗
source code for test
#include <stdio.h>
#include <stdlib.h>
int main()
{
int count = 0;
for (int i=0; i<100; i++)
{
count += i;
}
if (count > 100)
{
printf("count > 100\n");
}
else
{
printf("count < 100\n");
}
printf("count is %d\n", count);
return 0;
}
compile test.c
clang test.c -g -o test
How to implement a Detach method in the Debugger class?
In TinyInst project, I noticed that methods such as Run(Attach)/Continue/Kill are included. I want to know how to implement a Detach method?
Windows compilation fail
Hi there.
I'm trying to compile latest version of TinyInst on my Windows machine.
I copied the repo: git clone https://github.com/googleprojectzero/TinyInst/
Then followed the instructions to build.
When I arrived at cmake --build . --config Release
This error occurs:
Building Xed
C:\Users\source\AppData\Local\Programs\Python\Python310\python.exe: can't open file 'C:\\Users\\source\\Desktop\\TinyInst\\third_party\\xed\\mfile.py': [Errno 2] No such file or directory
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(241,5): error MSB8066: Custom build for 'C:\Users\source\Desktop\TinyInst\build\CMakeFiles\368e
811486a691b34626b61a9795550c\xed.lib.rule;C:\Users\source\Desktop\TinyInst\build\CMakeFiles\5339edab85427b2dbfc03b4d993553a8\xed.rule' exited with code 2. [C:\Users\source\Desktop\TinyInst\build\third_party\xed.
vcxproj]
I built XED manually following Windows instructions of XED but it doesn't change anything.
Any feedback appreciated :)
2ourc3
Build fails on macOS
During build on macOS cmake raises the following error:
/path/Jackalope/fuzzer.cpp:30:10: fatal error: 'mersenne.h' file not found
I changed:
to:
#include "third_party/Mersenne/mersenne.h" and now it works. :-)
Cannot build xed during build TinyInst
Hi, I'm trying to use TinyInst but I'm facing some difficulties from building the source code.
I have followed exactly what the README said like below.
**********************************************************************
** Visual Studio 2019 Developer Command Prompt v16.10.2
** Copyright (c) 2021 Microsoft Corporation
**********************************************************************
[vcvarsall.bat] Environment initialized for: 'x64'
vagrant@DESKTOP-7DO7OTF C:\>cd C:\TinyInst
vagrant@DESKTOP-7DO7OTF C:\TinyInst>mkdir build
vagrant@DESKTOP-7DO7OTF C:\TinyInst>cd build
vagrant@DESKTOP-7DO7OTF C:\TinyInst\build>cmake -G "Visual Studio 16 2019" -A x64 ..
-- Selecting Windows SDK version 10.0.19041.0 to target Windows 10.0.18363.
-- The C compiler identification is MSVC 19.29.30038.1
-- The CXX compiler identification is MSVC 19.29.30038.1
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Check for working C compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.29.30037/bin/Hostx64/x64/cl.exe
- skipped
-- Detecting C compile features
-- Detecting C compile features - done
-- Detecting CXX compiler ABI info
-- Detecting CXX compiler ABI info - done
-- Check for working CXX compiler: C:/Program Files (x86)/Microsoft Visual Studio/2019/Community/VC/Tools/MSVC/14.29.30037/bin/Hostx64/x64/cl.e
xe - skipped
-- Detecting CXX compile features
-- Detecting CXX compile features - done
-- Found Python3: C:/Windows/System32/python/tools/python.exe (found version "3.10.2") found components: Interpreter
-- Selecting Windows SDK version 10.0.19041.0 to target Windows 10.0.18363.
-- Configuring done
-- Generating done
-- Build files have been written to: C:/TinyInst/build
vagrant@DESKTOP-7DO7OTF C:\TinyInst\build>cmake --build . --config Release
Microsoft (R) Build Engine version 16.10.2+857e5a733 for .NET Framework
Copyright (C) Microsoft Corporation. All rights reserved.
Checking Build System
Building Xed
The system cannot find the path specified.
C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\MSBuild\Microsoft\VC\v160\Microsoft.CppCommon.targets(241,5): error MSB8066: Cus
tom build for 'C:\TinyInst\build\CMakeFiles\d623550a654711f162cf5eb62c1c0424\xed.lib.rule;C:\TinyInst\build\CMakeFiles\b3b27b0698457947805aaed
472b42b2c\xed.rule;C:\TinyInst\third_party\CMakeLists.txt' exited with code 3. [C:\TinyInst\build\third_party\xed.vcxproj]
As you can see from the log, It seems like the makefile is using invalid path while building xed.
FYI, CMake found a valid Python3 and the path is also valid. (as the log says)
The python package has been installed by nuget.
Any help?
Error allocating remote code buffer
Using LiteCov within another project on a 32-bit platform. RemoteAllocateNear and RemoteAllocateBefore both use uint64's, which led RemoteAllocateBefore to receive the wrong values. This function still fails to allocate (returns null) if I change these to size_t, but it seems like it may not have been tested on 32-bit?
Litecov got no coverage
Hi, whilte using litecov to get coverage info, I found it will fail for some program , below is an example out put with -trace_module_entries -trace_debug_events -trace_basic_blocks options.
litecov.exe -trace_module_entries -trace_debug_events -trace_basic_blocks -instrument_module FvRT.exe -- "C:\Program Files (x86)\FATEK\FvRT\Ver1.5\application\FvRT.exe"
Debugger: Process created or attached
Debugger: Exception 80000003 at address 00007FFF723A0770
Debugger: Unloaded module from 00000000015B0000
Debugger: Unloaded module from 0000000001D70000
Debugger: Unloaded module from 0000000001D70000
Debugger: Unloaded module from 00000000015B0000
Debugger: Exception 4000001f at address 0000000077651B72
Debugger: Loaded module FvRT.exe at 0000000000400000
Debugger: Loaded module ntdll.dll at 00000000775A0000
Debugger: Loaded module KERNEL32.DLL at 00000000766F0000
Debugger: Loaded module KERNELBASE.dll at 00000000768A0000
Debugger: Loaded module ADVAPI32.DLL at 0000000077380000
Debugger: Loaded module msvcrt.dll at 0000000075AE0000
Debugger: Loaded module sechost.dll at 0000000076670000
Debugger: Loaded module RPCRT4.dll at 0000000075940000
Debugger: Loaded module USER32.dll at 0000000075E90000
Debugger: Loaded module win32u.dll at 00000000767E0000
Debugger: Loaded module ferlib.dll at 00000000700C0000
Debugger: Loaded module GDI32.dll at 0000000076180000
Debugger: Loaded module fgud.dll at 0000000070880000
Debugger: Loaded module libcrypto-1_1.dll at 000000006FA20000
Debugger: Loaded module gdi32full.dll at 0000000075860000
Debugger: Loaded module WS2_32.dll at 0000000075BA0000
Debugger: Loaded module msvcp_win.dll at 00000000761B0000
Debugger: Loaded module libgcc_s_dw2-1.dll at 000000006E940000
Debugger: Loaded module ucrtbase.dll at 0000000077200000
Debugger: Loaded module qextserialport1.dll at 000000006CDC0000
Debugger: Loaded module mosquitto.dll at 0000000071600000
Debugger: Loaded module phonon4.dll at 00000000659C0000
Debugger: Loaded module setupapi.dll at 0000000076230000
Debugger: Loaded module QtCore4.dll at 000000006E0C0000
Debugger: Loaded module cfgmgr32.dll at 0000000077500000
Debugger: Loaded module OLE32.dll at 0000000075C10000
Debugger: Loaded module bcrypt.dll at 0000000075A00000
Debugger: Loaded module QtNetwork4.dll at 0000000065C80000
Debugger: Loaded module combase.dll at 0000000075550000
Debugger: Loaded module QtSql4.dll at 0000000061F80000
Debugger: Loaded module QtSvg4.dll at 0000000065B40000
Debugger: Loaded module SMTPEmail.dll at 0000000069980000
Debugger: Loaded module SystemLog.dll at 0000000064640000
Debugger: Loaded module fhidapi.dll at 000000006DA00000
Debugger: Loaded module MSVCR120.dll at 000000006F930000
Debugger: Loaded module SSLEAY32.dll at 0000000070D40000
Debugger: Loaded module LIBEAY32.dll at 000000006F7F0000
Debugger: Loaded module pthreadVC2.dll at 00000000715E0000
Debugger: Loaded module VCRUNTIME140.dll at 0000000070B60000
Debugger: Loaded module MSVCR100.dll at 000000006F730000
Debugger: Loaded module mingwm10.dll at 00000000015B0000
Debugger: Loaded module QtGui4.dll at 0000000001D70000
Debugger: Loaded module QtXml4.dll at 0000000002730000
Debugger: Loaded module tbaselib.dll at 00000000016D0000
Debugger: Loaded module libstdc++-6.dll at 000000006FE40000
Debugger: Loaded module libwinpthread-1.dll at 0000000064B40000
Debugger: Loaded module COMDLG32.DLL at 00000000760C0000
Debugger: Loaded module shcore.dll at 0000000075460000
Debugger: Loaded module SHLWAPI.dll at 0000000077540000
Debugger: Loaded module SHELL32.dll at 0000000076AD0000
Debugger: Loaded module COMCTL32.dll at 0000000073A50000
Debugger: Loaded module IMM32.DLL at 0000000075E10000
Debugger: Loaded module OLEAUT32.DLL at 0000000076800000
Debugger: Loaded module WINMM.DLL at 0000000074E20000
Debugger: Loaded module WINSPOOL.DRV at 00000000752B0000
Debugger: Loaded module ntdll.dll at 00007FFF722D0000
Debugger: Loaded module wow64.dll at 00007FFF71440000
Debugger: Loaded module wow64win.dll at 00007FFF71750000
Debugger: Loaded module wow64cpu.dll at 0000000077590000
Debugger: Process entrypoint reached
Instrumented module FvRT.exe, code size: 16261120
Debugger: Loaded module windows.storage.dll at 0000000074380000
Debugger: Loaded module wldp.dll at 0000000074340000
Debugger: Process exit
Process finished normally
The target FvRT.exe is a 32bit PE executable running on Windows 10 64bit (21H1).
I can not get any idea what's going wrong.
OSX issue with application calling `fork()`
Hi, I think you might need to add "applications calling fork" to the restrictions. I've found that if the applications calls fork at any point, the following gets raised:
[-] PROGRAM ABORT : Debugger object could not be found in the map, task port = (3107)
Location : catch_mach_exception_raise_state_identity(), /Users/jrmadsen/devel/c++/TinyInst/macOS/debugger.cpp:1726NOTE: line number will be slightly off since I've made some minor modifications.
Out of curiosity, any idea what would need to be done to ignore the forked task port?
Debugger::OnDyldImageNotifier signal SIGABRT on MacOS BigSur
- MacOS BigSur 11.4(Intel), SIP disabled, root
- The latest version of TinyInst
Whether I use Jackalope or call instrumentation->Run(argc, argv, 1000) by myself, the same abort signal error will be generated
...
Process 4104 stopped
* thread #2, stop reason = signal SIGABRT
frame #0: 0x00007fff2053192e libsystem_kernel.dylib`__pthread_kill + 10
libsystem_kernel.dylib`__pthread_kill:
-> 0x7fff2053192e <+10>: jae 0x7fff20531938 ; <+20>
0x7fff20531930 <+12>: mov rdi, rax
0x7fff20531933 <+15>: jmp 0x7fff2052bad9 ; cerror_nocancel
0x7fff20531938 <+20>: ret
Target 0: (fuzzer) stopped.
(lldb) bt
* thread #2, stop reason = signal SIGABRT
* frame #0: 0x00007fff2053192e libsystem_kernel.dylib`__pthread_kill + 10
frame #1: 0x00007fff205605bd libsystem_pthread.dylib`pthread_kill + 263
frame #2: 0x00007fff204b54ab libsystem_c.dylib`__abort + 139
frame #3: 0x00007fff2048f979 libsystem_c.dylib`__stack_chk_fail + 100
frame #4: 0x000000010006904e fuzzer`Debugger::OnDyldImageNotifier(unsigned long, unsigned long, unsigned long long*) + 958
At the same time, it was found that the started process produced a crash report:
...
OS Version: macOS 11.4 (20F71)
Report Version: 12
Bridge OS Version: 3.0 (14Y908)
Time Awake Since Boot: 3200 seconds
System Integrity Protection: disabled
Crashed Thread: 0
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000002, 0x0000000000000000
Exception Note: EXC_CORPSE_NOTIFY
Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [4106]
Application Specific Information:
dyld: launch, loading dependent libraries
Thread 0 Crashed:
0 dyld 0x0000000100019242 _dyld_debugger_notification + 1
1 dyld 0x00000001000183cb gdb_image_notifier(dyld_image_mode, unsigned int, dyld_image_info const*) + 203
2 dyld 0x00000001000180bf notifyGDB(dyld_image_states, unsigned int, dyld_image_info const*) + 40
3 dyld 0x000000010000af4b dyld::notifyBatchPartial(dyld_image_states, bool, char const* (*)(dyld_image_states, unsigned int, dyld_image_info const*), bool, bool) + 1493
4 dyld 0x000000010001a2b9 ImageLoader::link(ImageLoader::LinkContext const&, bool, bool, bool, ImageLoader::RPathChain const&, char const*) + 101
5 dyld 0x000000010000b513 dyld::link(ImageLoader*, bool, bool, ImageLoader::RPathChain const&, unsigned int) + 383
6 dyld 0x000000010000dc48 dyld::_main(macho_header const*, unsigned long, int, char const**, char const**, char const**, unsigned long*) + 8084
7 dyld 0x0000000100006224 dyldbootstrap::start(dyld3::MachOLoaded const*, int, char const**, dyld3::MachOLoaded const*, unsigned long*) + 450
8 dyld 0x0000000100006025 _dyld_start + 37
Thread 0 crashed with X86 Thread State (64-bit):
rax: 0x000000000000002b rbx: 0x00007ffeefbfe0b8 rcx: 0x00007fff2a6fe000 rdx: 0x00007ffeefbfd910
rdi: 0x0000000000000000 rsi: 0x000000000000002b rbp: 0x00007ffeefbfdb10 rsp: 0x00007ffeefbfd908
r8: 0x0000000000000000 r9: 0x0000000000000000 r10: 0x0000000000000000 r11: 0x0000000000000000
r12: 0x00007ffeefbfda78 r13: 0x00007ffeefbfe0d0 r14: 0x0000000000000000 r15: 0x000000000000002b
rip: 0x0000000100019242 rfl: 0x0000000000000293 cr2: 0x0000000100059905
Logical CPU: 4
Error Code: 0x00000000
Trap Number: 3
Thread 0 instruction stream:
8d 45 10 48 89 42 08 48-b8 08 00 00 00 30 00 00 .E.H.B.H.....0..
00 48 89 02 bf 02 00 00-00 4c 89 d6 e8 6d 1b 04 .H.......L...m..
00 48 8d 05 f6 ff 08 00-48 8b 00 48 3b 45 f8 75 .H......H..H;E.u
09 48 81 c4 d0 00 00 00-5d c3 e8 47 ff ff ff 55 .H......]..G...U
48 89 e5 48 8d 3d a3 87-07 00 e8 41 0f ff ff 55 H..H.=.....A...U
48 89 e5 48 8d 3d a6 87-07 00 e8 31 0f ff ff cc H..H.=.....1....
[c3]89 e5 5d c3 55 48 89-e5 48 8d 3d b5 87 07 00 ...].UH..H.=.... <==
e8 1b 0f ff ff 83 fe 08-75 01 c3 55 48 89 e5 48 ........u..UH..H
8d 3d b6 87 07 00 e8 05-0f ff ff 48 85 ff 74 2b .=.........H..t+
45 31 c0 48 39 f1 48 0f-47 ce b8 54 00 00 00 41 E1.H9.H.G..T...A
0f 46 c0 48 85 c9 74 12-55 48 89 e5 31 f6 88 14 .F.H..t.UH..1...
37 48 ff c6 48 39 f1 75-f5 5d c3 b8 16 00 00 00 7H..H9.u.]......
Thread 0 last branch register state not available.
Binary Images:
0x100000000 - 0x100001fff +test (0) <6DBAD331-A5DF-3E65-B927-A807B64BD9F3> /Users/USER/*/test
0x100005000 - 0x1000a0fff dyld (852) <1AC76561-4F9A-34B1-BA7C-4516CACEAED7> /usr/lib/dyld
0x7fff20298000 - 0x7fff20299fff libsystem_blocks.dylib (79) <48AF56A9-6E42-3A5E-A213-E6AFD8F81044> /usr/lib/system/libsystem_blocks.dylib
...
building on linux fails with "error: ‘uint64_t’ was not declared in this scope" in coverage.h
full Error:
[ 10%] Building CXX object CMakeFiles/tinyinst.dir/arch/x86/x86_litecov.cpp.o
In file included from /home/lena/GitClone/TinyInst/litecov.h:23,
from /home/lena/GitClone/TinyInst/arch/x86/x86_litecov.cpp:17:
/home/lena/GitClone/TinyInst/coverage.h:27:46: error: ‘uint64_t’ was not declared in this scope
27 | ModuleCoverage(std::string& name, std::set<uint64_t> offsets);
| ^~~~~~~~
/home/lena/GitClone/TinyInst/coverage.h:23:1: note: ‘uint64_t’ is defined in header ‘<cstdint>’; did you forget to ‘#include <cstdint>’?
22 | #include <list>
+++ |+#include <cstdint>
23 |
/home/lena/GitClone/TinyInst/coverage.h:27:54: error: template argument 1 is invalid
27 | ModuleCoverage(std::string& name, std::set<uint64_t> offsets);
| ^
/home/lena/GitClone/TinyInst/coverage.h:27:54: error: template argument 2 is invalid
/home/lena/GitClone/TinyInst/coverage.h:27:54: error: template argument 3 is invalid
/home/lena/GitClone/TinyInst/coverage.h:30:12: error: ‘uint64_t’ was not declared in this scope
30 | std::set<uint64_t> offsets;
| ^~~~~~~~
/home/lena/GitClone/TinyInst/coverage.h:30:12: note: ‘uint64_t’ is defined in header ‘<cstdint>’; did you forget to ‘#include <cstdint>’?
/home/lena/GitClone/TinyInst/coverage.h:30:20: error: template argument 1 is invalid
30 | std::set<uint64_t> offsets;
| ^
/home/lena/GitClone/TinyInst/coverage.h:30:20: error: template argument 2 is invalid
/home/lena/GitClone/TinyInst/coverage.h:30:20: error: template argument 3 is invalid
make[2]: *** [CMakeFiles/tinyinst.dir/build.make:104: CMakeFiles/tinyinst.dir/arch/x86/x86_litecov.cpp.o] Error 1
make[1]: *** [CMakeFiles/Makefile2:104: CMakeFiles/tinyinst.dir/all] Error 2
make: *** [Makefile:91: all] Error 2
Meta:
I followed https://github.com/googleprojectzero/TinyInst#building-tinyinst on an arch-y linux.
I built from 2e2d327 .
adding #include <cstdint> to coverage.h like suggested fixes this issue.
Linux: BREAKPOINT_NOTIFICATION type breakpoint add fails.
test.sh
#!/bin/bash
LITECOV=$(realpath $1)
mkdir -p test
echo "- x64 PIE ----"
gcc -o test/pie.x64 test.c
$LITECOV -- test/pie.x64
echo "- x32 PIE ----"
gcc -o test/pie.x32 test.c -m32
$LITECOV -patch_return_addresses -- test/pie.x32
echo "- x64 NO PIE -"
gcc -o test/nopie.x64 test.c -no-pie
$LITECOV -- test/nopie.x64
echo "- x32 NO PIE -"
gcc -o test/nopie.x32 test.c -no-pie -m32
$LITECOV -patch_return_addresses -- test/nopie.x32test.c
#include <stdio.h>
int main(void) {
puts("Hello, World!\n");
return 0;
}test output 1 (ubuntu 22.04, x64, commit f00b8b9)
$ ./test.sh ~/TinyInst/src.forked/build/litecov
- x64 PIE ----
[-] PROGRAM ABORT : Unexpected notifier function f3 Location : AddBreakpoint(), /home/lab/TinyInst/src.forked/Linux/debugger.cpp:393
- x32 PIE ----
[-] PROGRAM ABORT : Unexpected notifier function f3 Location : AddBreakpoint(), /home/lab/TinyInst/src.forked/Linux/debugger.cpp:393
- x64 NO PIE -
[-] PROGRAM ABORT : Unexpected notifier function f3 Location : AddBreakpoint(), /home/lab/TinyInst/src.forked/Linux/debugger.cpp:393
- x32 NO PIE -
[-] PROGRAM ABORT : Unexpected notifier function f3 Location : AddBreakpoint(), /home/lab/TinyInst/src.forked/Linux/debugger.cpp:393
backtrace (gdb)
#0 0x0000000000404cb8 in Debugger::AddBreakpoint(void*, int) ()
#1 0x000000000040d6c5 in int Debugger::GetLoadedModulesT<r_debug, link_map>(std::set<LoadedModule, std::less<LoadedModule>, std::allocator<LoadedModule> >&, bool) ()
#2 0x0000000000406b49 in Debugger::GetLoadedModules(std::set<LoadedModule, std::less<LoadedModule>, std::allocator<LoadedModule> >&, bool) ()
#3 0x0000000000406ba9 in Debugger::OnLoadedModulesChanged(bool) ()
#4 0x0000000000407302 in Debugger::SetupModules() ()
#5 0x0000000000406ae8 in Debugger::OnEntrypoint() ()
#6 0x0000000000421368 in TinyInst::OnEntrypoint() ()
#7 0x0000000000407d88 in Debugger::HandleDebuggerBreakpoint() ()
#8 0x000000000040a104 in Debugger::HandleStopped(int) ()
#9 0x000000000040aa69 in Debugger::DebugLoop(unsigned int) ()
#10 0x000000000040aca6 in Debugger::Continue(unsigned int) ()
#11 0x000000000040afdf in Debugger::Run(int, char**, unsigned int) ()
#12 0x00000000004024a3 in RunTarget(int, char**, unsigned int, unsigned int) ()
#13 0x0000000000402abf in main ()
analysis
I have no idea why this error occurs, but if build with removing follow code block works well:
Lines 384 to 395 in f00b8b9
test output 2 (after remove issued code block)
$ ./test.sh ~/TinyInst/src.forked/build/litecov
- x64 PIE ----
Hello, World!
Process finished normally
- x32 PIE ----
Hello, World!
Process finished normally
- x64 NO PIE -
Hello, World!
Process finished normally
- x32 NO PIE -
Hello, World!
Process finished normally
$ ~/TinyInst/src.forked/build/litecov -instrument_module pie.x64 -coverage_file coverage.txt -- test/pie.x64
Instrumented module pie.x64, code size: 4096
Hello, World!
Process finished normally
Found 18 new offsets in pie.x64
$ cat coverage.txt
pie.x64+1000
pie.x64+1016
pie.x64+1040
pie.x64+1050
pie.x64+1060
pie.x64+1090
pie.x64+10b8
pie.x64+10c0
pie.x64+10f8
pie.x64+1100
pie.x64+110d
pie.x64+111b
pie.x64+1127
pie.x64+112c
pie.x64+1140
pie.x64+1149
pie.x64+1160
pie.x64+1168
$ ~/TinyInst/src.forked/build/litecov -instrument_module pie.x32 -coverage_file coverage.txt -patch_return_addresses -- test/pie.x32
Instrumented module pie.x32, code size: 4096
Hello, World!
Process finished normally
Found 30 new offsets in pie.x32
$ cat coverage.txt
pie.x32+1000
pie.x32+100d
pie.x32+101f
pie.x32+1040
pie.x32+1050
pie.x32+1060
pie.x32+1070
pie.x32+1084
pie.x32+109c
pie.x32+10a0
pie.x32+10b0
pie.x32+10b5
pie.x32+10e8
pie.x32+10f0
pie.x32+10f5
pie.x32+1132
pie.x32+1140
pie.x32+114d
pie.x32+115f
pie.x32+1169
pie.x32+1177
pie.x32+117f
pie.x32+1190
pie.x32+1199
pie.x32+119d
pie.x32+11b1
pie.x32+11c7
pie.x32+11d9
pie.x32+11e0
pie.x32+11ed
Linux supporting
Are you considering supporting Linux platforms in the future?
Attach mode can't generate coverage_file on win10.
HI,
litecov.exe -instrument_module notepad.exe -coverage_file coverage.txt -- notepad.exe works fine.
but the attach mode: litecov.exe -instrument_module notepad.exe -coverage_file coverage.txt -pid 4972
shows nothing in cmd, and the saved coverage.txt is empty.
fix some typo in code
Hello, I found some typo in code and here is fix : https://github.com/googleprojectzero/TinyInst/pull/30/files
Basic block hit count
Hello,
I am trying to collect coverage for string comparison (strcmp).
I expected the basic block performing character comparison to be hit multiple times for partially matching strings.
For example, for strcmp("hello", "hell") the str_a[i] == str_b[i] comparison should happen at least four times.
But using TinyInst the resulting coverage doesn't contain any duplicate offsets for the character comparing basic block.
Is TinyInst deduplicating basic blocks which were hit multiple times?
If yes, can we make tinyinst report basic block hit count?
Thanks a lot
The stability is not high when using -loop with target_offset.
Hi,
Thank you for publishing a great project.
I am used to developing one fuzzer. However, when run fuzzer with large -iterations, the stability decreases markedly when I run with -iterations 1. It seems that the coverage changes after each iteration. Is there any way to keep the stability of the coverage when running with large -iterations?
`dyld_all_image_infos` 's size is smaller than `task_dyld_info.all_image_info_size` when using `ReadMemory`
Environment:
System: macOS Big Sur 11.2.3 (20D91)
Compiler: clang 11.0.0
Issue
In TinyInst/macOS/machtarget.cpp, In (1), there is no check to see if task_dyld_info.all_image_info_size and sizeof(dyld_all_image_infos) are equal.
On this macOS system version, task_dyld_info.all_image_info_size is 368, while sizeof(dyld_all_image_infos) is only 328. The ReadMemory function internally will cause an out-of-bounds write, leading to a stack overflow crash.
However, when I tested on macOS Monterey (12.6.8), both task_dyld_info.all_image_info_size and sizeof(dyld_all_image_infos) are 368. I don't quite understand what happened in between?
dyld_all_image_infos MachTarget::GetAllImageInfos() {
task_dyld_info_data_t task_dyld_info;
mach_msg_type_number_t count = TASK_DYLD_INFO_COUNT;
kern_return_t krt;
krt = task_info(task, TASK_DYLD_INFO, (task_info_t)&task_dyld_info, &count);
if (krt != KERN_SUCCESS) {
FATAL("Unable to retrieve task_info of target task, %d\n", krt);
}
dyld_all_image_infos all_image_infos;
ReadMemory((uint64_t)task_dyld_info.all_image_info_addr, task_dyld_info.all_image_info_size, &all_image_infos); //(1), out-of-bounds write here.
return all_image_infos;
}I tried the following fix: set the second parameter of ReadMemory to the smaller value between task_dyld_info.all_image_info_size and sizeof(dyld_all_image_infos). Then I ran litecov to collect coverage for a program, and litecov did not crash. It seems that this is a temporary solution?
dyld_all_image_infos MachTarget::GetAllImageInfos() {
task_dyld_info_data_t task_dyld_info;
mach_msg_type_number_t count = TASK_DYLD_INFO_COUNT;
kern_return_t krt;
krt = task_info(task, TASK_DYLD_INFO, (task_info_t)&task_dyld_info, &count);
if (krt != KERN_SUCCESS) {
FATAL("Unable to retrieve task_info of target task, %d\n", krt);
}
dyld_all_image_infos all_image_infos;
printf("task_dyld_info.all_image_info_size (%llu), sizeof(dyld_all_image_infos)(%lu)\n", task_dyld_info.all_image_info_size, sizeof(dyld_all_image_infos));
size_t copy_size = task_dyld_info.all_image_info_size > sizeof(dyld_all_image_infos) ? sizeof(dyld_all_image_infos) : task_dyld_info.all_image_info_size;
ReadMemory((uint64_t)task_dyld_info.all_image_info_addr, copy_size, &all_image_infos);
return all_image_infos;
}When `-callconv` equals `fastcall`, is code in `Windows/debugger.cpp` corrent?
In TinyInst/Windows/debugger.cpp, Why isn't the case of 3 parameters handled in fastcall? The third argument isn't saved.
case CALLCONV_FASTCALL:
if (num_args > 0) arguments[0] = lcContext.Rcx;
if (num_args > 1) arguments[1] = lcContext.Rdx;
if (num_args > 3) {
ReadStack((void*)(sp + child_ptr_size), arguments + 2, num_args - 2);
}
break;
Empty coverage file on 32-bit Windows
While debugging a separate issue, I discovered that the basic example you give for running litecov doesn't appear to work on a 32-bit Windows machine, compiled with Visual Studio 2017. The following produces an empty coverage file:
$ litecov.exe -instrument_module notepad.exe -coverage_file coverage.txt -- notepad.exe
I'm using the latest TinyInst code and version 11.0.1 of xed on a 32-bit Windows machine.
In trying to capture target_function coverage information from another binary (ExampleTarget.exe), I got the following output:
Debugger: Process created or attached
Debugger: Exception 80000003 at address 77BE060D
Debugger: Loaded module ExampleTarget.exe at 00A00000
Debugger: Loaded module ntdll.dll at 77B40000
Debugger: Loaded module kernel32.dll at 75DB0000
Debugger: Loaded module KERNELBASE.dll at 75A80000
Debugger: Loaded module VCRUNTIME140.dll at 68230000
Debugger: Loaded module api-ms-win-crt-runtime-l1-1-0.dll at 0F540000
Debugger: Loaded module ucrtbase.DLL at 0F210000
Debugger: Loaded module api-ms-win-core-timezone-l1-1-0.dll at 0F720000
Debugger: Loaded module api-ms-win-core-file-l2-1-0.dll at 0FDD0000
Debugger: Loaded module api-ms-win-core-localization-l1-2-0.dll at 000E0000
Debugger: Loaded module api-ms-win-core-synch-l1-2-0.dll at 72660000
Debugger: Loaded module api-ms-win-core-processthreads-l1-1-1.dll at 0F5D0000
Debugger: Loaded module api-ms-win-core-file-l1-2-0.dll at 0FF70000
Debugger: Loaded module api-ms-win-crt-heap-l1-1-0.dll at 0FB10000
Debugger: Loaded module api-ms-win-crt-string-l1-1-0.dll at 0FA50000
Debugger: Loaded module api-ms-win-crt-stdio-l1-1-0.dll at 0F870000
Debugger: Loaded module api-ms-win-crt-convert-l1-1-0.dll at 0FE70000
Debugger: Loaded module api-ms-win-crt-math-l1-1-0.dll at 5CD40000
Debugger: Loaded module api-ms-win-crt-locale-l1-1-0.dll at 5CD50000
Debugger: Loaded module ConEmuHk.dll at 7E110000
Debugger: Loaded module USER32.dll at 773F0000
Debugger: Loaded module GDI32.dll at 75E90000
Debugger: Loaded module LPK.dll at 77CB0000
Debugger: Loaded module USP10.dll at 776B0000
Debugger: Loaded module msvcrt.dll at 77600000
Debugger: Loaded module IMM32.DLL at 75C30000
Debugger: Loaded module MSCTF.dll at 763B0000
Debugger: Process entrypoint reached
Target method reached
Instrumented module ExampleTarget.exe, code size: 4096
hello from target
Debugger: Exception c0000005 at address 00000F22
Debugger: Persistence method ended
translated breakpoint: 00a01040 -> 009f8005
Target function returned normally
hello from target
hello from target
hello from target
hello from target
hello from target
Even though the target function is called repeatedly, litecov only seems to hit it once. I additionally have -trace_basic_blocks set (along with -trace_debug_events), but don't seem to see any of that output. Note in the above that I did add some output to Debugger::HandleTargetEnded to check what the breakpoint was and what it was translated to on reset.
Thanks!
Is there any dependencies on the initial content of the remote memory?
Background: I'm trying to port TinyInst to a new project that rewrite code in the target process itself as a normal process, not as a debugger, for my own usage.
And here it is. (I'll make it open source once it's done.)
Currently, I can successfully run some demos from DirectXSDK, and then I try to run some big targets.
But I found something weird. When I run the UE4 UMG UI demo within visual studio debugger, there will be an unexpected access violation writing the code segment of the target process. If I simply ignore the exception for several times, the demo can start normally. But when I run it without visual studio debugger as a normal process, it just crash.
I guess that the program runs into some uninitialized code in instrumented_code_remote and because it's initial content is all 0x00 and this will be explained as add byte ptr ds:[rax], al instructioin by the CPU, and the exception written address is exactly rax.
I try to initialize the remote memory with all 0xFB which is sti privileged instruction, and as expected the exception above becomes EXCEPTION_PRIV_INSTRUCTION and proves my guess.
Then I did the same thing to the original TinyInst right after RemoteAllocateNear in TinyInst::InstrumentModule function:
memset(module->instrumented_code_local, 0xFB, module->instrumented_code_size);
RemoteWrite(module->instrumented_code_remote, module->instrumented_code_local, module->instrumented_code_size);
And yea the demo can not run normally when I initialized the remote memory with non-zero content. Seems it runs into an infinite loop. It can run the target normally without my modification. But I think this is because TinyInst itself is a debugger and ignores some exceptions as I did with visual studio.
I think the behavior of the code should not be affected by the initial content of the memory, it should be override by the real thing latter whatsoever. And it shouldn't write the target code segment either, of course.
I'm not sure if this is an issue, can you give me some advise on how to debug this problem?
I can provide the compiled binary of the demo program if you want.
Build fails with Visual Studio 2022
Hi, thanks for your amazing project.
I am trying to build this with visual studio 2022, but I got the following errors.
Run cmake --build . --config Release
Microsoft (R) Build Engine version 17.0.0+c9eb9dd64 for .NET Framework
Copyright (C) Microsoft Corporation. All rights reserved.
Checking Build System
Building Xed
ABORT: Library build failed
[UCRT Version] 10.0.19041.0
[FOUND MS VERSION] 14
[PYTHON VERSION] 3.10.0
========
git description stdout:
fatal: No names found, cannot describe anything.
========
[GIT VERSION] 12.0.1
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/files-xregs.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/via/files-via-padlock.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/amd/files-amd.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/amd/amdxop/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/mpx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/cet/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/rdrand/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/glm/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/sha/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/xsaveopt/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/xsaves/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/xsavec/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/clflushopt/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/rdseed/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/fsgsbase/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/smap/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/sgx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/rdpid/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/pt/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/tremont/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/movdir/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/waitpkg/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/cldemote/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/sgx-enclv/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx/files.cfg
[Clearing file list for type dec-spine: [ D:/a/TinyInst/TinyInst/third_party/xed/datafiles/xed-spine.txt ]]
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/ivbavx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/hswavx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/hswbmi/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/hsw/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/bdw/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/skl/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/skx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/pku/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/clwb/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/clx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/vnni/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/cpx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx512-bf16/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/knl/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/knm/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/4fmaps-512/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/4vnniw-512/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/vpopcntdq-512/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx512f/shared-files.cfg
[Clearing file list for type dec-spine: [ D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx/avx-spine.txt ]]
CONSIDERING SOURCE D:\a\TinyInst\TinyInst\third_party\xed\datafiles\knc\xed-operand-values-interface-uisa.c source 1
ADDING SOURCE D:\a\TinyInst\TinyInst\third_party\xed\datafiles\knc\xed-operand-values-interface-uisa.c source 1
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx512f/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx512cd/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx512-skx/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/cnl/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx512ifma/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx512vbmi/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/icl/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/wbnoinvd/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/pconfig/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/bitalg/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/vbmi2/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/gfni-vaes-vpcl/files-sse.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/gfni-vaes-vpcl/files-avx-avx512.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/vpopcntdq-vl/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/tgl/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/vp2intersect/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/keylocker/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/adl/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/hreset/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/avx-vnni/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/spr/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/uintr/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/amx-spr/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/enqcmd/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/tsx-ldtrk/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/serialize/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/future/files.cfg
[EXTF PROCESSING] D:/a/TinyInst/TinyInst/third_party/xed/datafiles/tdx/files.cfg
[EMIT BUILD DEFINES HEADER FILE]
R: 1 P: 0 C: 0 E: 0 / 39 msecs [decprep]
[TOUCH] obj/dummy-prep
R: 0 P: 0 C: 1 E: 0 / 1 secs
BUILT: D:\a\TinyInst\TinyInst\build\third_party\obj\dummy-prep
R: 2 P: 0 C: 1 E: 0 / 1 secs [decgen encgen]
[WRITING] obj/ENC-OUT.txt
[WRITING] obj/ENC-ERR.txt
[ENC-GEN] Return code: 0
R: 1 P: 0 C: 2 E: 0 / 20 secs [decgen]
BUILT: D:\a\TinyInst\TinyInst\build\third_party\obj\ENCGEN-OUTPUT-FILES.txt
[WRITING] obj/DEC-OUT.txt
[WRITING] obj/DEC-ERR.txt
[DEC-GEN] Return code: 0
R: 0 P: 0 C: 3 E: 0 / 25 secs
BUILT: D:\a\TinyInst\TinyInst\build\third_party\obj\DECGEN-OUTPUT-FILES.txt
R: 4 P: 109 C: 0 E: 0 / 14 msecs
[MBUILD WARNING] Command execution failed. Waiting for remaining jobs and exiting.
R: 3 P: 109 C: 1 E: 1 / 37 msecs
[COMMAND ] "C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/bin/amd64/cl.exe" -ID:/a/TinyInst/TinyInst/third_party/xed/include/private -ID:/a/TinyInst/TinyInst/third_party/xed/include/public/xed -ID:/a/TinyInst/TinyInst/third_party/xed/include/public -Iobj -Iobj/include-private /nologo /MT /favor:EM64T /W4 /WX /wd4091 /wd4127 /wd4505 /wd4702 /wd4244 /wd4292 /DXED_GIT_VERSION="12.0.1" /DXED_AMD_ENABLED /DXED_VIA_ENABLED /DXED_AVX /DXED_SUPPORTS_AVX512 /DXED_MPX /DXED_CET /DXED_SUPPORTS_SHA /DXED_SUPPORTS_WBNOINVD /DXED_DECODER /DXED_ENCODER /DXED_SUPPORTS_LZCNT_TZCNT /DXED_BUILD /c /Foobj/xed-reg-enum.obj D:/a/TinyInst/TinyInst/build/third_party/obj/xed-reg-enum.c
[EXIT_STATUS ] 399
[STDERR]
COMMAND ENCOUNTERD AN EXCEPTION
Traceback (most recent call last):
File "D:\a/TinyInst/TinyInst/third_party/xed\..\mbuild\mbuild\util.py", line 1043, in run
self.sub = subprocess.Popen(cmd_args,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 966, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 1435, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] The system cannot find the file specified
[MBUILD WARNING] Command execution failed. Waiting for remaining jobs and exiting.
R: 2 P: 109 C: 2 E: 2 / 38 msecs
[COMMAND ] "C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/bin/amd64/cl.exe" -ID:/a/TinyInst/TinyInst/third_party/xed/include/private -ID:/a/TinyInst/TinyInst/third_party/xed/include/public/xed -ID:/a/TinyInst/TinyInst/third_party/xed/include/public -Iobj -Iobj/include-private /nologo /MT /favor:EM64T /W4 /WX /wd4091 /wd4127 /wd4505 /wd4702 /wd4244 /wd4292 /DXED_GIT_VERSION="12.0.1" /DXED_AMD_ENABLED /DXED_VIA_ENABLED /DXED_AVX /DXED_SUPPORTS_AVX512 /DXED_MPX /DXED_CET /DXED_SUPPORTS_SHA /DXED_SUPPORTS_WBNOINVD /DXED_DECODER /DXED_ENCODER /DXED_SUPPORTS_LZCNT_TZCNT /DXED_BUILD /c /Foobj/xed-address-width-enum.obj D:/a/TinyInst/TinyInst/build/third_party/obj/xed-address-width-enum.c
[EXIT_STATUS ] 399
[STDERR]
COMMAND ENCOUNTERD AN EXCEPTION
Traceback (most recent call last):
File "D:\a/TinyInst/TinyInst/third_party/xed\..\mbuild\mbuild\util.py", line 1043, in run
self.sub = subprocess.Popen(cmd_args,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 966, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 1435, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] The system cannot find the file specified
[MBUILD WARNING] Command execution failed. Waiting for remaining jobs and exiting.
R: 1 P: 109 C: 3 E: 3 / 38 msecs
[COMMAND ] "C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/bin/amd64/cl.exe" -ID:/a/TinyInst/TinyInst/third_party/xed/include/private -ID:/a/TinyInst/TinyInst/third_party/xed/include/public/xed -ID:/a/TinyInst/TinyInst/third_party/xed/include/public -Iobj -Iobj/include-private /nologo /MT /favor:EM64T /W4 /WX /wd4091 /wd4127 /wd4505 /wd4702 /wd4244 /wd4292 /DXED_GIT_VERSION="12.0.1" /DXED_AMD_ENABLED /DXED_VIA_ENABLED /DXED_AVX /DXED_SUPPORTS_AVX512 /DXED_MPX /DXED_CET /DXED_SUPPORTS_SHA /DXED_SUPPORTS_WBNOINVD /DXED_DECODER /DXED_ENCODER /DXED_SUPPORTS_LZCNT_TZCNT /DXED_BUILD /c /Foobj/xed-attribute-enum.obj D:/a/TinyInst/TinyInst/build/third_party/obj/xed-attribute-enum.c
[EXIT_STATUS ] 399
[STDERR]
COMMAND ENCOUNTERD AN EXCEPTION
Traceback (most recent call last):
File "D:\a/TinyInst/TinyInst/third_party/xed\..\mbuild\mbuild\util.py", line 1043, in run
self.sub = subprocess.Popen(cmd_args,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 966, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 1435, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] The system cannot find the file specified
[MBUILD WARNING] Command execution failed. Waiting for remaining jobs and exiting.
R: 0 P: 109 C: 4 E: 4 / 38 msecs
[COMMAND ] "C:/Program Files (x86)/Microsoft Visual Studio 14.0/VC/bin/amd64/cl.exe" -ID:/a/TinyInst/TinyInst/third_party/xed/include/private -ID:/a/TinyInst/TinyInst/third_party/xed/include/public/xed -ID:/a/TinyInst/TinyInst/third_party/xed/include/public -Iobj -Iobj/include-private /nologo /MT /favor:EM64T /W4 /WX /wd4091 /wd4127 /wd4505 /wd4702 /wd4244 /wd4292 /DXED_GIT_VERSION="12.0.1" /DXED_AMD_ENABLED /DXED_VIA_ENABLED /DXED_AVX /DXED_SUPPORTS_AVX512 /DXED_MPX /DXED_CET /DXED_SUPPORTS_SHA /DXED_SUPPORTS_WBNOINVD /DXED_DECODER /DXED_ENCODER /DXED_SUPPORTS_LZCNT_TZCNT /DXED_BUILD /c /Foobj/xed-operand-ctype-enum.obj D:/a/TinyInst/TinyInst/build/third_party/obj/xed-operand-ctype-enum.c
[EXIT_STATUS ] 399
[STDERR]
COMMAND ENCOUNTERD AN EXCEPTION
Traceback (most recent call last):
File "D:\a/TinyInst/TinyInst/third_party/xed\..\mbuild\mbuild\util.py", line 1043, in run
self.sub = subprocess.Popen(cmd_args,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 966, in __init__
self._execute_child(args, executable, preexec_fn, close_fds,
File "C:\hostedtoolcache\windows\Python\3.10.0\x64\lib\subprocess.py", line 1435, in _execute_child
hp, ht, pid, tid = _winapi.CreateProcess(executable, args,
FileNotFoundError: [WinError 2] The system cannot find the file specified
C:\Program Files\Microsoft Visual Studio\2022\Enterprise\MSBuild\Microsoft\VC\v170\Microsoft.CppCommon.targets(242,5): error MSB8066: Custom build for 'D:\a\TinyInst\TinyInst\build\CMakeFiles\86e64b953e1f58fbca11c71e659e096a\xed.lib.rule;D:\a\TinyInst\TinyInst\build\CMakeFiles\5fb1c8601facfde5bcef21843bf1469e\xed.rule;D:\a\TinyInst\TinyInst\third_party\CMakeLists.txt' exited with code 1. [D:\a\TinyInst\TinyInst\build\third_party\xed.vcxproj]
Error: Process completed with exit code 1.
It seems to work with vstudio 2019 but not with 2022.
This log was obtained from github ci https://github.com/tokatoka/TinyInst/runs/4403372925
and I can reproduce exactly the same error with vstudio 2022 installed in my local computer.
I'd be glad if you can help me with this.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.