[BINARY] fails disassembly and reassembly

Open penq123 opened this issue 1 year ago • 1 comments

Question 1: When I encounter an error during reassembly of a statically linked ARM 32-bit program. Question 2: When I use gtirb-pprinter to convert the GTIRB intermediate file of an ARM 32-bit statically linked program into a new binary program, I also encounter an error.

Specifically as follows:

Question 1: When I encounter an error during reassembly of a statically linked ARM 32-bit program.

root@033f446ee66d:~/test-set/basic-test-set/stackoverflow1# arm-linux-gnueabihf-gcc -fno-stack-protector -g -O0 main.c ret2text-backdoor.c -static -no-pie -o ret2text
root@033f446ee66d:~/test-set/basic-test-set/stackoverflow1# ddisasm ret2text --asm lz.s

 Building the initial gtirb representation 
 WARNING: resurrectSymbols: STRTAB not found.[  98ms]
 Processing module: ret2text
     disassembly              load [    5s]    compute [   57s]  transform WARNING: Moving symbol to first block of section: __ehdr_start
 WARNING: Moving symbol to first block of section: __preinit_array_start
 WARNING: Moving symbol to first block of section: __preinit_array_end
 WARNING: Moving symbol to first block of section: __bss_start
 WARNING: Moving symbol to first block of section: __bss_start__
 WARNING: Found integral symbol pointing into existing block: .L_1d429
 WARNING: Found integral symbol pointing into existing block: .L_1d42a
 WARNING: Found integral symbol pointing into existing block: .L_1d42b
 WARNING: Found integral symbol pointing into existing block:__syscall_error_1
 [    7s]
    SCC analysis                              compute [ 190ms]  transform [   0ms]
     no return analysis       load [ 365ms]    compute [    2s]  transform [  16ms]
     function inference       load [ 400ms]    compute [ 229ms]  transform [  97ms]
 Printing assembler [    6s]

root@033f446ee66d:~/test-set/basic-test-set/stackoverflow1# arm-linux-gnueabihf-gcc -nostartfiles lz.s -no-pie -z now -o lz

 lz.s: Assembler messages:
 lz.s:3631: Error: instruction not allowed in IT block -- `movs r2,#0'
 lz.s:122046: Error: selected FPU does not support instruction -- `vdup.8 q0,r1'
 lz.s:122060: Error: selected processor does not support `vceq.i8 q1,q1,q0' in Thumb mode
 lz.s:122061: Error: selected processor does not support `vceq.i8 q2,q2,q0' in Thumb mode
 lz.s:122062: Error: selected FPU does not support instruction -- `vand q1,q1,q3'
 lz.s:122063: Error: selected FPU does not support instruction -- `vand q2,q2,q3'
 lz.s:122064: Error: selected processor does not support `vpadd.i8 d2,d2,d3' in Thumb mode
 lz.s:122065: Error: selected processor does not support `vpadd.i8 d4,d4,d5' in Thumb mode
 lz.s:122066: Error: selected processor does not support `vpadd.i8 d2,d2,d4' in Thumb mode
 lz.s:122067: Error: selected processor does not support `vpadd.i8 d2,d2,d2' in Thumb mode
 lz.s:122068: Error: garbage following instruction -- `vmov.32 r0,d2'
 lz.s:122086: Error: selected processor does not support `vceq.i8 q1,q1,q0' in Thumb mode
 lz.s:122087: Error: selected processor does not support `vceq.i8 q2,q2,q0' in Thumb mode
lz.s:122091: Error: selected FPU does not support instruction -- `vorr q4,q1,q2'
lz.s:122092: Error: selected FPU does not support instruction -- `vorr d8,d8,d9'
 lz.s:122100: Error: selected FPU does not support instruction -- `vand q1,q1,q3'
 lz.s:122101: Error: selected FPU does not support instruction -- `vand q2,q2,q3'
 lz.s:122102: Error: selected processor does not support `vpadd.i8 d2,d2,d3' in Thumb mode
 lz.s:122103: Error: selected processor does not support `vpadd.i8 d4,d4,d5' in Thumb mode
 lz.s:122104: Error: selected processor does not support `vpadd.i8 d2,d2,d4' in Thumb mode
lz.s:122105: Error: selected processor does not support `vpadd.i8 d2,d2,d2' in Thumb mode
 lz.s:122106: Error: garbage following instruction -- `vmov.32 r0,d2'
lz.s:164870: Error: VFP single precision register expected -- `vldmia r0,{ d16,d17,d18,d19,d20,d21,d22,d23,d24,d25,d26,d27,d28,d29,d30,d31 }'
lz.s:164883: Error: VFP single precision register expected -- `vstmia r0,{ d16,d17,d18,d19,d20,d21,d22,d23,d24,d25,d26,d27,d28,d29,d30,d31 }'
root@033f446ee66d:~/test-set/basic-test-set/stackoverflow1#

Question 2: When I use gtirb-pprinter to convert the GTIRB intermediate file of an ARM 32-bit statically linked program into a new binary program, I also encounter an error.

root@033f446ee66d:~/test-set/basic-test-set/stackoverflow1# arm-linux-gnueabihf-gcc -fno-stack-protector -g -O0 main.c ret2text-backdoor.c -static -no-pie -o ret2text
root@033f446ee66d:~/test-set/basic-test-set/stackoverflow1# python3 xor.py lz.gtirb new_lz.gtirb

Traceback (most recent call last):
  File "xor.py", line 2, in <module>
    import gtirb_rewriting.driver
  File "/usr/local/lib/python3.8/dist-packages/gtirb_rewriting/__init__.py", line 30, in <module>
    from .passes import Pass, PassManager
  File "/usr/local/lib/python3.8/dist-packages/gtirb_rewriting/passes.py", line 28, in <module>
    from .rewriting import RewritingContext
  File "/usr/local/lib/python3.8/dist-packages/gtirb_rewriting/rewriting.py", line 61, in <module>
    class RewritingContext:
  File "/usr/local/lib/python3.8/dist-packages/gtirb_rewriting/rewriting.py", line 112, in RewritingContext
    err: mcasm.assembler.AsmSyntaxError,
AttributeError: module 'mcasm' has no attribute 'assembler'

oot@033f446ee66d:~/test-set/basic-test-set/stackoverflow1# gtirb-pprinter lz.gtirb -b lz

[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:262)  Reading GTIRB file:     "lz.gtirb"
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:497)  Module ret2text has integral symbols; attempting to assign referents...
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:559)  Generating binary for module ret2text
Generating binary file
WARNING: found overlapping element at address 1d429
The --layout option to gtirb-pprinter can fix overlapping elements.
WARNING: found overlapping element at address 1d42a
The --layout option to gtirb-pprinter can fix overlapping elements.
WARNING: found overlapping element at address 1d42b
The --layout option to gtirb-pprinter can fix overlapping elements.
WARNING: found overlapping element at address 27dd4
The --layout option to gtirb-pprinter can fix overlapping elements.

.......

/tmp/fileAPjZv2.s:153424: Error: operand 1 must be an integer register -- `str r1,[sp,#20]'
/tmp/fileAPjZv2.s:153426: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153428: Error: operand 1 must be an integer register -- `ldrb r2,[r1,#13]'
/tmp/fileAPjZv2.s:153429: Error: unknown mnemonic `lsls' -- `lsls r2,r2,#30'
/tmp/fileAPjZv2.s:153431: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153433: Error: operand 1 must be an integer register -- `ldr r2,[r3,#232]'
/tmp/fileAPjZv2.s:153434: Error: operand 1 must be an integer register -- `cbz r2,.L_4d63d'
/tmp/fileAPjZv2.s:153435: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153437: Error: operand 1 must be an integer register -- `ldr r2,[r2,#4]'
/tmp/fileAPjZv2.s:153438: Error: operand 1 must be an integer register -- `ldr r1,[r3,#372]'
/tmp/fileAPjZv2.s:153439: Error: operand 1 must be an integer register -- `ldrh r2,[r2,sb,LSL 1]'
/tmp/fileAPjZv2.s:153440: Error: operand 1 must be an integer register -- `ubfx r2,r2,#0,#15'
/tmp/fileAPjZv2.s:153441: Error: operand 1 must be an integer or stack pointer register -- `add r2,r1,r2,lsl#4'
/tmp/fileAPjZv2.s:153442: Error: operand 1 must be an integer register -- `ldr r1,[r2,#4]'
/tmp/fileAPjZv2.s:153443: Error: operand 1 must be an integer or stack pointer register -- `cmp r1,#0'
/tmp/fileAPjZv2.s:153444: Error: unknown mnemonic `it' -- `it eq'
/tmp/fileAPjZv2.s:153445: Error: unknown mnemonic `moveq' -- `moveq r2,#0'
/tmp/fileAPjZv2.s:153446: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153449: Error: unknown mnemonic `mrc' -- `mrc 15,#0,fp,cr13,cr0,#3'
/tmp/fileAPjZv2.s:153450: Error: operand 1 must be an integer or stack pointer register -- `sub sb,fp,#1216'
/tmp/fileAPjZv2.s:153451: Error: operand 1 must be an integer register -- `ldr r1,[sb]'
/tmp/fileAPjZv2.s:153452: Error: operand 1 must be an integer or stack pointer register -- `cmp r1,#0'
/tmp/fileAPjZv2.s:153454: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153456: Error: operand 1 must be an SVE predicate register -- `movs r1,#1'
/tmp/fileAPjZv2.s:153457: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153460: Error: operand 1 must be an integer register -- `ldr r0,[lr,r0]'
/tmp/fileAPjZv2.s:153461: Error: operand 1 must be an integer register -- `mov sl,#0'
/tmp/fileAPjZv2.s:153462: Error: operand 1 must be an integer register -- `str r1,[sp,#8]'
/tmp/fileAPjZv2.s:153463: Error: operand 1 must be an integer register -- `mov r1,r3'
/tmp/fileAPjZv2.s:153464: Error: operand 1 must be an integer register -- `str r2,[sp]'
/tmp/fileAPjZv2.s:153465: Error: operand 1 must be an integer or stack pointer register -- `add r0,ip'
/tmp/fileAPjZv2.s:153466: Error: operand 1 must be an SVE predicate register -- `movs r2,#1'
/tmp/fileAPjZv2.s:153467: Error: operand 1 must be an integer register -- `str sl,[sp,#12]'
/tmp/fileAPjZv2.s:153468: Error: operand 1 must be an integer register -- `str r2,[sp,#4]'
/tmp/fileAPjZv2.s:153469: Error: operand 1 must be an integer or stack pointer register -- `add r2,sp,#20'
/tmp/fileAPjZv2.s:153470: Error: operand 1 must be an integer register -- `ldr r3,[r3,#468]'
/tmp/fileAPjZv2.s:153472: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153474: Error: operand 1 must be an integer register -- `ldr r3,[sb]'
/tmp/fileAPjZv2.s:153475: Error: operand 1 must be an integer register -- `mov sb,r0'
/tmp/fileAPjZv2.s:153476: Error: operand 1 must be an integer or stack pointer register -- `cmp r3,#0'
/tmp/fileAPjZv2.s:153478: Error: unknown pseudo-op: `.thumb'
/tmp/fileAPjZv2.s:153481: Error: operand 1 must be an integer register -- `ldr r3,[sp,#20]'

ret2text.zip ret2text.zip

Oct 30 '24 02:10 penq123

Hi @penq123

Regarding your first question:

The instructions

vdup.8 q0, r1
vceq.i8 q1, q1, q0
vand q1, q1, q3
vpadd.i8 d2, d2, d3

are NEON SIMD instructions, which are only available on ARMv7 processors with the NEON/VFP unit enabled.

To build successfully, you'll need to pass the appropriate options:

-march=armv7-a -mfpu=neon

That is,

arm-linux-gnueabihf-gcc -o ret2text_rewritten ret2text.s -Wl,--no-as-needed -march=armv7-a -mfpu=neon -no-pie -Wl,-z,stack-size=0 -Wl,-z,noexecstack -nostartfiles -static

Also, please note that there are a couple of recent related commits you may want to check:

https://github.com/GrammaTech/ddisasm/commit/9f3057a8afe0af47a2b44f5e4cbfe51ab2e12ee0

https://github.com/GrammaTech/gtirb-pprinter/commit/422f1ebf3d0842876cd5e94c19ea773d70300e8f

Regarding your second question:

To have gtirb-pprinter use the correct assembler for your gtirb IR, you can pass the --use-gcc option, for example:

gtirb-pprinter lz.gtirb -b lz --use-gcc=arm-linux-gnueabihf-gcc

Additionally, if you want to pass extra arguments to gtirb-pprinter, you can use the -c option, for example:

gtirb-pprinter lz.gtirb -b lz --use-gcc=arm-linux-gnueabihf-gcc -c "-march=armv7-a" -c "-mfpu=neon"

I hope this clears things up.

Aug 27 '25 20:08 junghee