bincat icon indicating copy to clipboard operation
bincat copied to clipboard

Published 20 hours ago verified publisher icon airbus-seclab

Save the remapped_binary path and sections to the .ini

Open p-state opened this issue 4 years ago • 4 comments

I need to analyse one function in my binary, but I have to pass pointer to big chunk of memory as an argument. I've created additional segment in IDA and fill it with contents from file. The argument has correct pointer to created segment, but analysis fails with message [ANALYSIS] interpreter: unreachable state at address ... right after dereferencing this pointer.

Is there a better approach to solve this problem besides creating a very large .init file?

p-state avatar Aug 29 '19 14:08 p-state

Hi,

BinCAT supports for mapping chunks from the binary file that is being analyzed, by defining sections in the input file (there's an example here). The format is: section[SECTION_NAME] = VIRTUAL_ADDRESS,VIRTUAL_LENGTH,PHYSICAL_ADDR,PHYSICAL_LENGTH VIRTUAL_ADDRESS is the address you'd like a chunk to be mapped to PHYSICAL_ADDR is is offset of the chunk start in the binary that is being analyzed. Both length should be equal, I don't remember why we have two parameters.

BinCAT doesn't support (yet?) mapping chunks from files other than the binary being analyzed, or a core dump file. So, a dirty hack that will probably work would be concatenating the memory chunks you want to map at the end of the binary file being analyzed.

Lastpixl avatar Aug 29 '19 15:08 Lastpixl

Hello, Another option, beside the one @Lastpixl provided: I think using the "remap binary" checkbox should work, as it produces the binary file used by the analyzer using IDA's segments data. Could your please try this ?

trou avatar Aug 29 '19 15:08 trou

@trou Oh, yes. I remember that I unchecked this option because analysis could not start after reloading IDA database:

INFO:bincat.gui:Launching the analyzer
Traceback (most recent call last):
  File "C:/Users/root/AppData/Roaming/Hex-Rays/IDA Pro/plugins\idabincat\gui.py", line 807, in launch_analysis
    or not self.s.remapped_sections):
AttributeError: 'State' object has no attribute 'remapped_sections'

It works when idb is loaded for the first time. I've fixed it by changing this line to or getattr(self.s, 'remapped_sections', None) is None, but it asks where to save remapped binary after reloading idb. I do not think this is the intended behavior.

@Lastpixl It works, thank you. I believe "remap binary" approach is more convenient.

p-state avatar Sep 02 '19 13:09 p-state

@hardboost thanks for the report. I've improved the situation, now the remapped sections are saved in the IDB and the configuration files has the "remap binary" option state saved.

I'm leaving this bug open for now as I want to save the remapped_binary path and sections to the .ini too.

trou avatar Sep 03 '19 12:09 trou