capstone
capstone copied to clipboard
Published
20 hours ago •
capstone-engine
capstone-engine
PPC: Invalid assembly code
trafficstars
Binaries which are compiled with the cross-compiler available for Ubuntu are not decompiled correctly.
Running
> cstool -d ppc64be <bin>
ERROR: invalid assembly code
Reproduce
src
int main() {
int a = 0;
int b = -1;
a = b + b;
return 0;
}
Build
> sudo apt install g++-10-multilib-powerpc64-linux-gnu
> powerpc64-linux-gnu-g++-10 -m64 -mbig -o add_bin add_bin.c
> readelf -h add_bin
ELF Header:
Magic: 7f 45 4c 46 02 02 01 00 00 00 00 00 00 00 00 00
Class: ELF64
Data: 2's complement, big endian
Version: 1 (current)
OS/ABI: UNIX - System V
ABI Version: 0
Type: EXEC (Executable file)
Machine: PowerPC64
Version: 0x1
Entry point address: 0x1001fdf8
Start of program headers: 64 (bytes into file)
Start of section headers: 67944 (bytes into file)
Flags: 0x1, abiv1
Size of this header: 64 (bytes)
Size of program headers: 56 (bytes)
Number of program headers: 8
Size of section headers: 64 (bytes)
Number of section headers: 29
Section header string table index: 28
Disassemble with objdump
> powerpc64-linux-gnu-objdump -d add_bin
<Valid assembly>
Capstone
> cstool -d ppc64be <bin>
ERROR: invalid assembly code
Versions
Capstone: v5.0.0
g++: (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0
I am able to compile asm files with powerpc64-linux-gnu-as, link them with powerpc64-linux-gnu-ld and they are disassembled correctly in rizin. But not by the command cstool
> powerpc64-linux-gnu-as -a64 -mregnames src.S -o asm_bin.o
> powerpc64-linux-gnu-ld -b elf64-powerpc asm_bin.o -o asm_bin
> cstool -d ppc64be asm_bin
ERROR: invalid assembly code
> rizin -qq -c 'pd 10' tracetest
;-- entry0:
;-- _start:
0x1000047c bl loc.add_insns
0x10000480 li r0, 0
0x10000484 blr
0x10000488 invalid
...
In the former case rizin does not decompile the binary neither.