bindiff icon indicating copy to clipboard operation
bindiff copied to clipboard
Published 1 month ago verified publisher icon google

Bindiff unable to process statically linked binaries exported with BinExport from Ghidra (flow graph already attached error)

Open paul-abb opened this issue 1 year ago • 8 comments

Describe the bug Bindiff is unable to process statically linked binaries exported by Ghidra with BinExport.

I have not tried BinExport with IDA.

To Reproduce Steps to reproduce the behavior: 1.

Expected behavior A clear and concise description of what you expected to happen.

Screenshots A binary like this: openssl: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=6143bc37788cd04527de063e16c35627b1610ea2, for GNU/Linux 3.2.0, not stripped

Will result in an error like this: terminate called after throwing an instance of 'std::runtime_error' E0215 14:29:31.721843 1785634 flow_graph.cc:85] Could not find basic block: 008D6BF0 E0215 14:29:31.721862 1785638 flow_graph.cc:85] Could not find basic block: 005A8E40 E0215 14:29:31.721827 1785635 flow_graph.cc:85] Could not find basic block: 0068A377 E0215 14:29:31.721854 1785637 flow_graph.cc:85] Could not find basic block: 00654090 E0215 14:29:31.721843 1785639 flow_graph.cc:85] Could not find basic block: 008E6230 what(): AttachFlowGraph: flow graph already attached 00401000

Environment (please complete the following information):

  • Ubuntu 23.10
  • Locale: US English
  • Disassembler and version: Ghidra 11.0 with BinExport 12 with BinDiff 8

Additional context I have tried this with multiple statically compiled binaries and it seems to fail with the same error. Binaries that aren't statically linked do not have this error.

paul-abb avatar Feb 15 '24 19:02 paul-abb

To reproduce: Compiile OpenSSL statically. Analyze with Ghidra. Export with BinExport plugin. Attempt to diff with Bindiff.

Expected Behavior: To successfully process the file the same as dynamically linked files.

paul-abb avatar Feb 15 '24 19:02 paul-abb

For convenience, can you attach two .BinExport files to this bug?

To me, this looks like an issue with the Ghidra extension and/or Ghidra's disassembly. BinDiff assumes that BinExport files are well-formed and self-consistent.

cblichmann avatar Feb 16 '24 15:02 cblichmann

openssl_static.zip Ok attached

paul-abb avatar Feb 16 '24 15:02 paul-abb

Using Ida Free, the BinExport is able to be processed.

However, BinExport files from Ida and Ghidra don't seem to be compatible / comparable, I'm not sure if this is expected behavior or not.

paul-abb avatar Feb 20 '24 20:02 paul-abb