qiling icon indicating copy to clipboard operation
qiling copied to clipboard

Published 20 hours ago verified publisher icon qilingframework

Fail to force execution by microcode when deflat

Open starf1ame opened this issue 4 years ago • 3 comments

Traceback (most recent call last): File "/Applications/IDA Pro 7.5/ida64.app/Contents/MacOS/plugins/qilingida.py", line 818, in activate self.action_handler.ql_handle_menu_action(self.action_type) File "/Applications/IDA Pro 7.5/ida64.app/Contents/MacOS/plugins/qilingida.py", line 2117, in ql_handle_menu_action [x.handler() for x in self.menuitems if x.action == action] File "/Applications/IDA Pro 7.5/ida64.app/Contents/MacOS/plugins/qilingida.py", line 2117, in [x.handler() for x in self.menuitems if x.action == action] File "/Applications/IDA Pro 7.5/ida64.app/Contents/MacOS/plugins/qilingida.py", line 1861, in ql_deflat if not self._search_path(): File "/Applications/IDA Pro 7.5/ida64.app/Contents/MacOS/plugins/qilingida.py", line 1677, in _search_path ql.run(begin=ql_bb_start_ea, end=0, count=0xFFF) File "/usr/local/Cellar/[email protected]/3.8.11/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/qiling/core.py", line 728, in run self.os.run() File "/usr/local/Cellar/[email protected]/3.8.11/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 139, in run self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count) File "/usr/local/Cellar/[email protected]/3.8.11/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/qiling/core.py", line 878, in emu_start raise self._internal_exception File "/usr/local/Cellar/[email protected]/3.8.11/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/qiling/utils.py", line 158, in wrapper return func(*args, **kw) File "/usr/local/Cellar/[email protected]/3.8.11/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/qiling/core_hooks.py", line 111, in _hook_trace_cb ret = h.call(ql, addr, size) File "/usr/local/Cellar/[email protected]/3.8.11/Frameworks/Python.framework/Versions/3.8/lib/python3.8/site-packages/qiling/core_hooks_types.py", line 23, in call return self.callback(ql, *args) File "/Applications/IDA Pro 7.5/ida64.app/Contents/MacOS/plugins/qilingida.py", line 1541, in _guide_hook result = self._force_execution_by_parsing_assembly(ql, ida_addr) File "/Applications/IDA Pro 7.5/ida64.app/Contents/MacOS/plugins/qilingida.py", line 1490, in _force_execution_by_parsing_assembly reg2_val = ql.reg.getattribute(reg2) AttributeError: 'QlRegisterManager' object has no attribute 'eax'

And such situation also happens on arm, that is "'QlRegisterManager' object has no attribute 'w9'"

starf1ame avatar Oct 14 '21 12:10 starf1ame

@kabeor can you take a look ?

xwings avatar Oct 14 '21 12:10 xwings

ok, I & @wtdcode will deal with this

kabeor avatar Oct 14 '21 13:10 kabeor

Hello, I need your minimun test binary to reproduce.

wtdcode avatar Oct 15 '21 13:10 wtdcode

Close for now.

We updated the codebase for Qiling and Unicorn since this issue being posted.

Feel free to try the latest version.

xwings avatar Oct 06 '22 03:10 xwings