mcsema icon indicating copy to clipboard operation
mcsema copied to clipboard
verified publisher icon lifting-bits

Windows disass and lift issues

Open KennyTzeng opened this issue 7 years ago • 4 comments

Hi, I have build and installed mcsema on my Windows 10 successfully, but I found these 2 problems:

C:\binary
$ ls
hello

C:\binary
$  mcsema-disass.exe --disassembler "C:\Program Files\IDA 7.0\idat64.exe" --arch amd64 --os linux --log_file "C:\binary\hello.log" --output "C:\binary\hello.cfg" --binary "C:\binary\hello" --entrypoint main
The filename, directory name, or volume label syntax is incorrect.
Traceback (most recent call last):
  File "C:\mcsema\Lib\site-packages\mcsema_disass-2.0-py2.7.egg\mcsema_disass\ida7\disass.py", line 77, in execute
    cwd=os.path.dirname(__file__))
  File "C:\python27-x64\lib\subprocess.py", line 186, in check_call
    raise CalledProcessError(retcode, cmd)
CalledProcessError: Command ''C:\Program Files\IDA 7.0\idat64.exe' -B -S"C:\mcsema\Lib\site-packages\mcsema_disass-2.0-py2.7.egg\mcsema_disass\ida7\get_cfg.py --output C:\binary\hello.cfg --log_file C:\binary\hello.log --arch amd64 --os linux --entrypoint main" 'c:\users\user\appdata\local\temp\tmpxngtug\hello'' returned non-zero exit status 1

but if I start IDA in interactive mode, it is okay, so what thing does mcsema-disass actually do? Can I just use IDA in interactive mode to produce a control flow graph and go on?

"C:\Program Files\IDA 7.0\idat64.exe" -S"C:\mcsema\Lib\site-packages\mcsema_disass-2.0-py2.7.egg\mcsema_disass\ida7\get_cfg.py --output C:\binary\hello.cfg --log_file C:\binary\hello.log --arch amd64 --os linux --entrypoint main" C:\binary\hello
  • mcsema-lift permission denied Another problem is when I use mcsema-lift to convert .cfg into .bc, it says Unable to rename C:\binary\hello.bc.tmp.0 to C:\binary\hello.bc: Permission denied, either in administrator mode.

output like this:

C:\binary
$ ls
hello hello.cfg hello.log

C:\binary
$ mcsema-lift-5.0.exe --output C:\binary\hello.bc --arch amd64 --os linux --cfg C:\binary\hello.cfg
E0318 10:57:40.759011  5916 Function.cpp:838] Block 400426 has no terminator, and instruction at 400426 is not a local no-return function call.
E0318 10:57:40.759011  5916 Function.cpp:348] Cannot find target of instruction at 4003fc; the static target 400400 is not associated with a lifted subroutine, and it does not have a known call target.
E0318 10:57:40.962041  5916 FileSystem.cpp:262] Unable to rename C:\binary\hello.bc.tmp.0 to C:\binary\hello.bc: Permission denied

C:\binary
$ ls
hello  hello.bc  hello.bc.tmp.0  hello.cfg  hello.log

but if I use mcsema-lift-5.0 on my Ubuntu 16.04 to convert hello.cfg into hello.bc, it is okay.

KennyTzeng avatar Mar 18 '19 18:03 KennyTzeng

This looked especially odd because it seemed to work for me and i noticed the $ in your prompt. Are you running/building this from cygwin or msys or WSL ? If yes, can you try invoking the commands from a normal command prompt?

artemdinaburg avatar Apr 25 '19 21:04 artemdinaburg

I have the same problem, how do you deal with it ?

lyliu avatar May 23 '19 12:05 lyliu

Problems are still the same, but you can deal with them by:

  1. Running script in interactive mode, and
  2. Manually replace .bc file with .bc.tmp.0

vient avatar Apr 30 '20 20:04 vient

Hi, I have build and installed mcsema on my Windows 10 successfully too, but I can't recompile the .bc file to a executable file and output the right result, can u?

leibo-hust avatar May 18 '20 08:05 leibo-hust