qiling icon indicating copy to clipboard operation
qiling copied to clipboard

Published 20 hours ago verified publisher icon qilingframework

Does Ollvm de-flatten support android arm64?

Open fa1conn opened this issue 2 years ago • 6 comments

I can use the function normally on x64 platform,but It would be wrong on android arm64.

Traceback (most recent call last):
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 818, in activate
    self.action_handler.ql_handle_menu_action(self.action_type)
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 2124, in ql_handle_menu_action
    [x.handler() for x in self.menuitems if x.action == action]
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 2124, in <listcomp>
    [x.handler() for x in self.menuitems if x.action == action]
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 1868, in ql_deflat
    if not self._search_path():
  File "C:/Users/fa1con/EXE/IDA7.5/plugins/qilingida.py", line 1660, in _search_path
    ql.run(begin=self.deflatqlemu.ql_addr_from_ida(first_block.start_ea) + self.append, end=self.deflatqlemu.ql_addr_from_ida(first_block.end_ea), count=0xFFF)
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\core.py", line 730, in run
    self.os.run()
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\os\linux\linux.py", line 149, in run
    self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\core.py", line 883, in emu_start
    raise self._internal_exception
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\utils.py", line 159, in wrapper
    return func(*args, **kw)
  File "C:\Users\fa1con\EXE\python\python38\lib\site-packages\qiling\core_hooks.py", line 59, in _hook_intr_cb
    raise QlErrorCoreHook("_hook_intr_cb : not handled")
qiling.exception.QlErrorCoreHook: _hook_intr_cb : not handled

I use the latest version of qiling,and error report would occur in all example on android arm64. It seem be the bug of qiling,or does it not support arm64?

fa1conn avatar Apr 12 '22 09:04 fa1conn

It looks like a bug of Qiling itself, not the IDA plugin.

wtdcode avatar Apr 12 '22 19:04 wtdcode

It looks like a bug of Qiling itself, not the IDA plugin. Yes,I also think so. But I‘m not familiar with the source code, so I can not fix it.

fa1conn avatar Apr 13 '22 02:04 fa1conn

+1

qiang avatar Apr 14 '22 07:04 qiang

Can you provide the sample? I can try to fix it.

chinggg avatar Apr 22 '22 15:04 chinggg

Can you provide the sample? I can try to fix it.

lib64_example.zip this is a simple sample,you can find ollvm in JNI_OnLoad function.

fa1conn avatar Apr 23 '22 03:04 fa1conn

Have the same problem, with an MIPS binary. My output is

[+]     getdents64(0, /* 43 entries */, 0x1000) = 1185
[+]     0x0040365c: getdents64(fd = 0x0, dirp = 0x7ff3bc00, count = 0x1000) = 0x4a1
[+]     Received interrupt: 0xc

And the Error is same qiling.exception.QlErrorCoreHook: _hook_intr_cb : not handled

ljucovic avatar Dec 12 '23 15:12 ljucovic