qiling
qiling copied to clipboard
qilingframework
Qdb step over command not working correctly
*Describe the bug A clear and concise description of what the bug is.
Sample Code
from qiling import *
from qiling.const import *
# sandbox to emulate the EXE
def my_sandbox(path, rootfs):
# setup Qiling engine
ql = Qiling(path, rootfs,
#verbose=QL_VERBOSE.DEBUG,
ostype=QL_OS.WINDOWS,
archtype=QL_ARCH.X86,
)
ql.debugger = 'qdb'
# now emulate the EXE
ql.run()
if __name__ == "__main__":
# execute Windows EXE under our rootfs
my_sandbox([
"~/qiling/examples/rootfs/x86_windows/test.exe"],
"~/qiling/examples/rootfs/x86_windows")
I am using qdb to debug the windows pe application. in the code context with: Sample Code
> 0x004019e6 │ 7404 je 0x4019ec
0x004019e8 │ 85ce test esi, ecx
0x004019ea │ 7526 jne 0x401a12
0x004019ec │ e894ffffff call 0x401985
0x004019f1 │ 8bc8 mov ecx, eax
0x004019f3 │ 3bcf cmp ecx, edi
0x004019f5 │ 7507 jne 0x4019fe
0x004019f7 │ b94fe640bb mov ecx, 0xbb40e64f
0x004019fc │ eb0e jmp 0x401a0c
0x004019fe │ 85ce test esi, ecx
now, zero flag is 1
Expected behavior je in the current line will jump to 0x4019ec expected but the application run until finished
so, i check the code in qiling/debugger/qdb/qdb.py at function do_step_over, the if condition: if prophecy.going: is wrong? maybe if not prophecy.going: ?
Hi, I'll need more context of this for debugging.
- are you at the latest dev branch ?
- if the branch will be taken, qdb will show a sign at the left side of DISASM window, like the screen shot below
or you can provide the test.exe, so I can test it locally for fixing it.
Thanks for answer
-
i both try latest dev and master branch, the result is same
-
screen shot:
-
my test py and exe is test-files.zip
-
i try to fix the bug: qiling/debugger/qdb/qdb.py at function do_step_over, change if prophecy.going to if not prophecy.going the result is expected
thanks again
Hello, after I change verbose to QL_VERBOSE.DISASM (dump executed instruction) mode, It looks like 0x004819e8 is not supposed to be executed. So the hook which placed by the command step_over is not triggered. if you still think this is a bug and need to be fixed, pls let me know.
Hello ucgJhe, 0x004819e8 not execute is expected,the instruction exec to 0x004819e6 and ZF is 1,so the next instruction will jump to 0x4019ec。 The problem is,the command input to qdb is "s",mean step over to next instruction and hit the temp breakpoint paused, but the simulate exec until the process exit
for qdb command, s is for step in, n for step over. So if you type n on 0x4819e6 the flow will never pause until the program exit , because it simply place a hook on next instruction which is 0x4819e8 and won't be executed. So i think the result is correct.
Please correct me if I get you wrong thx.
Sorry for the mistake, the command i type is “n”, not "s". for the step over command, will follow the jump target instruction, and set the temp breakpoint, because the if conditon not right, the breakpoint set to the wrong position, so "n" command run not hit any breakpoint until the program exited.
@pxqlinux I see you point here. The qdb command n should place a temp breakpoint at 0x4019ec since the instruction at 0x4019e6 is NOT a function call, right ? The qdb command is not as same as gdb command semantically. For the qdb command n was used to place a temp breakpoint at the next address ( pc-related : pc+instruction_size@pc ), and the qdb command s is to place a temp breakpoint at the address to be executed. I think the qdb command s is what you want but not n if the assumption above is correct. Any ideas are welcome if you think this can be improved or shouldn't acting like that.