qiling icon indicating copy to clipboard operation
qiling copied to clipboard

Attempting to simulate Android so load failed

Open RickyCong opened this issue 6 months ago • 0 comments

When I tried to load a shared Android so file, I saw that in a section of the assembly code, the x17 register was actually jumping to an address in libc.so. However, it couldn't find this address, causing the loading to fail.

Then I tried several other shared so files, and it seems they have similar issues. Is it that it doesn't automatically load the required dynamic libraries?

code

from qiling import Qiling
from qiling.const import QL_OS, QL_ARCH, QL_VERBOSE, QL_ENDIAN


def my_test():
    target_so = "./my_project/env/so_files/libloader.so"
    rootfs = "./examples/rootfs/arm64_android6.0"
    env = {
        'ANDROID_DATA': r'/data',
        'ANDROID_ROOT': r'/system',
    }

    ql = Qiling([target_so],
                rootfs,
                env,
                profile="./my_project/env/qiling_config.ql",
                ostype=QL_OS.LINUX,
                archtype=QL_ARCH.ARM64,
                verbose=QL_VERBOSE.DISASM,
                multithread=False,
                endian=QL_ENDIAN.EL)

    ql.run()


if __name__ == "__main__":
    my_test()

image

logfile

[+] 	Profile: /home/ubuntu/qiling/my_project/env/qiling_config.ql
[+] 	Mapped 0xe7f818e01000-0xe7f8196cd000
[+] 	Mapped 0xe7f8196dd000-0xe7f81a3c5000
[+] 	mem_start : 0xe7f818e01000
[+] 	mem_end   : 0xe7f81a3c5000
[+] 	mmap_address is : 0xe7f818e01000
[+] 	rel name b'getentropy'
[+] 	rel name b'pthread_create'
[+] 	rel name b'malloc'
[+] 	rel name b'free'
[+] 	rel name b'__sF'
[+] 	rel name b'_ctype_'
[+] 	rel name b'strcmp'
[+] 	rel name b'strcasecmp'
[+] 	rel name b'dlsym'
[+] 	rel name b'wcswidth'
[+] 	rel name b'environ'
[+] 	rel name b'realloc'
[+] 	rel name b'pthread_self'
[+] 	rel name b'pthread_rwlock_wrlock'
[+] 	rel name b'android_gethostbynamefornet'
[+] 	rel name b'mmap'
[+] 	rel name b'remove'
[+] 	rel name b'dl_iterate_phdr'
[+] 	rel name b'__strchr_chk'
[+] 	rel name b'tempnam'
[+] 	rel name b'inet_aton'
[+] 	rel name b'getauxval'
[+] 	rel name b'pthread_mutexattr_setpshared'
[+] 	rel name b'strnlen'
[+] 	rel name b'getpid'
[+] 	rel name b'ungetc'
[+] 	rel name b'fork'
[+] 	rel name b'strncpy'
[+] 	rel name b'inflateReset'
[+] 	rel name b'lseek'
[+] 	rel name b'send'
[+] 	rel name b'__memmove_chk'
[+] 	rel name b'gmtime'
[+] 	rel name b'flistxattr'
[+] 	rel name b'sigismember'
[+] 	rel name b'wmemcmp'
[+] 	rel name b'strtok'
[+] 	rel name b'pthread_rwlock_destroy'
[+] 	rel name b'towlower'
[+] 	rel name b'select'
[+] 	rel name b'sqlite3_open16'
[+] 	rel name b'pthread_getspecific'
[+] 	rel name b'pipe'
[+] 	rel name b'strtod'
[+] 	rel name b'pthread_rwlock_rdlock'
[+] 	rel name b'inflateEnd'
[+] 	rel name b'getentropy'
[+] 	rel name b'creat'
[+] 	rel name b'__cxa_atexit'
[+] 	rel name b'sigsetjmp'
[+] 	rel name b'qsort'
[+] 	rel name b'kill'
[+] 	rel name b'stat'
[+] 	rel name b'_ZdaPv'
[+] 	rel name b'lstat64'
[+] 	rel name b'wctype'
[+] 	rel name b'memcmp'
[+] 	rel name b'pthread_rwlock_init'
[+] 	rel name b'pthread_create'
[+] 	rel name b'ftruncate'
[+] 	rel name b'_Znwm'
[+] 	rel name b'access'
[+] 	rel name b'__strncpy_chk'
[+] 	rel name b'pthread_join'
[+] 	rel name b'fgetxattr'
[+] 	rel name b'pthread_atfork'
[+] 	rel name b'fgets'
[+] 	rel name b'fputs'
[+] 	rel name b'fread'
[+] 	rel name b'epoll_wait'
[+] 	rel name b'gethostbyname2'
[+] 	rel name b'fdopen'
[+] 	rel name b'malloc'
[+] 	rel name b'rename'
[+] 	rel name b'fseek'
[+] 	rel name b'pthread_once'
[+] 	rel name b'memmem'
[+] 	rel name b'sqlite3_open_v2'
[+] 	rel name b'_exit'
[+] 	rel name b'__stack_chk_fail'
[+] 	rel name b'vfprintf'
[+] 	rel name b'pthread_rwlock_tryrdlock'
[+] 	rel name b'fwrite'
[+] 	rel name b'calloc'
[+] 	rel name b'fstatat'
[+] 	rel name b'wmemmove'
[+] 	rel name b'shutdown'
[+] 	rel name b'wmemset'
[+] 	rel name b'strcpy'
[+] 	rel name b'sigaction'
[+] 	rel name b'strxfrm'
[+] 	rel name b'mkdir'
[+] 	rel name b'sigaddset'
[+] 	rel name b'bind'
[+] 	rel name b'isdigit'
[+] 	rel name b'btowc'
[+] 	rel name b'__cxa_guard_release'
[+] 	rel name b'readdir'
[+] 	rel name b'listen'
[+] 	rel name b'_ZdlPv'
[+] 	rel name b'__snprintf_chk'
[+] 	rel name b'getaddrinfo'
[+] 	rel name b'__openat'
[+] 	rel name b'pthread_cond_wait'
[+] 	rel name b'lstat'
[+] 	rel name b'read'
[+] 	rel name b'__sprintf_chk'
[+] 	rel name b'__ctype_get_mb_cur_max'
[+] 	rel name b'close'
[+] 	rel name b'chmod'
[+] 	rel name b'getcwd'
[+] 	rel name b'__FD_SET_chk'
[+] 	rel name b'lseek64'
[+] 	rel name b'getc'
[+] 	rel name b'wcsftime'
[+] 	rel name b'pthread_cond_signal'
[+] 	rel name b'ungetwc'
[+] 	rel name b'nftw'
[+] 	rel name b'strndup'
[+] 	rel name b'isprint'
[+] 	rel name b'fstatat64'
[+] 	rel name b'inflateInit2_'
[+] 	rel name b'getppid'
[+] 	rel name b'_Znam'
[+] 	rel name b'pthread_mutexattr_settype'
[+] 	rel name b'__cxa_pure_virtual'
[+] 	rel name b'tcgetattr'
[+] 	rel name b'pthread_mutexattr_init'
[+] 	rel name b'readv'
[+] 	rel name b'free'
[+] 	rel name b'__strrchr_chk'
[+] 	rel name b'vsscanf'
[+] 	rel name b'inflate'
[+] 	rel name b'fputc'
[+] 	rel name b'setxattr'
[+] 	rel name b'setsockopt'
[+] 	rel name b'pthread_rwlock_unlock'
[+] 	rel name b'ceil'
[+] 	rel name b'getrlimit'
[+] 	rel name b'toupper'
[+] 	rel name b'mmap64'
[+] 	rel name b'__errno'
[+] 	rel name b'pthread_rwlock_timedrdlock'
[+] 	rel name b'__strncpy_chk2'
[+] 	rel name b'fflush'
[+] 	rel name b'closedir'
[+] 	rel name b'strchr'
[+] 	rel name b'open'
[+] 	rel name b'epoll_ctl'
[+] 	rel name b'poll'
[+] 	rel name b'strdup'
[+] 	rel name b'strcmp'
[+] 	rel name b'sysconf'
[+] 	rel name b'mremap'
[+] 	rel name b'sigprocmask'
[+] 	rel name b'getenv'
[+] 	rel name b'putc'
[+] 	rel name b'pthread_condattr_setpshared'
[+] 	rel name b'inet_ntop'
[+] 	rel name b'wcscoll'
[+] 	rel name b'strcasecmp'
[+] 	rel name b'pthread_mutex_trylock'
[+] 	rel name b'dup2'
[+] 	rel name b'pread'
[+] 	rel name b'__system_property_get'
[+] 	rel name b'pthread_setspecific'
[+] 	rel name b'AAsset_read'
[+] 	rel name b'inet_pton'
[+] 	rel name b'__strlen_chk'
[+] 	rel name b'sleep'
[+] 	rel name b'ctime'
[+] 	rel name b'strftime'
[+] 	rel name b'__open'
[+] 	rel name b'__loader_dlsym'
[+] 	rel name b'dlsym'
[+] 	rel name b'sigemptyset'
[+] 	rel name b'regexec'
[+] 	rel name b'mbrtowc'
[+] 	rel name b'pthread_mutex_unlock'
[+] 	rel name b'memmove'
[+] 	rel name b'wcsxfrm'
[+] 	rel name b'memset'
[+] 	rel name b'setlocale'
[+] 	rel name b'pthread_rwlock_trywrlock'
[+] 	rel name b'clock'
[+] 	rel name b'__FD_ISSET_chk'
[+] 	rel name b'geteuid'
[+] 	rel name b'time'
[+] 	rel name b'ftell'
[+] 	rel name b'inet_addr'
[+] 	rel name b'strrchr'
[+] 	rel name b'fsetxattr'
[+] 	rel name b'strstr'
[+] 	rel name b'pread64'
[+] 	rel name b'__cxa_finalize'
[+] 	rel name b'android_getaddrinfofornet'
[+] 	rel name b'fstat64'
[+] 	rel name b'siglongjmp'
[+] 	rel name b'strtok_r'
[+] 	rel name b'ftruncate64'
[+] 	rel name b'gettimeofday'
[+] 	rel name b'regfree'
[+] 	rel name b'strcat'
[+] 	rel name b'__cxa_guard_acquire'
[+] 	rel name b'getsockopt'
[+] 	rel name b'epoll_create1'
[+] 	rel name b'freeaddrinfo'
[+] 	rel name b'pthread_mutex_init'
[+] 	rel name b'towupper'
[+] 	rel name b'dlerror'
[+] 	rel name b'fclose'
[+] 	rel name b'strtoull'
[+] 	rel name b'getxattr'
[+] 	rel name b'listxattr'
[+] 	rel name b'fprintf'
[+] 	rel name b'pthread_cond_destroy'
[+] 	rel name b'ferror'
[+] 	rel name b'ioctl'
[+] 	rel name b'munmap'
[+] 	rel name b'fnmatch'
[+] 	rel name b'__strcpy_chk'
[+] 	rel name b'abort'
[+] 	rel name b'dlclose'
[+] 	rel name b'android_dlopen_ext'
[+] 	rel name b'msync'
[+] 	rel name b'getnameinfo'
[+] 	rel name b'tcsetattr'
[+] 	rel name b'pthread_cond_timedwait'
[+] 	rel name b'usleep'
[+] 	rel name b'pthread_cond_init'
[+] 	rel name b'setvbuf'
[+] 	rel name b'write'
[+] 	rel name b'stat64'
[+] 	rel name b'__recvfrom_chk'
[+] 	rel name b'pthread_sigmask'
[+] 	rel name b'mktime'
[+] 	rel name b'strtold'
[+] 	rel name b'strtol'
[+] 	rel name b'pthread_condattr_init'
[+] 	rel name b'readlink'
[+] 	rel name b'nanosleep'
[+] 	rel name b'regcomp'
[+] 	rel name b'__vsnprintf_chk'
[+] 	rel name b'mlock'
[+] 	rel name b'dladdr'
[+] 	rel name b'removexattr'
[+] 	rel name b'pthread_mutex_lock'
[+] 	rel name b'getpagesize'
[+] 	rel name b'gethostbyname'
[+] 	rel name b'iswctype'
[+] 	rel name b'pthread_rwlockattr_setpshared'
[+] 	rel name b'pwrite'
[+] 	rel name b'getwc'
[+] 	rel name b'pthread_mutex_destroy'
[+] 	rel name b'prctl'
[+] 	rel name b'fcntl'
[+] 	rel name b'fstat'
[+] 	rel name b'flock'
[+] 	rel name b'pthread_mutexattr_destroy'
[+] 	rel name b'sscanf'
[+] 	rel name b'isspace'
[+] 	rel name b'strspn'
[+] 	rel name b'wmemchr'
[+] 	rel name b'pthread_rwlock_timedwrlock'
[+] 	rel name b'strtof'
[+] 	rel name b'writev'
[+] 	rel name b'realloc'
[+] 	rel name b'strcspn'
[+] 	rel name b'localtime'
[+] 	rel name b'AAsset_seek'
[+] 	rel name b'strcoll'
[+] 	rel name b'socket'
[+] 	rel name b'dup3'
[+] 	rel name b'__strncat_chk'
[+] 	rel name b'pthread_key_delete'
[+] 	rel name b'uname'
[+] 	rel name b'strncmp'
[+] 	rel name b'fopen'
[+] 	rel name b'gmtime_r'
[+] 	rel name b'signal'
[+] 	rel name b'vsprintf'
[+] 	rel name b'dup'
[+] 	rel name b'wctob'
[+] 	rel name b'strtoul'
[+] 	rel name b'memcpy'
[+] 	rel name b'getsockname'
[+] 	rel name b'gai_strerror'
[+] 	rel name b'vsnprintf'
[+] 	rel name b'strsep'
[+] 	rel name b'pthread_mutex_timedlock'
[+] 	rel name b'madvise'
[+] 	rel name b'sigdelset'
[+] 	rel name b'rmdir'
[+] 	rel name b'tolower'
[+] 	rel name b'syscall'
[+] 	rel name b'asprintf'
[+] 	rel name b'openat'
[+] 	rel name b'feof'
[+] 	rel name b'unlink'
[+] 	rel name b'sigfillset'
[+] 	rel name b'rand'
[+] 	rel name b'vfork'
[+] 	rel name b'getdents'
[+] 	rel name b'fileno'
[+] 	rel name b'pthread_equal'
[+] 	rel name b'wcslen'
[+] 	rel name b'memchr'
[+] 	rel name b'pthread_rwlockattr_init'
[+] 	rel name b'connect'
[+] 	rel name b'__strcat_chk'
[+] 	rel name b'strerror'
[+] 	rel name b'atoi'
[+] 	rel name b'strlen'
[+] 	rel name b'sprintf'
[+] 	rel name b'accept'
[+] 	rel name b'wcrtomb'
[+] 	rel name b'random'
[+] 	rel name b'pthread_key_create'
[+] 	rel name b'sqlite3_open'
[+] 	rel name b'realpath'
[+] 	rel name b'pthread_detach'
[+] 	rel name b'__read_chk'
[+] 	rel name b'pwrite64'
[+] 	rel name b'strncasecmp'
[+] 	rel name b'putwc'
[+] 	rel name b'opendir'
[+] 	rel name b'fremovexattr'
[+] 	rel name b'clock_gettime'
[+] 	rel name b'wmemcpy'
[+] 	rel name b'mprotect'
[+] 	rel name b'__memcpy_chk'
[=] 	0000e7f818e5c000 [libloader.so         + 0x05b000]  fd 7b bc a9          stp                  x29, x30, [sp, #-0x40]!
[=] 	0000e7f818e5c004 [libloader.so         + 0x05b004]  fd 03 00 91          mov                  x29, sp
[=] 	0000e7f818e5c008 [libloader.so         + 0x05b008]  f3 53 01 a9          stp                  x19, x20, [sp, #0x10]
[=] 	0000e7f818e5c00c [libloader.so         + 0x05b00c]  f5 5b 02 a9          stp                  x21, x22, [sp, #0x20]
[=] 	0000e7f818e5c010 [libloader.so         + 0x05b010]  f7 1b 00 f9          str                  x23, [sp, #0x30]
[=] 	0000e7f818e5c014 [libloader.so         + 0x05b014]  f6 03 01 aa          mov                  x22, x1
[=] 	0000e7f818e5c018 [libloader.so         + 0x05b018]  f7 03 00 aa          mov                  x23, x0
[=] 	0000e7f818e5c01c [libloader.so         + 0x05b01c]  f4 03 02 aa          mov                  x20, x2
[=] 	0000e7f818e5c020 [libloader.so         + 0x05b020]  5a 85 17 94          bl                   #0xe7f81943d588
[=] 	0000e7f81943d588 [libloader.so         + 0x63c588]  fd 7b bf a9          stp                  x29, x30, [sp, #-0x10]!
[=] 	0000e7f81943d58c [libloader.so         + 0x63c58c]  01 0f 00 f0          adrp                 x1, #0xe7f819620000
[=] 	0000e7f81943d590 [libloader.so         + 0x63c590]  00 03 80 d2          movz                 x0, #0x18
[=] 	0000e7f81943d594 [libloader.so         + 0x63c594]  fd 03 00 91          mov                  x29, sp
[=] 	0000e7f81943d598 [libloader.so         + 0x63c598]  21 20 1e 91          add                  x1, x1, #0x788
[=] 	0000e7f81943d59c [libloader.so         + 0x63c59c]  c2 1e 80 52          movz                 w2, #0xf6
[=] 	0000e7f81943d5a0 [libloader.so         + 0x63c5a0]  fa f5 00 94          bl                   #0xe7f81947ad88
[=] 	0000e7f81947ad88 [libloader.so         + 0x679d88]  fd 7b be a9          stp                  x29, x30, [sp, #-0x20]!
[=] 	0000e7f81947ad8c [libloader.so         + 0x679d8c]  fd 03 00 91          mov                  x29, sp
[=] 	0000e7f81947ad90 [libloader.so         + 0x679d90]  f3 53 01 a9          stp                  x19, x20, [sp, #0x10]
[=] 	0000e7f81947ad94 [libloader.so         + 0x679d94]  f4 03 00 aa          mov                  x20, x0
[=] 	0000e7f81947ad98 [libloader.so         + 0x679d98]  a1 ff ff 97          bl                   #0xe7f81947ac1c
[=] 	0000e7f81947ac1c [libloader.so         + 0x679c1c]  03 19 00 d0          adrp                 x3, #0xe7f81979c000
[=] 	0000e7f81947ac20 [libloader.so         + 0x679c20]  e5 03 00 aa          mov                  x5, x0
[=] 	0000e7f81947ac24 [libloader.so         + 0x679c24]  fd 7b bf a9          stp                  x29, x30, [sp, #-0x10]!
[=] 	0000e7f81947ac28 [libloader.so         + 0x679c28]  fd 03 00 91          mov                  x29, sp
[=] 	0000e7f81947ac2c [libloader.so         + 0x679c2c]  63 d4 46 f9          ldr                  x3, [x3, #0xda8]
[=] 	0000e7f81947ac30 [libloader.so         + 0x679c30]  03 01 00 b4          cbz                  x3, #0xe7f81947ac50
[=] 	0000e7f81947ac50 [libloader.so         + 0x679c50]  05 01 00 b4          cbz                  x5, #0xe7f81947ac70
[=] 	0000e7f81947ac54 [libloader.so         + 0x679c54]  00 19 00 d0          adrp                 x0, #0xe7f81979c000
[=] 	0000e7f81947ac58 [libloader.so         + 0x679c58]  01 98 4d b9          ldr                  w1, [x0, #0xd98]
[=] 	0000e7f81947ac5c [libloader.so         + 0x679c5c]  41 00 00 34          cbz                  w1, #0xe7f81947ac64
[=] 	0000e7f81947ac60 [libloader.so         + 0x679c60]  1f 98 0d b9          str                  wzr, [x0, #0xd98]
[=] 	0000e7f81947ac64 [libloader.so         + 0x679c64]  fd 7b c1 a8          ldp                  x29, x30, [sp], #0x10
[=] 	0000e7f81947ac68 [libloader.so         + 0x679c68]  e0 03 05 aa          mov                  x0, x5
[=] 	0000e7f81947ac6c [libloader.so         + 0x679c6c]  29 7f e7 17          b                    #0xe7f818e5a910
[=] 	0000e7f818e5a910 [libloader.so         + 0x059910]  70 45 00 d0          adrp                 x16, #0xe7f819708000
[=] 	0000e7f818e5a914 [libloader.so         + 0x059914]  11 f2 40 f9          ldr                  x17, [x16, #0x1e0]
[=] 	0000e7f818e5a918 [libloader.so         + 0x059918]  10 82 07 91          add                  x16, x16, #0x1e0
[=] 	0000e7f818e5a91c [libloader.so         + 0x05991c]  20 02 1f d6          br                   x17
[x] 	CPU Context:
[x] 	x0	: 0x18
[x] 	x1	: 0x1
[x] 	x2	: 0xf6
[x] 	x3	: 0x0
[x] 	x4	: 0x0
[x] 	x5	: 0x18
[x] 	x6	: 0x0
[x] 	x7	: 0x0
[x] 	x8	: 0x0
[x] 	x9	: 0x0
[x] 	x10	: 0x0
[x] 	x11	: 0x0
[x] 	x12	: 0x0
[x] 	x13	: 0x0
[x] 	x14	: 0x0
[x] 	x15	: 0x0
[x] 	x16	: 0xe7f8197081e0
[x] 	x17	: 0x59530
[x] 	x18	: 0x0
[x] 	x19	: 0x0
[x] 	x20	: 0x18
[x] 	x21	: 0x0
[x] 	x22	: 0x0
[x] 	x23	: 0x0
[x] 	x24	: 0x0
[x] 	x25	: 0x0
[x] 	x26	: 0x0
[x] 	x27	: 0x0
[x] 	x28	: 0x0
[x] 	x29	: 0x7ffffffffd30
[x] 	x30	: 0xe7f81947ad9c
[x] 	sp	: 0x7ffffffffd30
[x] 	pc	: 0x59530
[x] 	lr	: 0xe7f81947ad9c
[x] 	cpacr_el1	: 0x300000
[x] 	tpidr_el0	: 0x0
[x] 	pstate	: 0x400003c5
[x] 	b0	: 0x0
[x] 	b1	: 0x0
[x] 	b2	: 0x0
[x] 	b3	: 0x0
[x] 	b4	: 0x0
[x] 	b5	: 0x0
[x] 	b6	: 0x0
[x] 	b7	: 0x0
[x] 	b8	: 0x0
[x] 	b9	: 0x0
[x] 	b10	: 0x0
[x] 	b11	: 0x0
[x] 	b12	: 0x0
[x] 	b13	: 0x0
[x] 	b14	: 0x0
[x] 	b15	: 0x0
[x] 	b16	: 0x0
[x] 	b17	: 0x0
[x] 	b18	: 0x0
[x] 	b19	: 0x0
[x] 	b20	: 0x0
[x] 	b21	: 0x0
[x] 	b22	: 0x0
[x] 	b23	: 0x0
[x] 	b24	: 0x0
[x] 	b25	: 0x0
[x] 	b26	: 0x0
[x] 	b27	: 0x0
[x] 	b28	: 0x0
[x] 	b29	: 0x0
[x] 	b30	: 0x0
[x] 	b31	: 0x0
[x] 	d0	: 0x0
[x] 	d1	: 0x0
[x] 	d2	: 0x0
[x] 	d3	: 0x0
[x] 	d4	: 0x0
[x] 	d5	: 0x0
[x] 	d6	: 0x0
[x] 	d7	: 0x0
[x] 	d8	: 0x0
[x] 	d9	: 0x0
[x] 	d10	: 0x0
[x] 	d11	: 0x0
[x] 	d12	: 0x0
[x] 	d13	: 0x0
[x] 	d14	: 0x0
[x] 	d15	: 0x0
[x] 	d16	: 0x0
[x] 	d17	: 0x0
[x] 	d18	: 0x0
[x] 	d19	: 0x0
[x] 	d20	: 0x0
[x] 	d21	: 0x0
[x] 	d22	: 0x0
[x] 	d23	: 0x0
[x] 	d24	: 0x0
[x] 	d25	: 0x0
[x] 	d26	: 0x0
[x] 	d27	: 0x0
[x] 	d28	: 0x0
[x] 	d29	: 0x0
[x] 	d30	: 0x0
[x] 	d31	: 0x0
[x] 	h0	: 0x0
[x] 	h1	: 0x0
[x] 	h2	: 0x0
[x] 	h3	: 0x0
[x] 	h4	: 0x0
[x] 	h5	: 0x0
[x] 	h6	: 0x0
[x] 	h7	: 0x0
[x] 	h8	: 0x0
[x] 	h9	: 0x0
[x] 	h10	: 0x0
[x] 	h11	: 0x0
[x] 	h12	: 0x0
[x] 	h13	: 0x0
[x] 	h14	: 0x0
[x] 	h15	: 0x0
[x] 	h16	: 0x0
[x] 	h17	: 0x0
[x] 	h18	: 0x0
[x] 	h19	: 0x0
[x] 	h20	: 0x0
[x] 	h21	: 0x0
[x] 	h22	: 0x0
[x] 	h23	: 0x0
[x] 	h24	: 0x0
[x] 	h25	: 0x0
[x] 	h26	: 0x0
[x] 	h27	: 0x0
[x] 	h28	: 0x0
[x] 	h29	: 0x0
[x] 	h30	: 0x0
[x] 	h31	: 0x0
[x] 	q0	: 0x0
[x] 	q1	: 0x0
[x] 	q2	: 0x0
[x] 	q3	: 0x0
[x] 	q4	: 0x0
[x] 	q5	: 0x0
[x] 	q6	: 0x0
[x] 	q7	: 0x0
[x] 	q8	: 0x0
[x] 	q9	: 0x0
[x] 	q10	: 0x0
[x] 	q11	: 0x0
[x] 	q12	: 0x0
[x] 	q13	: 0x0
[x] 	q14	: 0x0
[x] 	q15	: 0x0
[x] 	q16	: 0x0
[x] 	q17	: 0x0
[x] 	q18	: 0x0
[x] 	q19	: 0x0
[x] 	q20	: 0x0
[x] 	q21	: 0x0
[x] 	q22	: 0x0
[x] 	q23	: 0x0
[x] 	q24	: 0x0
[x] 	q25	: 0x0
[x] 	q26	: 0x0
[x] 	q27	: 0x0
[x] 	q28	: 0x0
[x] 	q29	: 0x0
[x] 	q30	: 0x0
[x] 	q31	: 0x0
[x] 	s0	: 0x0
[x] 	s1	: 0x0
[x] 	s2	: 0x0
[x] 	s3	: 0x0
[x] 	s4	: 0x0
[x] 	s5	: 0x0
[x] 	s6	: 0x0
[x] 	s7	: 0x0
[x] 	s8	: 0x0
[x] 	s9	: 0x0
[x] 	s10	: 0x0
[x] 	s11	: 0x0
[x] 	s12	: 0x0
[x] 	s13	: 0x0
[x] 	s14	: 0x0
[x] 	s15	: 0x0
[x] 	s16	: 0x0
[x] 	s17	: 0x0
[x] 	s18	: 0x0
[x] 	s19	: 0x0
[x] 	s20	: 0x0
[x] 	s21	: 0x0
[x] 	s22	: 0x0
[x] 	s23	: 0x0
[x] 	s24	: 0x0
[x] 	s25	: 0x0
[x] 	s26	: 0x0
[x] 	s27	: 0x0
[x] 	s28	: 0x0
[x] 	s29	: 0x0
[x] 	s30	: 0x0
[x] 	s31	: 0x0
[x] 	w0	: 0x18
[x] 	w1	: 0x1
[x] 	w2	: 0xf6
[x] 	w3	: 0x0
[x] 	w4	: 0x0
[x] 	w5	: 0x18
[x] 	w6	: 0x0
[x] 	w7	: 0x0
[x] 	w8	: 0x0
[x] 	w9	: 0x0
[x] 	w10	: 0x0
[x] 	w11	: 0x0
[x] 	w12	: 0x0
[x] 	w13	: 0x0
[x] 	w14	: 0x0
[x] 	w15	: 0x0
[x] 	w16	: 0x197081e0
[x] 	w17	: 0x59530
[x] 	w18	: 0x0
[x] 	w19	: 0x0
[x] 	w20	: 0x18
[x] 	w21	: 0x0
[x] 	w22	: 0x0
[x] 	w23	: 0x0
[x] 	w24	: 0x0
[x] 	w25	: 0x0
[x] 	w26	: 0x0
[x] 	w27	: 0x0
[x] 	w28	: 0x0
[x] 	w29	: 0xfffffd30
[x] 	w30	: 0x1947ad9c
[x] 	v0	: 0x0
[x] 	v1	: 0x0
[x] 	v2	: 0x0
[x] 	v3	: 0x0
[x] 	v4	: 0x0
[x] 	v5	: 0x0
[x] 	v6	: 0x0
[x] 	v7	: 0x0
[x] 	v8	: 0x0
[x] 	v9	: 0x0
[x] 	v10	: 0x0
[x] 	v11	: 0x0
[x] 	v12	: 0x0
[x] 	v13	: 0x0
[x] 	v14	: 0x0
[x] 	v15	: 0x0
[x] 	v16	: 0x0
[x] 	v17	: 0x0
[x] 	v18	: 0x0
[x] 	v19	: 0x0
[x] 	v20	: 0x0
[x] 	v21	: 0x0
[x] 	v22	: 0x0
[x] 	v23	: 0x0
[x] 	v24	: 0x0
[x] 	v25	: 0x0
[x] 	v26	: 0x0
[x] 	v27	: 0x0
[x] 	v28	: 0x0
[x] 	v29	: 0x0
[x] 	v30	: 0x0
[x] 	v31	: 0x0
[x] 	PC = 0x0000000000059530 (unreachable)

[x] 	Memory map:
[x] 	Start            End              Perm    Label          Image
[x] 	007ffffffd0000 - 00800000000000   rwx     [stack]        
[x] 	00e7f818e01000 - 00e7f8196cd000   r-x     libloader.so   /home/ubuntu/qiling/my_project/env/so_files/libloader.so
[x] 	00e7f8196dd000 - 00e7f81a3c5000   rw-     libloader.so   /home/ubuntu/qiling/my_project/env/so_files/libloader.so
[x] 	00e7f81a3c5000 - 00e7f81a3c7000   rwx     [hook_mem]     
Traceback (most recent call last):
  File "/home/ubuntu/qiling/qiling/os/linux/linux.py", line 184, in run
    self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
  File "/home/ubuntu/qiling/qiling/core.py", line 762, in emu_start
    self.uc.emu_start(begin, end, timeout, count)
  File "/home/ubuntu/.pyenv/versions/qilingenv/lib/python3.10/site-packages/unicorn/unicorn.py", line 547, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED)

Process finished with exit code 1

RickyCong avatar Jul 27 '24 16:07 RickyCong