qiling
qiling copied to clipboard
Published
20 hours ago •
qilingframework
qilingframework
What is missing? Invalid memory write (UC_ERR_WRITE_UNMAPPED)
Hey, Iam now emulating another router. It's the Netgear Nighthawk RAX120. You can download version 1.0.1.112 here https://www.downloads.netgear.com/files/GDC/RAX120/RAX120-V1.0.1.114.zip
My script looks like this
#!/usr/bin/env python3
#
# Qiling Framework, 2020 (https://github.com/qilingframework/qiling)
#
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
# Built on top of Unicorn emulator (www.unicorn-engine.org)
# After mapping /proc there will be a /dev/mtdblock11 missing and crash
# To fix this,
# - cd $yourfirmware_rootfs/dev
# - dd if=/dev/zero of=mtdblock11 bs=1024 count=129030
# - mkfs.ext4 mtdblock11
#
# This firmware will more or less alive now.
import sys
sys.path.append("..")
from qiling import *
from qiling.os.posix import syscall
from qiling.const import QL_VERBOSE
def my_syscall_write(ql, write_fd, write_buf, write_count, *rest):
if write_fd is 2 and ql.file_des[2].__class__.__name__ == 'ql_pipe':
ql_definesyscall_return(ql, -1)
else:
syscall.ql_syscall_write(ql, write_fd, write_buf, write_count, *rest)
def my_netgear(path, rootfs):
ql = Qiling(
path,
rootfs,
verbose = QL_VERBOSE.DEBUG,
multithread = True
)
ql.root = False
ql.bindtolocalhost = True
ql.add_fs_mapper('/proc', '/proc')
# ql.set_syscall(4004, my_syscall_write) # disabled for this example
ql.run()
if __name__ == "__main__":
my_netgear(["nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd", "-f", "etc/lighttpd/lighttpd.conf"],
"nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root")
Now I get this Unmapped writing Error, which also mentioned here https://docs.qiling.io/en/latest/faq/. How can I figure out what is missing. Is it maybe the brk() syscall?
Here my Log
nighthawk.py:24: SyntaxWarning: "is" with a literal. Did you mean "=="?
if write_fd is 2 and ql.file_des[2].__class__.__name__ == 'ql_pipe':
[+] Profile: Default
[+] load 0x400000 - 0x42f000
[+] load 0x43e000 - 0x440000
[+] mem_start: 0x400000 mem_end: 0x440000
[+] interp is : nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/ld-musl-aarch64.so.1
[+] interp_mem_size is : 0x85000
[+] interp_address is : 0x7ffff7dd5000
[+] mmap_address is : 0x7fffb7dd6000
[+] rel name b'__h_errno_location'
[+] rel name b'printf'
[+] rel name b'SSL_CTX_set_client_CA_list'
[+] rel name b'setsid'
[+] rel name b'exit'
[+] rel name b'SSL_state'
[+] rel name b'SSL_get_error'
[+] rel name b'inet_addr'
[+] rel name b'realloc'
[+] rel name b'RAND_status'
[+] rel name b'memmove'
[+] rel name b'munmap'
[+] rel name b'dlopen'
[+] rel name b'CRYPTO_free'
[+] rel name b'tzset'
[+] rel name b'setlocale'
[+] rel name b'ftruncate'
[+] rel name b'RAND_seed'
[+] rel name b'sk_pop_free'
[+] rel name b'strcspn'
[+] rel name b'strstr'
[+] rel name b'clock_gettime'
[+] rel name b'OBJ_sn2nid'
[+] rel name b'OBJ_obj2nid'
[+] rel name b'SSL_write'
[+] rel name b'SSL_CTX_set_info_callback'
[+] rel name b'fgets'
[+] rel name b'close'
[+] rel name b'epoll_wait'
[+] rel name b'strchr'
[+] rel name b'ERR_remove_thread_state'
[+] rel name b'SSL_get_ex_data'
[+] rel name b'calloc'
[+] rel name b'strncmp'
[+] rel name b'SSL_free'
[+] rel name b'htons'
[+] rel name b'freeaddrinfo'
[+] rel name b'fputc'
[+] rel name b'strrchr'
[+] rel name b'SSLv23_server_method'
[+] rel name b'stat'
[+] rel name b'ntohs'
[+] rel name b'X509_NAME_entry_count'
[+] rel name b'strerror'
[+] rel name b'CRYPTO_cleanup_all_ex_data'
[+] rel name b'__register_frame_info'
[+] rel name b'free'
[+] rel name b'SSL_set_fd'
[+] rel name b'X509_NAME_ENTRY_get_data'
[+] rel name b'SSL_CTX_callback_ctrl'
[+] rel name b'fputs'
[+] rel name b'SSL_CTX_set_verify'
[+] rel name b'SSL_dup_CA_list'
[+] rel name b'abort'
[+] rel name b'unlink'
[+] rel name b'strtoll'
[+] rel name b'BIO_read'
[+] rel name b'SSL_set_client_CA_list'
[+] rel name b'mmap'
[+] rel name b'sysconf'
[+] rel name b'fflush'
[+] rel name b'dup2'
[+] rel name b'OBJ_nid2sn'
[+] rel name b'inet_ntoa'
[+] rel name b'_exit'
[+] rel name b'fprintf'
[+] rel name b'waitpid'
[+] rel name b'BN_bin2bn'
[+] rel name b'RAND_bytes'
[+] rel name b'memcpy'
[+] rel name b'getnameinfo'
[+] rel name b'SSL_set_shutdown'
[+] rel name b'X509_get_subject_name'
[+] rel name b'getsockname'
[+] rel name b'EVP_PKEY_free'
[+] rel name b'accept4'
[+] rel name b'srand'
[+] rel name b'__deregister_frame_info'
[+] rel name b'SSL_CTX_set_session_id_context'
[+] rel name b'fork'
[+] rel name b'rand'
[+] rel name b'SSL_get_version'
[+] rel name b'mktime'
[+] rel name b'localtime'
[+] rel name b'pcre_exec'
[+] rel name b'lstat'
[+] rel name b'SSL_use_certificate'
[+] rel name b'dlclose'
[+] rel name b'prctl'
[+] rel name b'writev'
[+] rel name b'fstat'
[+] rel name b'SSL_set_ex_data'
[+] rel name b'ASN1_INTEGER_to_BN'
[+] rel name b'wait'
[+] rel name b'SSL_library_init'
[+] rel name b'memset'
[+] rel name b'sigaction'
[+] rel name b'listen'
[+] rel name b'getenv'
[+] rel name b'SSL_read'
[+] rel name b'X509_NAME_ENTRY_get_object'
[+] rel name b'ERR_error_string_n'
[+] rel name b'SSL_get_current_cipher'
[+] rel name b'PEM_read_bio_DHparams'
[+] rel name b'getcwd'
[+] rel name b'X509_get_serialNumber'
[+] rel name b'DH_new'
[+] rel name b'SSL_CTX_ctrl'
[+] rel name b'mkstemp'
[+] rel name b'SSL_new'
[+] rel name b'config_get'
[+] rel name b'BN_free'
[+] rel name b'OPENSSL_add_all_algorithms_noconf'
[+] rel name b'pcre_fullinfo'
[+] rel name b'gethostbyname'
[+] rel name b'setenv'
[+] rel name b'SSL_shutdown'
[+] rel name b'perror'
[+] rel name b'setrlimit'
[+] rel name b'EVP_cleanup'
[+] rel name b'strptime'
[+] rel name b'ERR_clear_error'
[+] rel name b'epoll_ctl'
[+] rel name b'BN_bn2hex'
[+] rel name b'PEM_write_bio_X509'
[+] rel name b'epoll_create'
[+] rel name b'strncasecmp'
[+] rel name b'ERR_free_strings'
[+] rel name b'chroot'
[+] rel name b'strcpy'
[+] rel name b'random'
[+] rel name b'read'
[+] rel name b'shutdown'
[+] rel name b'DH_free'
[+] rel name b'system'
[+] rel name b'issetugid'
[+] rel name b'SSL_set_verify_depth'
[+] rel name b'SSL_CIPHER_get_bits'
[+] rel name b'setsockopt'
[+] rel name b'SSL_CTX_new'
[+] rel name b'pcre_compile'
[+] rel name b'SSL_set_accept_state'
[+] rel name b'execl'
[+] rel name b'SSL_get_peer_certificate'
[+] rel name b'X509_NAME_get_entry'
[+] rel name b'BIO_new'
[+] rel name b'BIO_ctrl'
[+] rel name b'RAND_cleanup'
[+] rel name b'strftime'
[+] rel name b'BIO_free'
[+] rel name b'SSL_CTX_load_verify_locations'
[+] rel name b'gmtime'
[+] rel name b'syslog'
[+] rel name b'RAND_pseudo_bytes'
[+] rel name b'puts'
[+] rel name b'fopen'
[+] rel name b'chdir'
[+] rel name b'SSL_load_client_CA_file'
[+] rel name b'dlerror'
[+] rel name b'putc'
[+] rel name b'htonl'
[+] rel name b'ERR_error_string'
[+] rel name b'SSL_pending'
[+] rel name b'fcntl'
[+] rel name b'getloadavg'
[+] rel name b'RAND_poll'
[+] rel name b'SSL_set_verify'
[+] rel name b'SSL_CTX_set_cipher_list'
[+] rel name b'getpid'
[+] rel name b'gethostbyaddr'
[+] rel name b'X509_check_private_key'
[+] rel name b'dlsym'
[+] rel name b'dup'
[+] rel name b'SSL_CTX_set_verify_depth'
[+] rel name b'memchr'
[+] rel name b'write'
[+] rel name b'strcasecmp'
[+] rel name b'socket'
[+] rel name b'__libc_start_main'
[+] rel name b'EC_KEY_free'
[+] rel name b'pipe'
[+] rel name b'X509_free'
[+] rel name b'time'
[+] rel name b'SSL_use_PrivateKey'
[+] rel name b'strncpy'
[+] rel name b'pcre_study'
[+] rel name b'memcmp'
[+] rel name b'fclose'
[+] rel name b'srandom'
[+] rel name b'SSL_CTX_free'
[+] rel name b'inet_ntop'
[+] rel name b'ioctl'
[+] rel name b'closelog'
[+] rel name b'getaddrinfo'
[+] rel name b'syscall'
[+] rel name b'SSL_load_error_strings'
[+] rel name b'gai_strerror'
[+] rel name b'sigemptyset'
[+] rel name b'isalnum'
[+] rel name b'ERR_get_error'
[+] rel name b'lseek'
[+] rel name b'SSL_CTX_use_PrivateKey'
[+] rel name b'kill'
[+] rel name b'SSL_get_servername'
[+] rel name b'glob'
[+] rel name b'getopt'
[+] rel name b'strtoul'
[+] rel name b'open'
[+] rel name b'sprintf'
[+] rel name b'sleep'
[+] rel name b'PEM_read_bio_PrivateKey'
[+] rel name b'SSL_CTX_check_private_key'
[+] rel name b'signal'
[+] rel name b'globfree'
[+] rel name b'getuid'
[+] rel name b'PEM_read_bio_X509'
[+] rel name b'connect'
[+] rel name b'select'
[+] rel name b'poll'
[+] rel name b'bind'
[+] rel name b'strlen'
[+] rel name b'openlog'
[+] rel name b'strtol'
[+] rel name b'SSL_CIPHER_get_name'
[+] rel name b'SSL_CTX_use_certificate'
[+] rel name b'BIO_s_file'
[+] rel name b'SSL_get_verify_result'
[+] rel name b'inet_pton'
[+] rel name b'getsockopt'
[+] rel name b'BIO_new_file'
[+] rel name b'BIO_s_mem'
[+] rel name b'getpeername'
[+] rel name b'X509_NAME_free'
[+] rel name b'__assert_fail'
[+] rel name b'EC_KEY_new_by_curve_name'
[+] rel name b'__errno_location'
[+] rel name b'getgid'
[+] rel name b'malloc'
[+] rel name b'getrlimit'
[+] rel name b'strcmp'
[+] rel name b'config_set'
[+] [Thread 2000] Saved context. tpidr_el0=0x0
[+] [Thread 2000] Set tpidr_el0 to 0x0
[+] [Thread 2000] Restored context. tpidr_el0=0x0
[+] [Thread 2000] Scheduled from 0x7ffff7e39ed0.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7dffaec: set_tid_address(tid_address_tidptr = 0x7ffff7e59808)
[+] [Thread 2000] set_tid_address() = 0x7d0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e217ec: openat(fd = 0xffffffffffffff9c, path = 0x80000000d4a0, flags = 0xa0000, mode = 0x1b6)
[+] [Thread 2000] openat(fd = -100, path = /etc/ld-musl-aarch64.path, flags = O_RDONLY, mode = 0o666) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /lib/libconfig.so, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/local/lib/libconfig.so, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/lib/libconfig.so, flags = O_RDONLY, mode = 0o0) = 3
[+] [Thread 2000] openat() = 0x3
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x3, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e1fb44: fstat(fd = 0x3, buf_ptr = 0x80000000d548)
[+] [Thread 2000] fstat write completed
[+] [Thread 2000] fstat() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: read(fd = 0x3, buf = 0x80000000d100, len = 0x3c0)
[+] [Thread 2000] read() CONTENT:
[+] [Thread 2000] b'\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00`\x0e\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x88\x1b\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x008\x00\x04\x00@\x00\x17\x00\x16\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00l\x17\x00\x00\x00\x00\x00\x00l\x17\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00p\x17\x00\x00\x00\x00\x00\x00p\x17\x01\x00\x00\x00\x00\x00p\x17\x01\x00\x00\x00\x00\x00 \x03\x00\x00\x00\x00\x00\x00h\x03l\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x80\x17\x00\x00\x00\x00\x00\x00\x80\x17\x01\x00\x00\x00\x00\x00\x80\x17\x01\x00\x00\x00\x00\x00\xd0\x01\x00\x00\x00\x00\x00\x00\xd0\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00Q\xe5td\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00%\x00\x00\x001\x00\x00\x00!\x00\x00\x00#\x00\x00\x00\n\x00\x00\x00%\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x11\x00\x00\x00.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x00\x00\x04\x00\x00\x00/\x00\x00\x00\x1c\x00\x00\x00*\x00\x00\x00-\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x00\x00\x00\x00\x00\x00$\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\'\x00\x00\x00,\x00\x00\x00\x0b\x00\x00\x00)\x00\x00\x00&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\t\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x15\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x00\x00\x00\x00\x00\x00\r\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x19\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\x12\x00\x00\x00\x13\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x08\x00\xb0\x0c\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x13\x00X\x1a\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb1\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa9\x01\x00\x00\x12\x00\n\x00L\x16\x00\x00\x00\x00\x00\x00h\x00\x00\x00\x00\x00\x00\x00?\x01\x00\x00\x12\x00\n\x00\xdc\x14\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x87\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\x01\x00\x00\x10\x00\x14\x00\xd8\x1am\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00j\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00L\x01\x00\x00\x12\x00\n\x00\xfc\x14\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x00\x00\x00\x00\xcb\x00\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00i\x01\x00\x00\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x84\x01\x00\x00\x12\x00\n\x00'
[+] [Thread 2000] read() = 0x3c0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x0, length = 0x6d2000, prot = 0x5, flags = 0x2, fd = 0x3, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x0, 0x6d2000, PROT_READ | PROT_EXEC (0x5), MAP_PRIVATE (0x2), 3, 0x0)
[+] [Thread 2000] mmap - mapping needed for 0x0
[+] [Thread 2000] mmap - addr range 0x7fffb7dd6000 - 0x7fffb84a7fff:
[+] [Thread 2000] mem write : 0x2148
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libconfig.so
[+] [Thread 2000] mmap(0x0, 0x6d2000, 0x5, 0x2, 3, 0x0) = 0x7fffb7dd6000
[+] [Thread 2000] mmap() = 0x7fffb7dd6000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x7fffb7de7000, length = 0x6c1000, prot = 0x3, flags = 0x12, fd = 0x3, pgoffset = 0x1000)
[+] [Thread 2000] mmap(0x7fffb7de7000, 0x6c1000, PROT_READ | PROT_WRITE (0x3), MAP_PRIVATE | MAP_FIXED (0x12), 3, 0x1000)
[+] [Thread 2000] mmap - MAP_FIXED, mapping not needed
[+] [Thread 2000] mmap - addr range 0x7fffb7de7000 - 0x7fffb84a7fff:
[+] [Thread 2000] mem write : 0x1148
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libconfig.so
[+] [Thread 2000] mmap(0x7fffb7de7000, 0x6c1000, 0x3, 0x12, 3, 0x1000) = 0x7fffb7de7000
[+] [Thread 2000] mmap() = 0x7fffb7de7000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x7fffb7de8000, length = 0x6c0000, prot = 0x3, flags = 0x32, fd = 0xffffffffffffffff, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x7fffb7de8000, 0x6c0000, PROT_READ | PROT_WRITE (0x3), MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS (0x32), ffffffffffffffff, 0x0)
[+] [Thread 2000] mmap - MAP_FIXED, mapping not needed
[+] [Thread 2000] mmap - addr range 0x7fffb7de8000 - 0x7fffb84a7fff:
[+] [Thread 2000] mmap(0x7fffb7de8000, 0x6c0000, 0x3, 0x32, ffffffffffffffff, 0x0) = 0x7fffb7de8000
[+] [Thread 2000] mmap() = 0x7fffb7de8000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: close(fd = 0x3)
[+] [Thread 2000] close() = 0x0
[+] [Thread 2000] Suspended at 0x7ffff7e29700
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e29700.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /lib/libpcre.so.0, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/local/lib/libpcre.so.0, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/lib/libpcre.so.0, flags = O_RDONLY, mode = 0o0) = 3
[+] [Thread 2000] openat() = 0x3
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x3, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e1fb44: fstat(fd = 0x3, buf_ptr = 0x80000000d548)
[+] [Thread 2000] fstat write completed
[+] [Thread 2000] fstat() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: read(fd = 0x3, buf = 0x80000000d100, len = 0x3c0)
[+] [Thread 2000] read() CONTENT:
[+] [Thread 2000] b'\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\xc0\x16\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\x18\xc1\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x008\x00\x05\x00@\x00\x16\x00\x15\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb4\xad\x01\x00\x00\x00\x00\x00\xb4\xad\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00`\xbc\x01\x00\x00\x00\x00\x00`\xbc\x02\x00\x00\x00\x00\x00`\xbc\x02\x00\x00\x00\x00\x00\xc8\x03\x00\x00\x00\x00\x00\x00\x08\x04\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00p\xbc\x01\x00\x00\x00\x00\x00p\xbc\x02\x00\x00\x00\x00\x00p\xbc\x02\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00Q\xe5td\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00R\xe5td\x04\x00\x00\x00`\xbc\x01\x00\x00\x00\x00\x00`\xbc\x02\x00\x00\x00\x00\x00`\xbc\x02\x00\x00\x00\x00\x00\xa0\x03\x00\x00\x00\x00\x00\x00\xa0\x03\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00L\x00\x00\x00\x00\x00\x00\x00I\x00\x00\x00\x11\x00\x00\x006\x00\x00\x00G\x00\x00\x00\x1d\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x007\x00\x00\x00\x00\x00\x00\x00;\x00\x00\x00#\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00H\x00\x00\x009\x00\x00\x00\x00\x00\x00\x00C\x00\x00\x00-\x00\x00\x00\n\x00\x00\x00\x00\x00\x00\x00?\x00\x00\x00:\x00\x00\x00\x00\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\x19\x00\x00\x00A\x00\x00\x00"\x00\x00\x00<\x00\x00\x00B\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x00\x00\x00\x00\x00\x00+\x00\x00\x00\x05\x00\x00\x00\x0e\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x15\x00\x00\x00&\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00D\x00\x00\x000\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x00\x00=\x00\x00\x005\x00\x00\x00F\x00\x00\x00$\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00J\x00\x00\x00\x12\x00\x00\x00E\x00\x00\x00%\x00\x00\x00\x00\x00\x00\x00>\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0b\x00\x00\x00\x17\x00\x00\x00\x04\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x14\x00\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00\x13\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x07\x00\x00\x00!\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00\x00\x00\x00\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x00\x00\x16\x00\x00\x00\t\x00\x00\x003\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\x00)\x00\x00\x00/\x00\x00\x00\'\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00*\x00\x00\x00\x00\x00\x00\x001\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x00\x00\x00\r\x00\x00\x00\x1b\x00\x00\x008\x00\x00\x004\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\x08\x00'
[+] [Thread 2000] read() = 0x3c0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x0, length = 0x2d000, prot = 0x5, flags = 0x2, fd = 0x3, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x0, 0x2d000, PROT_READ | PROT_EXEC (0x5), MAP_PRIVATE (0x2), 3, 0x0)
[+] [Thread 2000] mmap - mapping needed for 0x0
[+] [Thread 2000] mmap - addr range 0x7fffb84a8000 - 0x7fffb84d4fff:
[+] [Thread 2000] mem write : 0x1c698
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libpcre.so.0.0.1
[+] [Thread 2000] mmap(0x0, 0x2d000, 0x5, 0x2, 3, 0x0) = 0x7fffb84a8000
[+] [Thread 2000] mmap() = 0x7fffb84a8000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x7fffb84d3000, length = 0x2000, prot = 0x3, flags = 0x12, fd = 0x3, pgoffset = 0x1b000)
[+] [Thread 2000] mmap(0x7fffb84d3000, 0x2000, PROT_READ | PROT_WRITE (0x3), MAP_PRIVATE | MAP_FIXED (0x12), 3, 0x1b000)
[+] [Thread 2000] mmap - MAP_FIXED, mapping not needed
[+] [Thread 2000] mmap - addr range 0x7fffb84d3000 - 0x7fffb84d4fff:
[+] [Thread 2000] mem write : 0x1698
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libpcre.so.0.0.1
[+] [Thread 2000] mmap(0x7fffb84d3000, 0x2000, 0x3, 0x12, 3, 0x1b000) = 0x7fffb84d3000
[+] [Thread 2000] mmap() = 0x7fffb84d3000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: close(fd = 0x3)
[+] [Thread 2000] close() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /lib/libssl.so.1.0.0, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/local/lib/libssl.so.1.0.0, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/lib/libssl.so.1.0.0, flags = O_RDONLY, mode = 0o0) = 3
[+] [Thread 2000] openat() = 0x3
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x3, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e1fb44: fstat(fd = 0x3, buf_ptr = 0x80000000d548)
[+] [Thread 2000] fstat write completed
[+] [Thread 2000] fstat() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: read(fd = 0x3, buf = 0x80000000d100, len = 0x3c0)
[+] [Thread 2000] read() CONTENT:
[+] [Thread 2000] b'\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\xe0e\x01\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00`\xcd\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x008\x00\x05\x00@\x00\x17\x00\x16\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00`K\x04\x00\x00\x00\x00\x00`K\x04\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00 Z\x04\x00\x00\x00\x00\x00 Z\x05\x00\x00\x00\x00\x00 Z\x05\x00\x00\x00\x00\x00Hr\x00\x00\x00\x00\x00\x00@s\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x18\x91\x04\x00\x00\x00\x00\x00\x18\x91\x05\x00\x00\x00\x00\x00\x18\x91\x05\x00\x00\x00\x00\x00 \x02\x00\x00\x00\x00\x00\x00 \x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00Q\xe5td\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00R\xe5td\x04\x00\x00\x00 Z\x04\x00\x00\x00\x00\x00 Z\x05\x00\x00\x00\x00\x00 Z\x05\x00\x00\x00\x00\x00\xe0E\x00\x00\x00\x00\x00\x00\xe0E\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\t\x02\x00\x00\xe3\x03\x00\x00\x8a\x02\x00\x00\x9a\x02\x00\x00A\x02\x00\x00P\x01\x00\x00\xc1\x02\x00\x00\xbb\x03\x00\x00\x00\x00\x00\x00\xd9\x03\x00\x00\xa6\x02\x00\x00\xd2\x03\x00\x00\x1e\x03\x00\x00\xda\x03\x00\x00\xcd\x01\x00\x00\x16\x03\x00\x00e\x03\x00\x00\xd5\x00\x00\x00\xfe\x02\x00\x00\xb9\x01\x00\x00\x00\x00\x00\x004\x02\x00\x00\x00\x00\x00\x00\x8b\x02\x00\x00\x1d\x02\x00\x00\xce\x01\x00\x00\xd8\x03\x00\x00\xc3\x03\x00\x00Y\x02\x00\x00\x00\x00\x00\x00\xe6\x02\x00\x00\x00\x00\x00\x00\xd6\x03\x00\x00x\x02\x00\x00*\x03\x00\x00l\x02\x00\x00\x98\x02\x00\x00m\x01\x00\x00^\x02\x00\x00\x00\x00\x00\x00(\x01\x00\x002\x02\x00\x00\xd5\x03\x00\x00\x00\x00\x00\x00g\x03\x00\x00\xdb\x03\x00\x00\x00\x00\x00\x00\xed\x01\x00\x00\x00\x00\x00\x00T\x01\x00\x00\xf0\x00\x00\x00\x00\x00\x00\x00\x93\x03\x00\x00\xcf\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf9\x02\x00\x00\xb9\x03\x00\x00\xc4\x00\x00\x00.\x03\x00\x00\xab\x01\x00\x00D\x00\x00\x00\x16\x01\x00\x00\xd4\x03\x00\x00\x8a\x00\x00\x00\x83\x00\x00\x00\'\x03\x00\x00\xb3\x03\x00\x00\xe1\x01\x00\x00\xa9\x03\x00\x00\x92\x01\x00\x00\x00\x00\x00\x00z\x01\x00\x00\x00\x00\x00\x00w\x03\x00\x00\x84\x01\x00\x00\xdd\x02\x00\x00y\x01\x00\x00\xcf\x02\x00\x00\xdc\x03\x00\x00\xdd\x03\x00\x00h\x02\x00\x00M\x03\x00\x00\x1d\x03\x00\x00\xa7\x02\x00\x00u\x02\x00\x00\xcc\x02\x00\x00:\x02\x00\x00\xde\x03\x00\x00|\x01\x00\x00|\x03\x00\x00\x00\x00\x00\x00\x97\x02\x00\x00R\x01\x00\x00y\x03\x00\x00\xab\x02\x00\x00\xb5\x01\x00\x00\xaf\x03\x00\x00\xac\x02\x00\x00i\x03\x00\x00\xf0\x02\x00\x00\x9f\x03\x00\x00\x7f\x03\x00\x00{\x03\x00\x00\x00\x00\x00\x00\xa6\x03\x00\x00\xc4\x03\x00\x00;\x01\x00\x00\x00\x00\x00\x00\xae\x02\x00\x00\x1a\x00\x00\x00t\x03\x00\x00$\x00\x00\x00"\x03\x00\x00\xc9\x03\x00\x00\xba\x03\x00\x00\xa5\x02\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x01\x00\x00Q\x02\x00\x00\x88\x02\x00\x00C\x01\x00\x00\x89\x03\x00\x00\x00\x00\x00\x00\xa2\x01\x00\x00\x7f\x00\x00\x00\xb9\x02\x00\x00\x85\x03\x00\x00\xf6\x02\x00\x00T\x03\x00\x00r\x03\x00\x00\xb5\x02\x00\x00\xa1\x03\x00\x00\xea\x01\x00\x00\t\x02\x00\x00J\x03\x00\x00\x00\x00\x00\x00?\x03\x00\x00\xdb\x02\x00\x00\xfd\x01\x00\x00\xec\x02\x00\x00\xdc\x01\x00\x00\xe1\x02\x00\x001\x03\x00\x00\xd2\x02\x00\x00\xce\x02\x00\x00z\x03\x00\x00!\x03\x00\x00\x13\x03\x00\x00"\x02\x00\x00H\x03\x00\x00\x81\x00\x00\x00/\x02\x00\x00'
[+] [Thread 2000] read() = 0x3c0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x0, length = 0x5d000, prot = 0x5, flags = 0x2, fd = 0x3, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x0, 0x5d000, PROT_READ | PROT_EXEC (0x5), MAP_PRIVATE (0x2), 3, 0x0)
[+] [Thread 2000] mmap - mapping needed for 0x0
[+] [Thread 2000] mmap - addr range 0x7fffb84d5000 - 0x7fffb8531fff:
[+] [Thread 2000] mem write : 0x4d320
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libssl.so.1.0.0
[+] [Thread 2000] mmap(0x0, 0x5d000, 0x5, 0x2, 3, 0x0) = 0x7fffb84d5000
[+] [Thread 2000] mmap() = 0x7fffb84d5000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x7fffb852a000, length = 0x8000, prot = 0x3, flags = 0x12, fd = 0x3, pgoffset = 0x45000)
[+] [Thread 2000] mmap(0x7fffb852a000, 0x8000, PROT_READ | PROT_WRITE (0x3), MAP_PRIVATE | MAP_FIXED (0x12), 3, 0x45000)
[+] [Thread 2000] mmap - MAP_FIXED, mapping not needed
[+] [Thread 2000] mmap - addr range 0x7fffb852a000 - 0x7fffb8531fff:
[+] [Thread 2000] mem write : 0x8000
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libssl.so.1.0.0
[+] [Thread 2000] mmap(0x7fffb852a000, 0x8000, 0x3, 0x12, 3, 0x45000) = 0x7fffb852a000
[+] [Thread 2000] mmap() = 0x7fffb852a000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: close(fd = 0x3)
[+] [Thread 2000] close() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /lib/libcrypto.so.1.0.0, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/local/lib/libcrypto.so.1.0.0, flags = O_RDONLY, mode = 0o0) = -2
[+] [Thread 2000] openat() = -0x2 (ENOENT)
[+] [Thread 2000] Suspended at 0x7ffff7e24cd0
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e24cd0.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /usr/lib/libcrypto.so.1.0.0, flags = O_RDONLY, mode = 0o0) = 3
[+] [Thread 2000] openat() = 0x3
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x3, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e1fb44: fstat(fd = 0x3, buf_ptr = 0x80000000d548)
[+] [Thread 2000] fstat write completed
[+] [Thread 2000] fstat() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: read(fd = 0x3, buf = 0x80000000d100, len = 0x3c0)
[+] [Thread 2000] read() CONTENT:
[+] [Thread 2000] b"\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x00\x10\x82\x05\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00\xb0\n\x14\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x008\x00\x05\x00@\x00\x17\x00\x16\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(I\x12\x00\x00\x00\x00\x00(I\x12\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x98W\x12\x00\x00\x00\x00\x00\x98W\x13\x00\x00\x00\x00\x00\x98W\x13\x00\x00\x00\x00\x00 \xb2\x01\x00\x00\x00\x00\x00\xc0\xd1\x01\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x90\xd0\x13\x00\x00\x00\x00\x00\x90\xd0\x14\x00\x00\x00\x00\x00\x90\xd0\x14\x00\x00\x00\x00\x00\x10\x02\x00\x00\x00\x00\x00\x00\x10\x02\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00Q\xe5td\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00R\xe5td\x04\x00\x00\x00\x98W\x12\x00\x00\x00\x00\x00\x98W\x13\x00\x00\x00\x00\x00\x98W\x13\x00\x00\x00\x00\x00h\x88\x01\x00\x00\x00\x00\x00h\x88\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x05\x08\x00\x00\xfb\x0f\x00\x00\x00\x00\x00\x00o\r\x00\x00\x00\x00\x00\x00\xfc\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'\n\x00\x00_\x05\x00\x00H\x0e\x00\x00\xfc\x0b\x00\x00}\x06\x00\x00\xc2\x08\x00\x00\x15\x03\x00\x00\x1d\x0e\x00\x00\xac\x0f\x00\x00$\r\x00\x00\xbb\x00\x00\x00\xa9\x06\x00\x00\xfb\r\x00\x00\x8b\x0c\x00\x00\x10\r\x00\x00p\x01\x00\x00\xad\x0e\x00\x00\xf0\x0b\x00\x00\xe9\t\x00\x00q\x0b\x00\x00\xec\x0f\x00\x00\x11\r\x00\x00\xcd\x0e\x00\x000\x05\x00\x00\x10\x0b\x00\x00\x00\x00\x00\x00\xdc\x08\x00\x00\x7f\x01\x00\x00?\x0b\x00\x00E\r\x00\x00\x00\x00\x00\x00Y\x0b\x00\x00\x00\x00\x00\x00;\r\x00\x00\x07\x0c\x00\x00\xed\x00\x00\x00\xa7\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xe6\x0e\x00\x00\x00\x00\x00\x00\xf4\x00\x00\x00p\x02\x00\x00\x00\x00\x00\x00\xb1\x0f\x00\x00\x03\x0e\x00\x00\x03\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcb\x08\x00\x00\xfc\t\x00\x00\x8f\x0f\x00\x00\x00\x00\x00\x00\xdf\t\x00\x00!\x0b\x00\x00a\x0f\x00\x00\xbe\t\x00\x007\x03\x00\x00\x91\n\x00\x00\xa7\x05\x00\x00\xa1\x05\x00\x00\x0f\x0f\x00\x00\x01\x06\x00\x00\x1c\x0e\x00\x00D\x07\x00\x00]\x0e\x00\x00A\x0c\x00\x00q\n\x00\x00y\x0c\x00\x00\x08\x02\x00\x00j\x05\x00\x00\xcc\t\x00\x00L\x05\x00\x00\x00\x00\x00\x00\xb5\x05\x00\x00\xdd\r\x00\x00\xdc\x00\x00\x00\xea\x06\x00\x00\x14\x0f\x00\x00:\n\x00\x00I\x05\x00\x00\xd7\x07\x00\x00\x8c\x0f\x00\x00[\x05\x00\x00K\x0c\x00\x00\xf8\t\x00\x00\xcc\x0b\x00\x00\x83\x03\x00\x00\x97\r\x00\x00{\x07\x00\x00\xcb\x05\x00\x00\xea\x0e\x00\x00\xf8\x0e\x00\x00+\x0e\x00\x00\n\r\x00\x00\xf9\x04\x00\x00g\x0f\x00\x00\xb8\x0e\x00\x00\xa5\r\x00\x00\xeb\x06\x00\x00\xae\x08\x00\x00\x03\r\x00\x00W\x08\x00\x00`\x0c\x00\x00\x00\x00\x00\x00\xf9\r\x00\x00\xe0\x08\x00\x001\x0e\x00\x00\x01\x0f\x00\x00\xf5\x0f\x00\x00\xf7\x02\x00\x00Z\n\x00\x00\x00\x00\x00\x00\xad\x0b\x00\x00:\r\x00\x00r\x05\x00\x00\n\x08\x00\x00X\r\x00\x00O\x0e\x00\x00w\x04\x00\x00]\x0c\x00\x00\x8a\x05\x00\x00'\t\x00\x00\x00\x00\x00\x005\x0e\x00\x002\x0f\x00\x00\x0f\x0b\x00\x00~\x03\x00\x00\x05\x04\x00\x00\x11\x0f\x00\x00\xec\x0b\x00\x00\xb8\x0b\x00\x00\xe7\n\x00\x00\xbb\x07\x00\x00T\x0f\x00\x00\x00\x00\x00\x00\xe3\x01\x00\x00\x00\x00\x00\x00\x82\x0b\x00\x00\xe9\x0c\x00\x00'\r\x00\x00\xdd\x0b\x00\x00i\x03\x00\x00\x14\x0b\x00\x00\x0b\x08\x00\x00A\x04\x00\x00"
[+] [Thread 2000] read() = 0x3c0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x0, length = 0x153000, prot = 0x5, flags = 0x2, fd = 0x3, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x0, 0x153000, PROT_READ | PROT_EXEC (0x5), MAP_PRIVATE (0x2), 3, 0x0)
[+] [Thread 2000] mmap - mapping needed for 0x0
[+] [Thread 2000] mmap - addr range 0x7fffb8532000 - 0x7fffb8684fff:
[+] [Thread 2000] mem write : 0x141070
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libcrypto.so.1.0.0
[+] [Thread 2000] mmap(0x0, 0x153000, 0x5, 0x2, 3, 0x0) = 0x7fffb8532000
[+] [Thread 2000] mmap() = 0x7fffb8532000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x7fffb8667000, length = 0x1e000, prot = 0x3, flags = 0x12, fd = 0x3, pgoffset = 0x125000)
[+] [Thread 2000] mmap(0x7fffb8667000, 0x1e000, PROT_READ | PROT_WRITE (0x3), MAP_PRIVATE | MAP_FIXED (0x12), 3, 0x125000)
[+] [Thread 2000] mmap - MAP_FIXED, mapping not needed
[+] [Thread 2000] mmap - addr range 0x7fffb8667000 - 0x7fffb8684fff:
[+] [Thread 2000] mem write : 0x1c070
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libcrypto.so.1.0.0
[+] [Thread 2000] mmap(0x7fffb8667000, 0x1e000, 0x3, 0x12, 3, 0x125000) = 0x7fffb8667000
[+] [Thread 2000] mmap() = 0x7fffb8667000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x7fffb8683000, length = 0x2000, prot = 0x3, flags = 0x32, fd = 0xffffffffffffffff, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x7fffb8683000, 0x2000, PROT_READ | PROT_WRITE (0x3), MAP_PRIVATE | MAP_FIXED | MAP_ANONYMOUS (0x32), ffffffffffffffff, 0x0)
[+] [Thread 2000] mmap - MAP_FIXED, mapping not needed
[+] [Thread 2000] mmap - addr range 0x7fffb8683000 - 0x7fffb8684fff:
[+] [Thread 2000] mmap(0x7fffb8683000, 0x2000, 0x3, 0x32, ffffffffffffffff, 0x0) = 0x7fffb8683000
[+] [Thread 2000] mmap() = 0x7fffb8683000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: close(fd = 0x3)
[+] [Thread 2000] close() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d710, flags = 0xa0000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /lib/libgcc_s.so.1, flags = O_RDONLY, mode = 0o0) = 3
[+] [Thread 2000] openat() = 0x3
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x3, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e1fb44: fstat(fd = 0x3, buf_ptr = 0x80000000d548)
[+] [Thread 2000] fstat write completed
[+] [Thread 2000] fstat() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: read(fd = 0x3, buf = 0x80000000d100, len = 0x3c0)
[+] [Thread 2000] read() CONTENT:
[+] [Thread 2000] b'\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x03\x00\xb7\x00\x01\x00\x00\x000+\x00\x00\x00\x00\x00\x00@\x00\x00\x00\x00\x00\x00\x00p\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00@\x008\x00\x05\x00@\x00\x18\x00\x17\x00\x01\x00\x00\x00\x05\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00|\xf5\x00\x00\x00\x00\x00\x00|\xf5\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x01\x00\x00\x00\x06\x00\x00\x00\x80\xf5\x00\x00\x00\x00\x00\x00\x80\xf5\x01\x00\x00\x00\x00\x00\x80\xf5\x01\x00\x00\x00\x00\x00\xe8\x03\x00\x00\x00\x00\x00\x00\xc0\x06\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x00\x00\x02\x00\x00\x00\x06\x00\x00\x00\x90\xf5\x00\x00\x00\x00\x00\x00\x90\xf5\x01\x00\x00\x00\x00\x00\x90\xf5\x01\x00\x00\x00\x00\x00\xd0\x01\x00\x00\x00\x00\x00\x00\xd0\x01\x00\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00\x00\x00\x00P\xe5td\x04\x00\x00\x00P\xe3\x00\x00\x00\x00\x00\x00P\xe3\x00\x00\x00\x00\x00\x00P\xe3\x00\x00\x00\x00\x00\x00l\x02\x00\x00\x00\x00\x00\x00l\x02\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x00\x00\x00\x00Q\xe5td\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x83\x00\x00\x00\xab\x00\x00\x00\x00\x00\x00\x00\xa1\x00\x00\x00W\x00\x00\x00l\x00\x00\x00\x00\x00\x00\x00%\x00\x00\x00z\x00\x00\x00\x00\x00\x00\x00I\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa8\x00\x00\x00\x00\x00\x00\x00p\x00\x00\x00\x97\x00\x00\x00U\x00\x00\x00\x00\x00\x00\x00\x8a\x00\x00\x00\xaa\x00\x00\x00/\x00\x00\x00_\x00\x00\x00:\x00\x00\x00\x9a\x00\x00\x00D\x00\x00\x00\x9b\x00\x00\x00=\x00\x00\x00\x00\x00\x00\x00\x8d\x00\x00\x00\x9f\x00\x00\x00\x84\x00\x00\x00\x8c\x00\x00\x00w\x00\x00\x00x\x00\x00\x00\x95\x00\x00\x00d\x00\x00\x00\x00\x00\x00\x00\r\x00\x00\x00\x96\x00\x00\x00Z\x00\x00\x00\x7f\x00\x00\x00a\x00\x00\x00\xa7\x00\x00\x00\x99\x00\x00\x00\x82\x00\x00\x00\xa0\x00\x00\x005\x00\x00\x00c\x00\x00\x00b\x00\x00\x00]\x00\x00\x00\x00\x00\x00\x00F\x00\x00\x00\xa2\x00\x00\x00(\x00\x00\x00\x00\x00\x00\x00\x9d\x00\x00\x00y\x00\x00\x007\x00\x00\x00\x07\x00\x00\x00\x87\x00\x00\x00\xa5\x00\x00\x00\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x00\x00\x9c\x00\x00\x00C\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00V\x00\x00\x00\x00\x00\x00\x00,\x00\x00\x00\x00\x00\x00\x00\x0c\x00\x00\x00\x88\x00\x00\x00<\x00\x00\x00\x00\x00\x00\x00\x94\x00\x00\x00i\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00Y\x00\x00\x00\x8b\x00\x00\x00n\x00\x00\x00o\x00\x00\x00\x90\x00\x00\x00\x98\x00\x00\x00B\x00\x00\x00\x80\x00\x00\x00\x00\x00\x00\x00q\x00\x00\x00\x00\x00\x00\x00\x0e\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x92\x00\x00\x00\x8f\x00\x00\x00\x00\x00\x00\x00\xa3\x00\x00\x00\x00\x00\x00\x00}\x00\x00\x00P\x00\x00\x00G\x00\x00\x00~\x00\x00\x00\xa6\x00\x00\x00>\x00\x00\x00\xa4\x00\x00\x00\x00\x00\x00\x00\x18\x00\x00\x00[\x00\x00\x00Q\x00\x00\x00\xa9\x00\x00\x00m\x00\x00\x00T\x00\x00\x00\x00\x00\x00\x00\x83\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\n\x00\x00\x00\x86\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00e\x00\x00\x00\x91\x00\x00\x00\x9e\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x00\x00\x85\x00\x00\x00\\\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x0f\x00\x00\x00'
[+] [Thread 2000] read() = 0x3c0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x0, length = 0x20000, prot = 0x5, flags = 0x2, fd = 0x3, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x0, 0x20000, PROT_READ | PROT_EXEC (0x5), MAP_PRIVATE (0x2), 3, 0x0)
[+] [Thread 2000] mmap - mapping needed for 0x0
[+] [Thread 2000] mmap - addr range 0x7fffb8685000 - 0x7fffb86a4fff:
[+] [Thread 2000] mem write : 0x10070
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/libgcc_s.so.1
[+] [Thread 2000] mmap(0x0, 0x20000, 0x5, 0x2, 3, 0x0) = 0x7fffb8685000
[+] [Thread 2000] mmap() = 0x7fffb8685000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x7fffb86a4000, length = 0x1000, prot = 0x3, flags = 0x12, fd = 0x3, pgoffset = 0xf000)
[+] [Thread 2000] mmap(0x7fffb86a4000, 0x1000, PROT_READ | PROT_WRITE (0x3), MAP_PRIVATE | MAP_FIXED (0x12), 3, 0xf000)
[+] [Thread 2000] mmap - MAP_FIXED, mapping not needed
[+] [Thread 2000] mmap - addr range 0x7fffb86a4000 - 0x7fffb86a4fff:
[+] [Thread 2000] mem write : 0x1000
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/libgcc_s.so.1
[+] [Thread 2000] mmap(0x7fffb86a4000, 0x1000, 0x3, 0x12, 3, 0xf000) = 0x7fffb86a4000
[+] [Thread 2000] mmap() = 0x7fffb86a4000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: close(fd = 0x3)
[+] [Thread 2000] close() = 0x0
[+] [Thread 2000] Suspended at 0x7ffff7e33204
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33204.
[+] [Thread 2000] Suspended at 0x7ffff7e3320c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e3320c.
[+] [Thread 2000] Suspended at 0x7ffff7e332e4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e332e4.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d920: mprotect(start = 0x7fffb84d3000, mlen = 0x1000, prot = 0x1)
[+] [Thread 2000] mprotect(0x7fffb84d3000, 0x1000, PROT_READ) = 0
[+] [Thread 2000] mprotect() = 0x0
[+] [Thread 2000] Suspended at 0x7ffff7e33210
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33210.
[+] [Thread 2000] Suspended at 0x7ffff7e332c4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e332c4.
[+] [Thread 2000] Suspended at 0x7ffff7e332e4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e332e4.
[+] [Thread 2000] Suspended at 0x7ffff7e332a0
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e332a0.
[+] [Thread 2000] Suspended at 0x7ffff7e33400
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33400.
[+] [Thread 2000] Suspended at 0x7ffff7e33214
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33214.
[+] [Thread 2000] Suspended at 0x7ffff7e332d8
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e332d8.
[+] [Thread 2000] Suspended at 0x7ffff7e339b0
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e339b0.
[+] [Thread 2000] Suspended at 0x7ffff7e3355c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e3355c.
[+] [Thread 2000] Suspended at 0x7ffff7e334c4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e334c4.
[+] [Thread 2000] Suspended at 0x7ffff7e339c4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e339c4.
[+] [Thread 2000] Suspended at 0x7ffff7e33208
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33208.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d920: mprotect(start = 0x7fffb852a000, mlen = 0x5000, prot = 0x1)
[+] [Thread 2000] mprotect(0x7fffb852a000, 0x5000, PROT_READ) = 0
[+] [Thread 2000] mprotect() = 0x0
[+] [Thread 2000] Suspended at 0x7ffff7e33560
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33560.
[+] [Thread 2000] Suspended at 0x7ffff7e3323c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e3323c.
[+] [Thread 2000] Suspended at 0x7ffff7e3327c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e3327c.
[+] [Thread 2000] Suspended at 0x7ffff7e33a18
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33a18.
[+] [Thread 2000] Suspended at 0x7ffff7e33870
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33870.
[+] [Thread 2000] Suspended at 0x7ffff7e339cc
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e339cc.
[+] [Thread 2000] Suspended at 0x7ffff7e33868
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33868.
[+] [Thread 2000] Suspended at 0x7ffff7e339c4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e339c4.
[+] [Thread 2000] Suspended at 0x7ffff7e33854
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33854.
[+] [Thread 2000] Suspended at 0x7ffff7e339ac
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e339ac.
[+] [Thread 2000] Suspended at 0x7ffff7e3384c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e3384c.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d920: mprotect(start = 0x7fffb8667000, mlen = 0x19000, prot = 0x1)
[+] [Thread 2000] mprotect(0x7fffb8667000, 0x19000, PROT_READ) = 0
[+] [Thread 2000] mprotect() = 0x0
[+] [Thread 2000] Suspended at 0x7ffff7e3329c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e3329c.
[+] [Thread 2000] Suspended at 0x7ffff7e3320c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e3320c.
[+] [Thread 2000] Suspended at 0x7ffff7e33318
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33318.
[+] [Thread 2000] Suspended at 0x7ffff7e33268
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33268.
[+] [Thread 2000] Suspended at 0x7ffff7e33310
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33310.
[+] [Thread 2000] Suspended at 0x7ffff7e33270
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33270.
[+] [Thread 2000] Suspended at 0x7ffff7e332f4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e332f4.
[+] [Thread 2000] Suspended at 0x7ffff7e33854
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33854.
[+] [Thread 2000] Suspended at 0x7ffff7e333ec
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e333ec.
[+] [Thread 2000] Suspended at 0x7ffff7e33218
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e33218.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d920: mprotect(start = 0x43e000, mlen = 0x1000, prot = 0x1)
[+] [Thread 2000] mprotect(0x43e000, 0x1000, PROT_READ) = 0
[+] [Thread 2000] mprotect() = 0x0
[+] [Thread 2000] Suspended at 0x40b040
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Perform CLONE_CHILD_CLEARTID at 0x7ffff7e59808
[+] [Thread 2000] No thread at 0x7ffff7e59808
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x40b040.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e305c8: clock_gettime(gettime_clock_id = 0x0, gettime_timespec = 0x80000000da00)
[=] [Thread 2000] clock_gettime(clock_id=0, tp=0x80000000da00)
[+] [Thread 2000] timespec(tv_sec=1625239994, tv_nsec=533653)
[+] [Thread 2000] clock_gettime() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e305c8: clock_gettime(gettime_clock_id = 0x0, gettime_timespec = 0x80000000da00)
[=] [Thread 2000] clock_gettime(clock_id=0, tp=0x80000000da00)
[+] [Thread 2000] timespec(tv_sec=1625239994, tv_nsec=539774)
[+] [Thread 2000] clock_gettime() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e32708: getuid()
[+] [Thread 2000] getuid() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e1ee70: rt_sigprocmask(sigprocmask_how = 0x0, sigprocmask_nset = 0x7ffff7e44b68, sigprocmask_oset = 0x80000000d8a0, sigprocmask_sigsetsize = 0x8)
[+] [Thread 2000] rt_sigprocmask() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e17140: clone(flags = 0x11, child_stack = 0x0, parent_tidptr = 0x80000000d8a0, newtls = 0x8, child_tidptr = 0x80000000)
[+] [Thread 2000] clone(new_stack = 0, flags = 11, tls = 8, ptidptr = 80000000d8a0, ctidptr = 80000000) = 29117
[+] [Thread 2000] clone() = 0x71bd
[+] [Thread 29117] clone(new_stack = 0, flags = 11, tls = 8, ptidptr = 80000000d8a0, ctidptr = 80000000) = 0
[+] [Thread 29117] clone() = 0x0
[+] [Thread 2000] Suspended at 0x7ffff7e17140
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 29117] Suspended at 0x7ffff7e17140
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 29117] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 29117] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e17140.
[+] [Thread 29117] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 29117] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 29117] Scheduled from 0x7ffff7e17140.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 29117] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 29117] 0x00007ffff7e17158: gettid()
[+] [Thread 2000] 0x00007ffff7e1eeac: rt_sigprocmask(sigprocmask_how = 0x2, sigprocmask_nset = 0x80000000d8a0, sigprocmask_oset = 0x0, sigprocmask_sigsetsize = 0x8)
[+] [Thread 29117] gettid() = 0x71bd
[+] [Thread 2000] rt_sigprocmask() = 0x0
[+] [Thread 29117] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 29117] 0x00007ffff7e1eeac: rt_sigprocmask(sigprocmask_how = 0x2, sigprocmask_nset = 0x80000000d8a0, sigprocmask_oset = 0x0, sigprocmask_sigsetsize = 0x8)
[+] [Thread 29117] rt_sigprocmask() = 0x0
[+] [Thread 29117] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 29117] 0x00007ffff7e217ec: openat(fd = 0xffffffffffffff9c, path = 0x4267ae, flags = 0x20000, mode = 0x1b6)
[+] [Thread 29117] openat(fd = -100, path = /tmp/fwcheck_status, flags = O_RDONLY, mode = 0o666) = -2
[+] [Thread 29117] openat() = -0x2 (ENOENT)
[+] [Thread 29117] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 29117] 0x00007ffff7e39ec8: nanosleep(req = 0x80000000d910, rem = 0x80000000d910)
[+] [Thread 29117] nanosleep() = 0x0
[+] [Thread 29117] Suspended at 0x7ffff7e39ec8
[+] [Thread 29117] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 29117] Call sched_cb: <function ql_syscall_nanosleep.<locals>._sched_sleep at 0x7f5a900f4ee0>
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e326cc: getpid()
[+] [Thread 2000] getpid() = 0x512
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e32538: getcwd(path_buff = 0x7ffff7e56020, path_buffsize = 0x43f)
[+] [Thread 2000] getcwd(/, 0x43f) = 2
[+] [Thread 2000] getcwd() = 0x2
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x7fffb7de73e0, flags = 0x20800, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = etc/lighttpd/lighttpd.conf, flags = O_RDONLY | O_NONBLOCK, mode = 0o0) = 3
[+] [Thread 2000] openat() = 0x3
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e1fb44: fstat(fd = 0x3, buf_ptr = 0x80000000d880)
[+] [Thread 2000] fstat write completed
[+] [Thread 2000] fstat() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e0d8cc: mmap(addr = 0x0, length = 0x60e, prot = 0x1, flags = 0x1, fd = 0x3, pgoffset = 0x0)
[+] [Thread 2000] mmap(0x0, 0x60e, PROT_READ (0x1), MAP_SHARED (0x1), 3, 0x0)
[+] [Thread 2000] mmap - mapping needed for 0x0
[+] [Thread 2000] mmap - addr range 0x7fffb86a5000 - 0x7fffb86a5fff:
[+] [Thread 2000] mem write : 0x60e
[+] [Thread 2000] mem mmap : /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/etc/lighttpd/lighttpd.conf
[+] [Thread 2000] mmap(0x0, 0x60e, 0x1, 0x1, 3, 0x0) = 0x7fffb86a5000
[+] [Thread 2000] mmap() = 0x7fffb86a5000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: close(fd = 0x3)
[+] [Thread 2000] close() = 0x0
[+] [Thread 2000] Suspended at 0x4148f4
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x4148f4.
[+] [Thread 2000] Suspended at 0x7ffff7e05cac
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e05cac.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e05394: brk(input = 0x0)
[+] [Thread 2000] brk return(0x442000)
[+] [Thread 2000] brk() = 0x442000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e05418: brk(input = 0x443000)
[+] [Thread 2000] brk return(0x443000)
[+] [Thread 2000] brk() = 0x443000
[+] [Thread 2000] Suspended at 0x7ffff7e06170
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e06170.
[+] [Thread 2000] Suspended at 0x7ffff7e06118
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e06118.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e05418: brk(input = 0x444000)
[+] [Thread 2000] brk return(0x444000)
[+] [Thread 2000] brk() = 0x444000
[+] [Thread 2000] Suspended at 0x415944
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x415944.
[+] [Thread 2000] Suspended at 0x7ffff7e05ff8
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e05ff8.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e05418: brk(input = 0x445000)
[+] [Thread 2000] brk return(0x445000)
[+] [Thread 2000] brk() = 0x445000
[+] [Thread 2000] Suspended at 0x7ffff7e06164
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e06164.
[+] [Thread 2000] Suspended at 0x4188b8
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x4188b8.
[+] [Thread 2000] Suspended at 0x7ffff7e05c00
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x7ffff7e05c00.
[+] [Thread 2000] Suspended at 0x41886c
[+] [Thread 2000] Saved context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Call sched_cb: <function QlLinuxThread._default_sched_cb at 0x7f5a929ccaf0>
[+] [Thread 2000] Set tpidr_el0 to 0x7ffff7e598d8
[+] [Thread 2000] Restored context. tpidr_el0=0x7ffff7e598d8
[+] [Thread 2000] Scheduled from 0x41886c.
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x7ffff7e45fd9, flags = 0xa4000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /, flags = O_RDONLY | O_DIRECTORY, mode = 0o0) = 3
[+] [Thread 2000] openat() = 0x3
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x3, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e05418: brk(input = 0x446000)
[+] [Thread 2000] brk return(0x446000)
[+] [Thread 2000] brk() = 0x446000
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7dff778: getdents64(fd = 0x3, dirp = 0x444d40, count = 0x800)
[+] [Thread 2000] Write dir entries: bytearray(b'\xfal.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15\x00\x04.\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'$\x07.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x04..\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x92W6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04sys\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xc5V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08module_name\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe3V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x04proc\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x01S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00!\x00\x08cloud_version\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x04S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04etc\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x07U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x08hw_id\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xedi:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x04www_new\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe6V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x04root\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x05U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x08hardware_version\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe7V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x04sbin\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xc4_R\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04mnt\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x06U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x04home\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x93W6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04tmp\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe4V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04rom\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x03S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04dev\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x02U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x08firmware_region\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xc6V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04opt\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x02S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00,\x00\x08default_language_version\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x08U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x08init\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x0e^6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04var\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xc3V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x04lib64\x00')
[+] [Thread 2000] Write dir entries: bytearray(b';R6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04bin\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x04U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x08firmware_version\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x9aW6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04usr\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x0f^6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x04vendor\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x03U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00!\x00\x08firmware_time\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\tU6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04lib\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe2V6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x04overlay\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x11^6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04www\x00')
[+] [Thread 2000] getdents64(3, /* 31 entries */, 0x800) = 817
[+] [Thread 2000] getdents64() = 0x331
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d430, flags = 0xa4000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /etc, flags = O_RDONLY | O_DIRECTORY, mode = 0o0) = 4
[+] [Thread 2000] openat() = 0x4
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x4, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7dff778: getdents64(fd = 0x4, dirp = 0x445580, count = 0x800)
[+] [Thread 2000] Write dir entries: bytearray(b'\xfal.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x15\x00\x04.\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'$\x07.\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x04..\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xd3S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x04modules.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'kT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x04netatalk\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x14S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04ath\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe2T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00.\x00\x08search-wifi-interfaces.awk\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x05S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\nTZ\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x91T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x08protocols\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'jS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x08icon.ico\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x06S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x04aMule\x00')
[+] [Thread 2000] Write dir entries: bytearray(b';S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08dhcp6sctlkey\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'[T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x04net6conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xf3T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x04uci-defaults\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'8S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08device_info\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xebT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x04sysctl.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xc0S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x04lldpd.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'WS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x04hotplug.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'<S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x08diag.sh\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x89T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x08opkg.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x93T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x04rc.button\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'kS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x04init.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xb6S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x04lighttpd\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'"S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x08banner\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xd8T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\nsamba\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xcfT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x04router_analytics\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xfeT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00%\x00\x08usb_modem_hotplug\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe6T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x17\x00\x04ssl\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'VS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x08hotplug-preinit.json\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x13S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00$\x00\x08acfg_common.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x98T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x08rc.common\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'RS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\nfstab\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x99T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x04rc.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xc1S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"\x00\x04modules-boot.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xb4S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00!\x00\x08l7_patten.dat\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'NS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00&\x00\x08ez-ipupdate.script\x00')
[+] [Thread 2000] Write dir entries: bytearray(b' S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x04bandcheck\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'OS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x04firewall.d\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x80T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x08openwrt_release\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'=S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x08dni-wifi-config\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x8cT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x16\x00\x04pm\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xccT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x08rc.local\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'QS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00!\x00\x08firewall.user\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xeaT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08sysctl.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe5T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x08shells\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x00U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00(\x00\x08wifi_config_comp.awk\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x82T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x04opkg\x00')
[+] [Thread 2000] Write dir entries: bytearray(b':S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08dhcp6cctlkey\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'hS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08hotplug.json\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'?S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08dnsmasq.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xefT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x04thermal\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xb1S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x08inittab\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'GS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x04email\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xceT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08ripngd.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'9S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08dhcp6c.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'1S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x04crontabs\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xeeT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x08sysupgrade.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'qT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x08ntgrdata.cfg\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'2S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x04dbus-1\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'ZT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x18\x00\x08mtab\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'MS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x08ethertypes\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'US6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x08hosts\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xbfS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x08lld2d.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xffT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08wide-script\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x8bT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\npasswd+\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x92T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x08radvd.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xb5S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1d\x00\x08large.ico\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'iS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"\x00\x08hotplug2.rules\x00')
[+] [Thread 2000] Write dir entries: bytearray(b"\xbeS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\'\x00\x08list-network-id.awk\x00")
[+] [Thread 2000] Write dir entries: bytearray(b'#S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x08banner.failsafe\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xd9T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x04scripts\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe4T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\nshadow\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'rT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x04openvpn\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x01U6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1e\x00\x08zebra.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'TS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\ngshadow\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x81T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00#\x00\x08openwrt_version\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x90T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x08profile\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'AS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x04easy-rsa\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xcdT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\nresolv.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'$S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\x04config\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x1bS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\x04avahi\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'SS6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x19\x00\ngroup\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xb2S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x04iproute2\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'@S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08e2fsck.conf\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\xe3T6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1c\x00\x08services\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x8fT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1b\x00\x08preinit\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'\x8aT6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1a\x00\npasswd\x00')
[+] [Thread 2000] Write dir entries: bytearray(b'>S6\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x1f\x00\x08dnidata.cfg\x00')
[+] [Thread 2000] getdents64(4, /* 87 entries */, 0x800) = 2555
[+] [Thread 2000] getdents64() = 0x9fb
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e39ec8: openat(fd = 0xffffffffffffff9c, path = 0x80000000d1b0, flags = 0xa4000, mode = 0x0)
[+] [Thread 2000] openat(fd = -100, path = /etc/lighttpd, flags = O_RDONLY | O_DIRECTORY, mode = 0o0) = 5
[+] [Thread 2000] openat() = 0x5
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e00a60: fcntl(fd = 0x5, cmd = 0x2, arg = 0x1)
[+] [Thread 2000] fcntl() = 0x0
[+] [Thread 2000] [+] Received Interupt: 2 Hooked Interupt: 2
[+] [Thread 2000] 0x00007ffff7e05418: brk(input = 0x447000)
[+] [Thread 2000] brk return(0x447000)
[+] [Thread 2000] brk() = 0x447000
[x] [Thread 2000]
[x] [Thread 2000] x0 : 0x445d90
[x] [Thread 2000] x1 : 0xa001a0000000000
[x] [Thread 2000] x2 : 0x0
[x] [Thread 2000] x3 : 0xa001a0000000000
[x] [Thread 2000] x4 : 0x7ffff7e579a8
[x] [Thread 2000] x5 : 0x447000
[x] [Thread 2000] x6 : 0x7fffff80cec8
[x] [Thread 2000] x7 : 0x0
[x] [Thread 2000] x8 : 0xd6
[x] [Thread 2000] x9 : 0x0
[x] [Thread 2000] x10 : 0x0
[x] [Thread 2000] x11 : 0xa4000
[x] [Thread 2000] x12 : 0x80000000d1b0
[x] [Thread 2000] x13 : 0xffffffffffffff9c
[x] [Thread 2000] x14 : 0x0
[x] [Thread 2000] x15 : 0x0
[x] [Thread 2000] x16 : 0x43eed0
[x] [Thread 2000] x17 : 0x7ffff7e18ab0
[x] [Thread 2000] x18 : 0x0
[x] [Thread 2000] x19 : 0x7ffff7e57b70
[x] [Thread 2000] x20 : 0x260
[x] [Thread 2000] x21 : 0x7ffff7e57b68
[x] [Thread 2000] x22 : 0x445ff0
[x] [Thread 2000] x23 : 0x18
[x] [Thread 2000] x24 : 0x12
[x] [Thread 2000] x25 : 0x7ffff7e579b8
[x] [Thread 2000] x26 : 0x7ffff7e579b8
[x] [Thread 2000] x27 : 0x12
[x] [Thread 2000] x28 : 0x7ffff7e579b8
[x] [Thread 2000] x29 : 0x80000000cf80
[x] [Thread 2000] x30 : 0x7ffff7e05870
[x] [Thread 2000] sp : 0x80000000ce60
[x] [Thread 2000] pc : 0x7ffff7e0561c
[x] [Thread 2000] lr : 0x7ffff7e05870
[x] [Thread 2000] cpacr_el1 : 0x300000
[x] [Thread 2000] tpidr_el0 : 0x7ffff7e598d8
[x] [Thread 2000] w0 : 0x445d90
[x] [Thread 2000] w1 : 0x0
[x] [Thread 2000] w2 : 0x0
[x] [Thread 2000] w3 : 0x0
[x] [Thread 2000] w4 : 0xf7e579a8
[x] [Thread 2000] w5 : 0x447000
[x] [Thread 2000] w6 : 0xff80cec8
[x] [Thread 2000] w7 : 0x0
[x] [Thread 2000] w8 : 0xd6
[x] [Thread 2000] w9 : 0x0
[x] [Thread 2000] w10 : 0x0
[x] [Thread 2000] w11 : 0xa4000
[x] [Thread 2000] w12 : 0xd1b0
[x] [Thread 2000] w13 : 0xffffff9c
[x] [Thread 2000] w14 : 0x0
[x] [Thread 2000] w15 : 0x0
[x] [Thread 2000] w16 : 0x43eed0
[x] [Thread 2000] w17 : 0xf7e18ab0
[x] [Thread 2000] w18 : 0x0
[x] [Thread 2000] w19 : 0xf7e57b70
[x] [Thread 2000] w20 : 0x260
[x] [Thread 2000] w21 : 0xf7e57b68
[x] [Thread 2000] w22 : 0x445ff0
[x] [Thread 2000] w23 : 0x18
[x] [Thread 2000] w24 : 0x12
[x] [Thread 2000] w25 : 0xf7e579b8
[x] [Thread 2000] w26 : 0xf7e579b8
[x] [Thread 2000] w27 : 0x12
[x] [Thread 2000] w28 : 0xf7e579b8
[x] [Thread 2000] w29 : 0xcf80
[x] [Thread 2000] w30 : 0xf7e05870
[x] [Thread 2000]
[x] [Thread 2000] PC = 0x7ffff7e0561c
[=] [Thread 2000]
[=] [Thread 2000] Start End Perm Label Image
[=] [Thread 2000] 00400000 - 0042f000 r-x /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd
[=] [Thread 2000] 0043e000 - 00440000 rw- /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd
[=] [Thread 2000] 00440000 - 00442000 rwx [hook_mem]
[=] [Thread 2000] 00442000 - 00443000 rwx [brk]
[=] [Thread 2000] 00443000 - 00444000 rwx [brk]
[=] [Thread 2000] 00444000 - 00445000 rwx [brk]
[=] [Thread 2000] 00445000 - 00446000 rwx [brk]
[=] [Thread 2000] 00446000 - 00447000 rwx [brk]
[=] [Thread 2000] 7fffb7dd6000 - 7fffb7de7000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libconfig.so
[=] [Thread 2000] 7fffb7de7000 - 7fffb84a8000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libconfig.so
[=] [Thread 2000] 7fffb84a8000 - 7fffb84d3000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libpcre.so.0.0.1
[=] [Thread 2000] 7fffb84d3000 - 7fffb84d5000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libpcre.so.0.0.1
[=] [Thread 2000] 7fffb84d5000 - 7fffb852a000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libssl.so.1.0.0
[=] [Thread 2000] 7fffb852a000 - 7fffb8532000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libssl.so.1.0.0
[=] [Thread 2000] 7fffb8532000 - 7fffb8667000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libcrypto.so.1.0.0
[=] [Thread 2000] 7fffb8667000 - 7fffb8685000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libcrypto.so.1.0.0
[=] [Thread 2000] 7fffb8685000 - 7fffb86a4000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/libgcc_s.so.1
[=] [Thread 2000] 7fffb86a4000 - 7fffb86a5000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/libgcc_s.so.1
[=] [Thread 2000] 7fffb86a5000 - 7fffb86a6000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/etc/lighttpd/lighttpd.conf
[=] [Thread 2000] 7ffff7dd5000 - 7ffff7e5a000 rwx /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/ld-musl-aarch64.so.1
[=] [Thread 2000] 7ffffffde000 - 80000000e000 rwx [stack]
[x] [Thread 2000] ['0x22', '0x8', '0x0', '0xf9', '0x1', '0x8', '0x40', '0xf9']
[=] [Thread 2000]
[=] [Thread 2000] 0x00007ffff7e0561c {ld-musl-aarch64.so.1 + 0x03061c} 22 08 00 f9 01 08 40 f9 02 0c 40 f9 22 0c 00 f9 01 04 40 f9 22 00 40 b2 21 f8 7f 92 02 04 00 f9 02 68 61 f8 42 00 40 b2 02 68 21 f8 c0 03 5f d6 ff c3 01 d1 f9 6b 03 a9 99 02 00 d0 39 e3 26 91 str x2, [x1, #0x10]
> ldr x1, [x0, #0x10]
> ldr x2, [x0, #0x18]
> str x2, [x1, #0x18]
> ldr x1, [x0, #8]
> orr x2, x1, #1
> and x1, x1, #0xfffffffffffffffe
> str x2, [x0, #8]
> ldr x2, [x0, x1]
> orr x2, x2, #1
> str x2, [x0, x1]
> ret
> sub sp, sp, #0x70
> stp x25, x26, [sp, #0x30]
> adrp x25, #0x7ffff7e57000
> add x25, x25, #0x9b8
[x] [Thread 2000]
Traceback (most recent call last):
File "/home/janw/.local/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 248, in _run
self.ql.emu_start(start_address, self.exit_point, count=30000)
File "/home/janw/.local/lib/python3.8/site-packages/qiling/core.py", line 896, in emu_start
self.uc.emu_start(begin, end, timeout, count)
File "/home/janw/.local/lib/python3.8/site-packages/unicorn/unicorn.py", line 341, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory write (UC_ERR_WRITE_UNMAPPED)
Traceback (most recent call last):
File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run
File "/home/janw/.local/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 252, in _run
raise e
File "/home/janw/.local/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 248, in _run
self.ql.emu_start(start_address, self.exit_point, count=30000)
File "/home/janw/.local/lib/python3.8/site-packages/qiling/core.py", line 896, in emu_start
self.uc.emu_start(begin, end, timeout, count)
File "/home/janw/.local/lib/python3.8/site-packages/unicorn/unicorn.py", line 341, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory write (UC_ERR_WRITE_UNMAPPED)
2021-07-02T15:33:14Z <QlLinuxARM64Thread at 0x7f5a9261b480: _run> failed with UcError
[x] [Thread 2000]
[x] [Thread 2000] x0 : 0x445d90
[x] [Thread 2000] x1 : 0xa001a0000000000
[x] [Thread 2000] x2 : 0x0
[x] [Thread 2000] x3 : 0xa001a0000000000
[x] [Thread 2000] x4 : 0x7ffff7e579a8
[x] [Thread 2000] x5 : 0x447000
[x] [Thread 2000] x6 : 0x7fffff80cec8
[x] [Thread 2000] x7 : 0x0
[x] [Thread 2000] x8 : 0xd6
[x] [Thread 2000] x9 : 0x0
[x] [Thread 2000] x10 : 0x0
[x] [Thread 2000] x11 : 0xa4000
[x] [Thread 2000] x12 : 0x80000000d1b0
[x] [Thread 2000] x13 : 0xffffffffffffff9c
[x] [Thread 2000] x14 : 0x0
[x] [Thread 2000] x15 : 0x0
[x] [Thread 2000] x16 : 0x43eed0
[x] [Thread 2000] x17 : 0x7ffff7e18ab0
[x] [Thread 2000] x18 : 0x0
[x] [Thread 2000] x19 : 0x7ffff7e57b70
[x] [Thread 2000] x20 : 0x260
[x] [Thread 2000] x21 : 0x7ffff7e57b68
[x] [Thread 2000] x22 : 0x445ff0
[x] [Thread 2000] x23 : 0x18
[x] [Thread 2000] x24 : 0x12
[x] [Thread 2000] x25 : 0x7ffff7e579b8
[x] [Thread 2000] x26 : 0x7ffff7e579b8
[x] [Thread 2000] x27 : 0x12
[x] [Thread 2000] x28 : 0x7ffff7e579b8
[x] [Thread 2000] x29 : 0x80000000cf80
[x] [Thread 2000] x30 : 0x7ffff7e05870
[x] [Thread 2000] sp : 0x80000000ce60
[x] [Thread 2000] pc : 0x7ffff7e0561c
[x] [Thread 2000] lr : 0x7ffff7e05870
[x] [Thread 2000] cpacr_el1 : 0x300000
[x] [Thread 2000] tpidr_el0 : 0x7ffff7e598d8
[x] [Thread 2000] w0 : 0x445d90
[x] [Thread 2000] w1 : 0x0
[x] [Thread 2000] w2 : 0x0
[x] [Thread 2000] w3 : 0x0
[x] [Thread 2000] w4 : 0xf7e579a8
[x] [Thread 2000] w5 : 0x447000
[x] [Thread 2000] w6 : 0xff80cec8
[x] [Thread 2000] w7 : 0x0
[x] [Thread 2000] w8 : 0xd6
[x] [Thread 2000] w9 : 0x0
[x] [Thread 2000] w10 : 0x0
[x] [Thread 2000] w11 : 0xa4000
[x] [Thread 2000] w12 : 0xd1b0
[x] [Thread 2000] w13 : 0xffffff9c
[x] [Thread 2000] w14 : 0x0
[x] [Thread 2000] w15 : 0x0
[x] [Thread 2000] w16 : 0x43eed0
[x] [Thread 2000] w17 : 0xf7e18ab0
[x] [Thread 2000] w18 : 0x0
[x] [Thread 2000] w19 : 0xf7e57b70
[x] [Thread 2000] w20 : 0x260
[x] [Thread 2000] w21 : 0xf7e57b68
[x] [Thread 2000] w22 : 0x445ff0
[x] [Thread 2000] w23 : 0x18
[x] [Thread 2000] w24 : 0x12
[x] [Thread 2000] w25 : 0xf7e579b8
[x] [Thread 2000] w26 : 0xf7e579b8
[x] [Thread 2000] w27 : 0x12
[x] [Thread 2000] w28 : 0xf7e579b8
[x] [Thread 2000] w29 : 0xcf80
[x] [Thread 2000] w30 : 0xf7e05870
[x] [Thread 2000]
[x] [Thread 2000] PC = 0x7ffff7e0561c
[=] [Thread 2000]
[=] [Thread 2000] Start End Perm Label Image
[=] [Thread 2000] 00400000 - 0042f000 r-x /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd
[=] [Thread 2000] 0043e000 - 00440000 rw- /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd
[=] [Thread 2000] 00440000 - 00442000 rwx [hook_mem]
[=] [Thread 2000] 00442000 - 00443000 rwx [brk]
[=] [Thread 2000] 00443000 - 00444000 rwx [brk]
[=] [Thread 2000] 00444000 - 00445000 rwx [brk]
[=] [Thread 2000] 00445000 - 00446000 rwx [brk]
[=] [Thread 2000] 00446000 - 00447000 rwx [brk]
[=] [Thread 2000] 7fffb7dd6000 - 7fffb7de7000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libconfig.so
[=] [Thread 2000] 7fffb7de7000 - 7fffb84a8000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libconfig.so
[=] [Thread 2000] 7fffb84a8000 - 7fffb84d3000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libpcre.so.0.0.1
[=] [Thread 2000] 7fffb84d3000 - 7fffb84d5000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libpcre.so.0.0.1
[=] [Thread 2000] 7fffb84d5000 - 7fffb852a000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libssl.so.1.0.0
[=] [Thread 2000] 7fffb852a000 - 7fffb8532000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libssl.so.1.0.0
[=] [Thread 2000] 7fffb8532000 - 7fffb8667000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libcrypto.so.1.0.0
[=] [Thread 2000] 7fffb8667000 - 7fffb8685000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/lib/libcrypto.so.1.0.0
[=] [Thread 2000] 7fffb8685000 - 7fffb86a4000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/libgcc_s.so.1
[=] [Thread 2000] 7fffb86a4000 - 7fffb86a5000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/libgcc_s.so.1
[=] [Thread 2000] 7fffb86a5000 - 7fffb86a6000 rwx [mmap] /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/etc/lighttpd/lighttpd.conf
[=] [Thread 2000] 7ffff7dd5000 - 7ffff7e5a000 rwx /home/janw/Music/qiling/examples/nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/lib/ld-musl-aarch64.so.1
[=] [Thread 2000] 7ffffffde000 - 80000000e000 rwx [stack]
[x] [Thread 2000] ['0x22', '0x8', '0x0', '0xf9', '0x1', '0x8', '0x40', '0xf9']
[=] [Thread 2000]
[=] [Thread 2000] 0x00007ffff7e0561c {ld-musl-aarch64.so.1 + 0x03061c} 22 08 00 f9 01 08 40 f9 02 0c 40 f9 22 0c 00 f9 01 04 40 f9 22 00 40 b2 21 f8 7f 92 02 04 00 f9 02 68 61 f8 42 00 40 b2 02 68 21 f8 c0 03 5f d6 ff c3 01 d1 f9 6b 03 a9 99 02 00 d0 39 e3 26 91 str x2, [x1, #0x10]
> ldr x1, [x0, #0x10]
> ldr x2, [x0, #0x18]
> str x2, [x1, #0x18]
> ldr x1, [x0, #8]
> orr x2, x1, #1
> and x1, x1, #0xfffffffffffffffe
> str x2, [x0, #8]
> ldr x2, [x0, x1]
> orr x2, x2, #1
> str x2, [x0, x1]
> ret
> sub sp, sp, #0x70
> stp x25, x26, [sp, #0x30]
> adrp x25, #0x7ffff7e57000
> add x25, x25, #0x9b8
Traceback (most recent call last):
File "nighthawk.py", line 44, in <module>
my_netgear(["nighthawk/_RAX120-V1.0.1.114.img.extracted/squashfs-root/usr/sbin/lighttpd", "-f", "etc/lighttpd/lighttpd.conf"],
File "nighthawk.py", line 41, in my_netgear
ql.run()
File "/home/janw/.local/lib/python3.8/site-packages/qiling/core.py", line 755, in run
self.os.run()
File "/home/janw/.local/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 126, in run
thread_management.run()
File "/home/janw/.local/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 603, in run
gevent.joinall([self.main_thread], raise_error=True)
File "src/gevent/greenlet.py", line 1057, in gevent._gevent_cgreenlet.joinall
File "src/gevent/greenlet.py", line 1073, in gevent._gevent_cgreenlet.joinall
File "src/gevent/greenlet.py", line 371, in gevent._gevent_cgreenlet.Greenlet._raise_exception
File "/home/janw/.local/lib/python3.8/site-packages/gevent/_compat.py", line 65, in reraise
raise value.with_traceback(tb)
File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run
File "/home/janw/.local/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 252, in _run
raise e
File "/home/janw/.local/lib/python3.8/site-packages/qiling/os/linux/thread.py", line 248, in _run
self.ql.emu_start(start_address, self.exit_point, count=30000)
File "/home/janw/.local/lib/python3.8/site-packages/qiling/core.py", line 896, in emu_start
self.uc.emu_start(begin, end, timeout, count)
File "/home/janw/.local/lib/python3.8/site-packages/unicorn/unicorn.py", line 341, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory write (UC_ERR_WRITE_UNMAPPED)
I started in multithread mode, because without multithread I get cur_thread error. Thanks for any help :)
The PC stops in ld.so. I'm afraid that we never test our ld implementation against musl ld ABI and I remember there are some issues related to it.
Will you be able to try the latest version of Qiling and see if you still face same issue. There is lots of rework since 2021. Feel free to open a new issue if you have any similar problem.
