qiling AttributeError: 'NoneType' object has no attribute 'cur_thread': when run netgear_6220_mips32el

*Describe the bug A clear and concise description of what the bug is. [x] Traceback (most recent call last): File "/usr/local/lib/python3.7/dist-packages/qiling/os/posix/posix.py", line 282, in load_syscall ret = syscall_hook(self.ql, *arg_values) File "/usr/local/lib/python3.7/dist-packages/qiling/os/posix/syscall/sched.py", line 54, in ql_syscall_clone f_th = ql.os.thread_management.cur_thread AttributeError: 'NoneType' object has no attribute 'cur_thread' [=] Syscall ERROR: ql_syscall_clone DEBUG: 'NoneType' object has no attribute 'cur_thread' Traceback (most recent call last): File "/home/test/PycharmProjects/KaronteTest/qiling_test/netgear6220.py", line 77, in "../rootfs/netgear_6220") File "/home/test/PycharmProjects/KaronteTest/qiling_test/netgear6220.py", line 69, in my_netgear ql.run() File "/usr/local/lib/python3.7/dist-packages/qiling/core.py", line 755, in run self.os.run() File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/linux.py", line 136, in run self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count) File "/usr/local/lib/python3.7/dist-packages/qiling/core.py", line 899, in emu_start raise self._internal_exception File "/usr/local/lib/python3.7/dist-packages/qiling/utils.py", line 158, in wrapper return func(*args, **kw) File "/usr/local/lib/python3.7/dist-packages/qiling/core_hooks.py", line 65, in _hook_intr_cb ret = h.call(ql, intno) File "/usr/local/lib/python3.7/dist-packages/qiling/core_hooks_types.py", line 23, in call return self.callback(ql, *args) File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/linux.py", line 88, in hook_syscall return self.load_syscall() File "/usr/local/lib/python3.7/dist-packages/qiling/os/posix/posix.py", line 298, in load_syscall raise e File "/usr/local/lib/python3.7/dist-packages/qiling/os/posix/posix.py", line 282, in load_syscall ret = syscall_hook(self.ql, *arg_values) File "/usr/local/lib/python3.7/dist-packages/qiling/os/posix/syscall/sched.py", line 54, in ql_syscall_clone f_th = ql.os.thread_management.cur_thread AttributeError: 'NoneType' object has no attribute 'cur_thread'

Sample Code

def my_netgear(path, rootfs):
    ql = Qiling(path, rootfs, profile="netgear_6220.ql", multithread=False)
    ql.root = False

    ql.add_fs_mapper('/proc', '/proc')
    ql.set_syscall(4004, my_syscall_write)
    ql.set_api('bind', my_bind, QL_INTERCEPT.ENTER)  # intercepting the bind call on enter

    print("value is : {}".format(ql.multithread))

    ql.run()

if __name__ == "__main__":
    my_netgear(["../rootfs/netgear_6220/usr/sbin/mini_httpd",
                "-d", "/www",
                "-r", "NETGEAR R6220",
                "-c", "**.cgi",
                "-t", "300"],
               "../rootfs/netgear_6220")

It seems that the ql.os.thread_management object is None

Additional context qiling version: 1.2.4 ubuntu 16.04

Jul 16 '21 07:07 newthis

Maybe you can refer to the script shown in https://github.com/qilingframework/qiling/issues/840? If it doesn't solve, try to set multithread=True

Jul 16 '21 07:07 cq674350529

@cq674350529 ， not effective event I set multithread = True and add the patcher to replace br0, the stacktrace is below:

/usr/bin/python3.7 /home/test/PycharmProjects/QlTest/qiling_test/netgear6220.py value is : True [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3cac0, pgoffset = 0x7ff3cac4) [=] [Thread 2000] stat(path = 0x47c0c24, buf_ptr = 0x7ff3ca88) [=] [Thread 2000] open(filename = 0x7ff3c288, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c0f0) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c0b0, pgoffset = 0x7ff3c0b4) [=] [Thread 2000] read(fd = 0x3, buf = 0x774c0000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x13000, prot = 0x0, flags = 0x802, fd = 0x7ff3c0a0, pgoffset = 0x7ff3c0a4) [=] [Thread 2000] mmap(addr = 0x774c1000, length = 0x2524, prot = 0x5, flags = 0x12, fd = 0x7ff3c090, pgoffset = 0x7ff3c094) [=] [Thread 2000] mmap(addr = 0x774d3000, length = 0x5ec, prot = 0x3, flags = 0x12, fd = 0x7ff3c048, pgoffset = 0x7ff3c04c) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x774c0000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c278, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c0e0) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c0a0, pgoffset = 0x7ff3c0a4) [=] [Thread 2000] read(fd = 0x3, buf = 0x774d4000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x14000, prot = 0x0, flags = 0x802, fd = 0x7ff3c090, pgoffset = 0x7ff3c094) [=] [Thread 2000] mmap(addr = 0x774d5000, length = 0x36a4, prot = 0x5, flags = 0x12, fd = 0x7ff3c080, pgoffset = 0x7ff3c084) [=] [Thread 2000] mmap(addr = 0x774e8000, length = 0x86c, prot = 0x3, flags = 0x12, fd = 0x7ff3c038, pgoffset = 0x7ff3c03c) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x774d4000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c268, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c0d0) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c090, pgoffset = 0x7ff3c094) [=] [Thread 2000] read(fd = 0x3, buf = 0x774e9000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x19000, prot = 0x0, flags = 0x802, fd = 0x7ff3c080, pgoffset = 0x7ff3c084) [=] [Thread 2000] mmap(addr = 0x774ea000, length = 0x7014, prot = 0x5, flags = 0x12, fd = 0x7ff3c070, pgoffset = 0x7ff3c074) [=] [Thread 2000] mmap(addr = 0x77501000, length = 0x168, prot = 0x3, flags = 0x12, fd = 0x7ff3c028, pgoffset = 0x7ff3c02c) [=] [Thread 2000] mmap(addr = 0x77502000, length = 0x3c0, prot = 0x3, flags = 0x812, fd = 0x7ff3c018, pgoffset = 0x7ff3c01c) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x774e9000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c258, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c0c0) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c080, pgoffset = 0x7ff3c084) [=] [Thread 2000] read(fd = 0x3, buf = 0x77503000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x12000, prot = 0x0, flags = 0x802, fd = 0x7ff3c070, pgoffset = 0x7ff3c074) [=] [Thread 2000] mmap(addr = 0x77504000, length = 0x1a14, prot = 0x5, flags = 0x12, fd = 0x7ff3c060, pgoffset = 0x7ff3c064) [=] [Thread 2000] mmap(addr = 0x77515000, length = 0xafc, prot = 0x3, flags = 0x12, fd = 0x7ff3c018, pgoffset = 0x7ff3c01c) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x77503000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c248, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c0b0) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c070, pgoffset = 0x7ff3c074) [=] [Thread 2000] read(fd = 0x3, buf = 0x77516000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x73000, prot = 0x0, flags = 0x802, fd = 0x7ff3c060, pgoffset = 0x7ff3c064) [=] [Thread 2000] mmap(addr = 0x77517000, length = 0x5d0a8, prot = 0x5, flags = 0x12, fd = 0x7ff3c050, pgoffset = 0x7ff3c054) [=] [Thread 2000] mmap(addr = 0x77584000, length = 0x55f0, prot = 0x3, flags = 0x12, fd = 0x7ff3c008, pgoffset = 0x7ff3c00c) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x77516000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c238, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c0a0) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c060, pgoffset = 0x7ff3c064) [=] [Thread 2000] read(fd = 0x3, buf = 0x7758a000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1dc000, prot = 0x0, flags = 0x802, fd = 0x7ff3c050, pgoffset = 0x7ff3c054) [=] [Thread 2000] mmap(addr = 0x7758b000, length = 0x1b389c, prot = 0x5, flags = 0x12, fd = 0x7ff3c040, pgoffset = 0x7ff3c044) [=] [Thread 2000] mmap(addr = 0x7774e000, length = 0x168b0, prot = 0x3, flags = 0x12, fd = 0x7ff3bff8, pgoffset = 0x7ff3bffc) [=] [Thread 2000] mmap(addr = 0x77765000, length = 0x1e10, prot = 0x3, flags = 0x812, fd = 0x7ff3bfe8, pgoffset = 0x7ff3bfec) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x7758a000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c228, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c090) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c050, pgoffset = 0x7ff3c054) [=] [Thread 2000] read(fd = 0x3, buf = 0x77767000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x3c000, prot = 0x0, flags = 0x802, fd = 0x7ff3c040, pgoffset = 0x7ff3c044) [=] [Thread 2000] mmap(addr = 0x77768000, length = 0x2b26c, prot = 0x5, flags = 0x12, fd = 0x7ff3c030, pgoffset = 0x7ff3c034) [=] [Thread 2000] mmap(addr = 0x777a3000, length = 0x518, prot = 0x3, flags = 0x12, fd = 0x7ff3bfe8, pgoffset = 0x7ff3bfec) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x77767000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c218, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c080) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c040, pgoffset = 0x7ff3c044) [=] [Thread 2000] read(fd = 0x3, buf = 0x777a4000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0xbd000, prot = 0x0, flags = 0x802, fd = 0x7ff3c030, pgoffset = 0x7ff3c034) [=] [Thread 2000] mmap(addr = 0x777a5000, length = 0xa544c, prot = 0x5, flags = 0x12, fd = 0x7ff3c020, pgoffset = 0x7ff3c024) [=] [Thread 2000] mmap(addr = 0x7785a000, length = 0x1f28, prot = 0x3, flags = 0x12, fd = 0x7ff3bfd8, pgoffset = 0x7ff3bfdc) [=] [Thread 2000] mmap(addr = 0x7785c000, length = 0x5a3c, prot = 0x3, flags = 0x812, fd = 0x7ff3bfc8, pgoffset = 0x7ff3bfcc) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x777a4000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c208, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c070) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c1f8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c060) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c1e8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c050) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c1d8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c040) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c1c8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c030) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c1b8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c020) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c1a8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c010) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c198, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3c000) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c188, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bff0) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c178, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bfe0) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c168, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bfd0) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c158, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bfc0) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c148, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bfb0) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3bf70, pgoffset = 0x7ff3bf74) [=] [Thread 2000] read(fd = 0x3, buf = 0x77862000, len = 0x1000) [=] [Thread 2000] mmap(addr = 0x0, length = 0x14000, prot = 0x0, flags = 0x802, fd = 0x7ff3bf60, pgoffset = 0x7ff3bf64) [=] [Thread 2000] mmap(addr = 0x77863000, length = 0x2510, prot = 0x5, flags = 0x12, fd = 0x7ff3bf50, pgoffset = 0x7ff3bf54) [=] [Thread 2000] mmap(addr = 0x77875000, length = 0x10d8, prot = 0x3, flags = 0x12, fd = 0x7ff3bf08, pgoffset = 0x7ff3bf0c) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] munmap(addr = 0x77862000, len = 0x1000) [=] [Thread 2000] open(filename = 0x7ff3c138, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bfa0) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c128, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bf90) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c118, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bf80) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c108, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bf70) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c0f8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bf60) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] open(filename = 0x7ff3c0e8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bf50) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] stat(path = 0x774bfeb0, buf_ptr = 0x7ff3c8d8) [=] [Thread 2000] open(filename = 0x7ff3c0c8, flags = 0x0, mode = 0x0) [=] [Thread 2000] fstat(fd = 0x3, buf_ptr = 0x7ff3bf30) [=] [Thread 2000] close(fd = 0x3) [=] [Thread 2000] mmap(addr = 0x0, length = 0x1000, prot = 0x3, flags = 0x4000802, fd = 0x7ff3c8b8, pgoffset = 0x7ff3c8bc) [=] [Thread 2000] set_thread_area(u_info_addr = 0x7787e780) [x] [Thread 2000]

[x] [Thread 2000] zero : 0x0 [x] [Thread 2000] at : 0x0 [x] [Thread 2000] v0 : 0x7776ef8c [x] [Thread 2000] v1 : 0x6d5 [x] [Thread 2000] a0 : 0xa [x] [Thread 2000] a1 : 0x5 [x] [Thread 2000] a2 : 0x7777369e [x] [Thread 2000] a3 : 0x5 [x] [Thread 2000] t0 : 0x7776f30c [x] [Thread 2000] t1 : 0x7776a59c [x] [Thread 2000] t2 : 0x0 [x] [Thread 2000] t3 : 0xffffffff [x] [Thread 2000] t4 : 0x47ba000 [x] [Thread 2000] t5 : 0xf0000000 [x] [Thread 2000] t6 : 0x1 [x] [Thread 2000] t7 : 0xc [x] [Thread 2000] s0 : 0x774bf994 [x] [Thread 2000] s1 : 0x3ccdc6e [x] [Thread 2000] s2 : 0x774bf064 [x] [Thread 2000] s3 : 0x7ff3c920 [x] [Thread 2000] s4 : 0x774bf994 [x] [Thread 2000] s5 : 0x7 [x] [Thread 2000] s6 : 0x49f [x] [Thread 2000] s7 : 0x1 [x] [Thread 2000] t8 : 0x77877000 [x] [Thread 2000] t9 : 0x47bb1a4 [x] [Thread 2000] k0 : 0x0 [x] [Thread 2000] k1 : 0x0 [x] [Thread 2000] gp : 0x47da010 [x] [Thread 2000] sp : 0x7ff3c898 [x] [Thread 2000] s8 : 0x7ff3c898 [x] [Thread 2000] ra : 0x47bbe60 [x] [Thread 2000] status : 0x0 [x] [Thread 2000] lo : 0x0 [x] [Thread 2000] hi : 0x0 [x] [Thread 2000] badvaddr : 0x0 [x] [Thread 2000] cause : 0x0 [x] [Thread 2000] pc : 0x47bb238 [x] [Thread 2000] cp0_config3 : 0x2000 [x] [Thread 2000] cp0_userlocal : 0x7787e780 [x] [Thread 2000]

[x] [Thread 2000] PC = 0x47bb238 [=] [Thread 2000]

[=] [Thread 2000] Start End [=] [Thread 2000] 00400000 - 00414000 r-x [=] [Thread 2000] 00424000 - 00430000 rw- [=] [Thread 2000] 00430000 - 00432000 rwx [=] [Thread 2000] 047ba000 - 047d3000 rwx [=] [Thread 2000] 774bf000 - 774c0000 rwx [=] [Thread 2000] 774c1000 - 774c4000 rwx [=] [Thread 2000] 774c4000 - 774d3000 rwx [=] [Thread 2000] 774d3000 - 774d4000 rwx [=] [Thread 2000] 774d5000 - 774d9000 rwx [=] [Thread 2000] 774d9000 - 774e8000 rwx [=] [Thread 2000] 774e8000 - 774e9000 rwx [=] [Thread 2000] 774ea000 - 774f2000 rwx [=] [Thread 2000] 774f2000 - 77501000 rwx [=] [Thread 2000] 77501000 - 77502000 rwx [=] [Thread 2000] 77502000 - 77503000 rwx [=] [Thread 2000] 77504000 - 77506000 rwx [=] [Thread 2000] 77506000 - 77515000 rwx [=] [Thread 2000] 77515000 - 77516000 rwx [=] [Thread 2000] 77517000 - 77575000 rwx [=] [Thread 2000] 77575000 - 77584000 rwx [=] [Thread 2000] 77584000 - 7758a000 rwx [=] [Thread 2000] 7758b000 - 7773f000 rwx [=] [Thread 2000] 7773f000 - 7774e000 rwx [=] [Thread 2000] 7774e000 - 77765000 rwx [=] [Thread 2000] 77765000 - 77767000 rwx [=] [Thread 2000] 77768000 - 77794000 rwx [=] [Thread 2000] 77794000 - 777a3000 rwx [=] [Thread 2000] 777a3000 - 777a4000 rwx [=] [Thread 2000] 777a5000 - 7784b000 rwx [=] [Thread 2000] 7784b000 - 7785a000 rwx [=] [Thread 2000] 7785a000 - 7785c000 rwx [=] [Thread 2000] 7785c000 - 77862000 rwx [=] [Thread 2000] 77863000 - 77866000 rwx [=] [Thread 2000] 77866000 - 77875000 rwx [=] [Thread 2000] 77875000 - 77877000 rwx [=] [Thread 2000] 77877000 - 77878000 rwx [=] [Thread 2000] 7ff0d000 - 7ff3d000 rwx [x] [Thread 2000] ['0x1', '0x0', '0xa4', [=] [Thread 2000] Perm Label Image /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd [hook_mem]
/home/test/PycharmProjects/QlTest/rootfs/netgear_6220/lib/ld-uClibc.so.0
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscnvram.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscnvram.so
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libflash.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libflash.so
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscm_wl.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscm_wl.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/sso_module.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/sso_module.so
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libssl.so.0.9.8
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libssl.so.0.9.8
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libcrypto.so.0.9.8
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libcrypto.so.0.9.8
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libgcc_s.so.1
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libgcc_s.so.1
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libuClibc-0.9.33.2.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libuClibc-0.9.33.2.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libdl-0.9.33.2.so
[syscall_mmap]
[mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libdl-0.9.33.2.so
[syscall_mmap]
[stack]
'0x90', '0x1', '0x0', '0xa7', '0x24']

[=] [Thread 2000] 0x047bb238 {ld-uClibc.so.0 + 0x001238} 01 00 a4 90 01 00 a7 24 01 00 c3 90 03 00 80 14 01 00 c5 24 04 00 00 10 23 18 03 00 f7 ff 83 10 21 30 a0 00 23 18 83 00 0b 10 03 00 21 e8 c0 03 04 00 be 8f 08 00 e0 03 08 00 bd 27 02 00 1c 3c lbu $a0, 1($a1)

addiu $a3, $a1, 1 lbu $v1, 1($a2) bnez $a0, 0x47bb254 addiu $a1, $a2, 1 b 0x47bb260 negu $v1, $v1 beq $a0, $v1, 0x47bb234 move $a2, $a1 subu $v1, $a0, $v1 movn $v0, $zero, $v1 move $sp, $fp lw $fp, 4($sp) jr $ra addiu $sp, $sp, 8 lui $gp, 2 [x] [Thread 2000] Traceback (most recent call last): File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/thread.py", line 248, in _run self.ql.emu_start(start_address, self.exit_point, count=30000) File "/usr/local/lib/python3.7/dist-packages/qiling/core.py", line 896, in emu_start self.uc.emu_start(begin, end, timeout, count) File "/usr/local/lib/python3.7/dist-packages/unicorn/unicorn.py", line 341, in emu_start raise UcError(status) unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED) Traceback (most recent call last): File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/thread.py", line 252, in _run raise e File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/thread.py", line 248, in _run self.ql.emu_start(start_address, self.exit_point, count=30000) File "/usr/local/lib/python3.7/dist-packages/qiling/core.py", line 896, in emu_start self.uc.emu_start(begin, end, timeout, count) File "/usr/local/lib/python3.7/dist-packages/unicorn/unicorn.py", line 341, in emu_start raise UcError(status) unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED) 2021-07-19T01:29:38Z <QlLinuxMIPS32Thread at 0x7f88c1e713b0: _run> failed with UcError

[x] [Thread 2000]

[x] [Thread 2000] zero : 0x0 [x] [Thread 2000] at : 0x0 [x] [Thread 2000] v0 : 0x7776ef8c [x] [Thread 2000] v1 : 0x6d5 [x] [Thread 2000] a0 : 0xa [x] [Thread 2000] a1 : 0x5 [x] [Thread 2000] a2 : 0x7777369e [x] [Thread 2000] a3 : 0x5 [x] [Thread 2000] t0 : 0x7776f30c [x] [Thread 2000] t1 : 0x7776a59c [x] [Thread 2000] t2 : 0x0 [x] [Thread 2000] t3 : 0xffffffff [x] [Thread 2000] t4 : 0x47ba000 [x] [Thread 2000] t5 : 0xf0000000 [x] [Thread 2000] t6 : 0x1 [x] [Thread 2000] t7 : 0xc [x] [Thread 2000] s0 : 0x774bf994 [x] [Thread 2000] s1 : 0x3ccdc6e [x] [Thread 2000] s2 : 0x774bf064 [x] [Thread 2000] s3 : 0x7ff3c920 [x] [Thread 2000] s4 : 0x774bf994 [x] [Thread 2000] s5 : 0x7 [x] [Thread 2000] s6 : 0x49f [x] [Thread 2000] s7 : 0x1 [x] [Thread 2000] t8 : 0x77877000 [x] [Thread 2000] t9 : 0x47bb1a4 [x] [Thread 2000] k0 : 0x0 [x] [Thread 2000] k1 : 0x0 [x] [Thread 2000] gp : 0x47da010 [x] [Thread 2000] sp : 0x7ff3c898 [x] [Thread 2000] s8 : 0x7ff3c898 [x] [Thread 2000] ra : 0x47bbe60 [x] [Thread 2000] status : 0x0 [x] [Thread 2000] lo : 0x0 [x] [Thread 2000] hi : 0x0 [x] [Thread 2000] badvaddr : 0x0 [x] [Thread 2000] cause : 0x0 [x] [Thread 2000] pc : 0x47bb238 [x] [Thread 2000] cp0_config3 : 0x2000 [x] [Thread 2000] cp0_userlocal : 0x7787e780 [x] [Thread 2000]

[x] [Thread 2000] PC = 0x47bb238 [=] [Thread 2000]

[=] [Thread 2000] Start End Perm Label Image [=] [Thread 2000] 00400000 - 00414000 r-x /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd [=] [Thread 2000] 00424000 - 00430000 rw- /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/usr/sbin/mini_httpd [=] [Thread 2000] 00430000 - 00432000 rwx [hook_mem]
[=] [Thread 2000] 047ba000 - 047d3000 rwx /home/test/PycharmProjects/QlTest/rootfs/netgear_6220/lib/ld-uClibc.so.0
[=] [Thread 2000] 774bf000 - 774c0000 rwx [syscall_mmap]
[=] [Thread 2000] 774c1000 - 774c4000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscnvram.so
[=] [Thread 2000] 774c4000 - 774d3000 rwx [syscall_mmap]
[=] [Thread 2000] 774d3000 - 774d4000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscnvram.so
[=] [Thread 2000] 774d5000 - 774d9000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libflash.so
[=] [Thread 2000] 774d9000 - 774e8000 rwx [syscall_mmap]
[=] [Thread 2000] 774e8000 - 774e9000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libflash.so
[=] [Thread 2000] 774ea000 - 774f2000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscm_wl.so
[=] [Thread 2000] 774f2000 - 77501000 rwx [syscall_mmap]
[=] [Thread 2000] 77501000 - 77502000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libscm_wl.so
[=] [Thread 2000] 77502000 - 77503000 rwx [syscall_mmap]
[=] [Thread 2000] 77504000 - 77506000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/sso_module.so
[=] [Thread 2000] 77506000 - 77515000 rwx [syscall_mmap]
[=] [Thread 2000] 77515000 - 77516000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/sso_module.so
[=] [Thread 2000] 77517000 - 77575000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libssl.so.0.9.8
[=] [Thread 2000] 77575000 - 77584000 rwx [syscall_mmap]
[=] [Thread 2000] 77584000 - 7758a000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libssl.so.0.9.8
[=] [Thread 2000] 7758b000 - 7773f000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libcrypto.so.0.9.8
[=] [Thread 2000] 7773f000 - 7774e000 rwx [syscall_mmap]
[=] [Thread 2000] 7774e000 - 77765000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libcrypto.so.0.9.8
[=] [Thread 2000] 77765000 - 77767000 rwx [syscall_mmap]
[=] [Thread 2000] 77768000 - 77794000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libgcc_s.so.1
[=] [Thread 2000] 77794000 - 777a3000 rwx [syscall_mmap]
[=] [Thread 2000] 777a3000 - 777a4000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libgcc_s.so.1
[=] [Thread 2000] 777a5000 - 7784b000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libuClibc-0.9.33.2.so
[=] [Thread 2000] 7784b000 - 7785a000 rwx [syscall_mmap]
[=] [Thread 2000] 7785a000 - 7785c000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libuClibc-0.9.33.2.so
[=] [Thread 2000] 7785c000 - 77862000 rwx [syscall_mmap]
[=] [Thread 2000] 77863000 - 77866000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libdl-0.9.33.2.so
[=] [Thread 2000] 77866000 - 77875000 rwx [syscall_mmap]
[=] [Thread 2000] 77875000 - 77877000 rwx [mmap] /home/test/PycharmProjects/QlTest/qiling_test/../rootfs/netgear_6220/lib/libdl-0.9.33.2.so
[=] [Thread 2000] 77877000 - 77878000 rwx [syscall_mmap]
[=] [Thread 2000] 7ff0d000 - 7ff3d000 rwx [stack]
[x] [Thread 2000] ['0x1', '0x0', '0xa4', '0x90', '0x1', '0x0', '0xa7', '0x24'] [=] [Thread 2000]

[=] [Thread 2000] 0x047bb238 {ld-uClibc.so.0 + 0x001238} 01 00 a4 90 01 00 a7 24 01 00 c3 90 03 00 80 14 01 00 c5 24 04 00 00 10 23 18 03 00 f7 ff 83 10 21 30 a0 00 23 18 83 00 0b 10 03 00 21 e8 c0 03 04 00 be 8f 08 00 e0 03 08 00 bd 27 02 00 1c 3c lbu $a0, 1($a1)

addiu $a3, $a1, 1 lbu $v1, 1($a2) bnez $a0, 0x47bb254 addiu $a1, $a2, 1 b 0x47bb260 negu $v1, $v1 beq $a0, $v1, 0x47bb234 move $a2, $a1 subu $v1, $a0, $v1 movn $v0, $zero, $v1 move $sp, $fp lw $fp, 4($sp) jr $ra addiu $sp, $sp, 8 lui $gp, 2 Traceback (most recent call last): File "/home/test/PycharmProjects/QlTest/qiling_test/netgear6220.py", line 84, in "../rootfs/netgear_6220") File "/home/test/PycharmProjects/QlTest/qiling_test/netgear6220.py", line 76, in my_netgear ql.run() File "/usr/local/lib/python3.7/dist-packages/qiling/core.py", line 755, in run self.os.run() File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/linux.py", line 120, in run thread_management.run() File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/thread.py", line 592, in run previous_thread = self._prepare_lib_patch() File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/thread.py", line 573, in _prepare_lib_patch gevent.joinall([self.main_thread], raise_error=True) File "src/gevent/greenlet.py", line 1057, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 1073, in gevent._gevent_cgreenlet.joinall File "src/gevent/greenlet.py", line 371, in gevent._gevent_cgreenlet.Greenlet._raise_exception File "/usr/local/lib/python3.7/dist-packages/gevent/_compat.py", line 65, in reraise raise value.with_traceback(tb) File "src/gevent/greenlet.py", line 906, in gevent._gevent_cgreenlet.Greenlet.run File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/thread.py", line 252, in _run raise e File "/usr/local/lib/python3.7/dist-packages/qiling/os/linux/thread.py", line 248, in _run self.ql.emu_start(start_address, self.exit_point, count=30000) File "/usr/local/lib/python3.7/dist-packages/qiling/core.py", line 896, in emu_start self.uc.emu_start(begin, end, timeout, count) File "/usr/local/lib/python3.7/dist-packages/unicorn/unicorn.py", line 341, in emu_start raise UcError(status) unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)

Process finished with exit code 1

Jul 19 '21 01:07 newthis

Few things

i dont remember the netgear needs a br0 patch
the netgear is different for every minior version, some mem fix need to ne adjust
if you just want to try for fun, try tenda. easier to play around and more bugs.

Jul 19 '21 03:07 xwings

Will you be able to try the latest version of Qiling and see if you still face same issue. There is lots of rework since 2021. Feel free to open a new issue if you have any similar problem.

Oct 06 '22 03:10 xwings

qiling
qiling copied to clipboard

AttributeError: 'NoneType' object has no attribute 'cur_thread': when run netgear_6220_mips32el_linux.py:

qiling qiling copied to clipboard

AttributeError: 'NoneType' object has no attribute 'cur_thread': when run netgear_6220_mips32el_linux.py:

qiling
qiling copied to clipboard