rizin
rizin copied to clipboard
Published
20 hours ago •
rizinorg
rizinorg
Fail to load ELF ARM binary
[i] ℤ rizin 00082bf2fdcd7b7b23905dba6089589285f8e6dcd45841f296ce769cd29e17e7 13:49:09
WARNING: Unsupported relocation type for imports 21
WARNING: Unsupported relocation type for imports 21
This string is the part of the ELF data - .interp section
[0x44c68000]> om
1 fd: 4 +0x00000000 0x44ca9e70 - 0x44cab657 r-- vmap.reloc-targets
2 fd: 3 +0x00000000 0x44c68000 - 0x44ca5a03 r-x fmap.LOAD0
3 fd: 5 +0x00000000 0x44ca9e10 - 0x44ca9e67 rw- mmap.LOAD1
4 fd: 6 +0x0003e000 0x44ca6000 - 0x44ca9e0f r-- vmap.LOAD1
[0x44c68000]> iS
paddr size vaddr vsize align perm name type flags
--------------------------------------------------------------------------------------------------------
0x00000000 0x0 0x00000000 0x0 0x0 ---- NULL
0x00000114 0x13 0x44c68114 0x13 0x0 -r-- .interp PROGBITS alloc
0x00000128 0x2340 0x44c68128 0x2340 0x0 -r-- .dynsym DYNSYM alloc
0x00002468 0x2804 0x44c6a468 0x2804 0x0 -r-- .dynstr STRTAB alloc
0x00004c6c 0x7d4 0x44c6cc6c 0x7d4 0x0 -r-- .gnu.hash GNU_HASH alloc
0x00005440 0x468 0x44c6d440 0x468 0x0 -r-- .gnu.version VERSYM alloc
0x000058a8 0x38 0x44c6d8a8 0x38 0x0 -r-- .gnu.version_d VERDEF alloc
0x000058e0 0x40 0x44c6d8e0 0x40 0x0 -r-- .gnu.version_r VERNEED alloc
0x00005920 0x2330 0x44c6d920 0x2330 0x0 -r-- .rel.dyn REL alloc
0x00007c50 0xca0 0x44c6fc50 0xca0 0x0 -r-- .rel.plt REL alloc
0x000088f0 0xc 0x44c708f0 0xc 0x0 -r-x .init PROGBITS alloc,execute
0x000088fc 0x1304 0x44c708fc 0x1304 0x0 -r-x .plt PROGBITS alloc,execute
0x00009c00 0x2e21c 0x44c71c00 0x2e21c 0x0 -r-x .text PROGBITS alloc,execute
0x00037e1c 0x8 0x44c9fe1c 0x8 0x0 -r-x .fini PROGBITS alloc,execute
0x00037e24 0x5bd4 0x44c9fe24 0x5bd4 0x0 -r-- .rodata PROGBITS alloc
0x0003d9f8 0x4 0x44ca59f8 0x4 0x0 -r-- .eh_frame PROGBITS alloc
0x0003d9fc 0x8 0x44ca59fc 0x8 0x0 -r-- .eh_frame_hdr PROGBITS alloc
0x0003e000 0x108 0x44ca6000 0x108 0x0 -rw- .dynamic DYNAMIC write,alloc
0x0003e108 0x2194 0x44ca6108 0x2194 0x0 -rw- .data PROGBITS write,alloc
0x0004029c 0x4 0x44ca829c 0x4 0x0 -rw- .init_array INIT_ARRAY write,alloc
0x000402a0 0x4 0x44ca82a0 0x4 0x0 -rw- .fini_array FINI_ARRAY write,alloc
0x000402a4 0x4 0x44ca82a4 0x4 0x0 -rw- .jcr PROGBITS write,alloc
0x000402a8 0x6cc 0x44ca82a8 0x6cc 0x0 -rw- .data.rel.ro PROGBITS write,alloc
0x00040974 0xdec 0x44ca8974 0xdec 0x0 -rw- .data.rel.ro.local PROGBITS write,alloc
0x00041760 0x6b0 0x44ca9760 0x6b0 0x0 -rw- .got PROGBITS write,alloc
0x00041e10 0x0 0x44ca9e10 0x58 0x0 -rw- .bss NOBITS write,alloc
0x00041e10 0x1c 0x00000000 0x1c 0x0 ---- .note.gnu.gold-version NOTE
0x00041e2c 0x33 0x00000000 0x33 0x0 ---- .ARM.attributes LOPROC+0x00000003
0x00041e5f 0x14 0x00000000 0x14 0x0 ---- .gnu_debuglink PROGBITS
0x00041e74 0x64 0x00000000 0x64 0x0 ---- .gnu.liblist GNU_LIBLIST
0x00041ed8 0x4a 0x00000000 0x4a 0x0 ---- .gnu.libstr STRTAB
0x00041f24 0x59c 0x00000000 0x59c 0x0 ---- .gnu.prelink_undo PROGBITS
0x000424c0 0x153 0x00000000 0x153 0x0 ---- .shstrtab STRTAB
[0x44c68000]> iSS
paddr size vaddr vsize align perm name
---------------------------------------------------------------
0x00000034 0xe0 0x44c68034 0xe0 0x4 -r-- PHDR
0x00000114 0x13 0x44c68114 0x13 0x1 -r-- INTERP
0x00000000 0x3da04 0x44c68000 0x3da04 0x1000 -r-x LOAD0
0x0003e000 0x3e10 0x44ca6000 0x3e68 0x1000 -rw- LOAD1
0x0003e000 0x108 0x44ca6000 0x108 0x4 -rw- DYNAMIC
0x0003d9fc 0x8 0x44ca59fc 0x8 0x4 -r-- GNU_EH_FRAME
0x00000000 0x0 0x00000000 0x0 0x0 -rw- GNU_STACK
0x00000000 0x34 0x44c68000 0x34 0x0 -rw- ehdr
It's indeed string, so it should not be the code. It looks like some ELF file loading failed instead. cc @08A
[i] ℤ rizin 00082bf2fdcd7b7b23905dba6089589285f8e6dcd45841f296ce769cd29e17e7 13:49:09
WARNING: Unsupported relocation type for imports 21
WARNING: Unsupported relocation type for imports 21
This string is the part of the ELF data - .interp section
[0x44c68000]> om
1 fd: 4 +0x00000000 0x44ca9e70 - 0x44cab657 r-- vmap.reloc-targets
2 fd: 3 +0x00000000 0x44c68000 - 0x44ca5a03 r-x fmap.LOAD0
3 fd: 5 +0x00000000 0x44ca9e10 - 0x44ca9e67 rw- mmap.LOAD1
4 fd: 6 +0x0003e000 0x44ca6000 - 0x44ca9e0f r-- vmap.LOAD1
[0x44c68000]> iS
paddr size vaddr vsize align perm name type flags
--------------------------------------------------------------------------------------------------------
0x00000000 0x0 0x00000000 0x0 0x0 ---- NULL
0x00000114 0x13 0x44c68114 0x13 0x0 -r-- .interp PROGBITS alloc
0x00000128 0x2340 0x44c68128 0x2340 0x0 -r-- .dynsym DYNSYM alloc
0x00002468 0x2804 0x44c6a468 0x2804 0x0 -r-- .dynstr STRTAB alloc
0x00004c6c 0x7d4 0x44c6cc6c 0x7d4 0x0 -r-- .gnu.hash GNU_HASH alloc
0x00005440 0x468 0x44c6d440 0x468 0x0 -r-- .gnu.version VERSYM alloc
0x000058a8 0x38 0x44c6d8a8 0x38 0x0 -r-- .gnu.version_d VERDEF alloc
0x000058e0 0x40 0x44c6d8e0 0x40 0x0 -r-- .gnu.version_r VERNEED alloc
0x00005920 0x2330 0x44c6d920 0x2330 0x0 -r-- .rel.dyn REL alloc
0x00007c50 0xca0 0x44c6fc50 0xca0 0x0 -r-- .rel.plt REL alloc
0x000088f0 0xc 0x44c708f0 0xc 0x0 -r-x .init PROGBITS alloc,execute
0x000088fc 0x1304 0x44c708fc 0x1304 0x0 -r-x .plt PROGBITS alloc,execute
0x00009c00 0x2e21c 0x44c71c00 0x2e21c 0x0 -r-x .text PROGBITS alloc,execute
0x00037e1c 0x8 0x44c9fe1c 0x8 0x0 -r-x .fini PROGBITS alloc,execute
0x00037e24 0x5bd4 0x44c9fe24 0x5bd4 0x0 -r-- .rodata PROGBITS alloc
0x0003d9f8 0x4 0x44ca59f8 0x4 0x0 -r-- .eh_frame PROGBITS alloc
0x0003d9fc 0x8 0x44ca59fc 0x8 0x0 -r-- .eh_frame_hdr PROGBITS alloc
0x0003e000 0x108 0x44ca6000 0x108 0x0 -rw- .dynamic DYNAMIC write,alloc
0x0003e108 0x2194 0x44ca6108 0x2194 0x0 -rw- .data PROGBITS write,alloc
0x0004029c 0x4 0x44ca829c 0x4 0x0 -rw- .init_array INIT_ARRAY write,alloc
0x000402a0 0x4 0x44ca82a0 0x4 0x0 -rw- .fini_array FINI_ARRAY write,alloc
0x000402a4 0x4 0x44ca82a4 0x4 0x0 -rw- .jcr PROGBITS write,alloc
0x000402a8 0x6cc 0x44ca82a8 0x6cc 0x0 -rw- .data.rel.ro PROGBITS write,alloc
0x00040974 0xdec 0x44ca8974 0xdec 0x0 -rw- .data.rel.ro.local PROGBITS write,alloc
0x00041760 0x6b0 0x44ca9760 0x6b0 0x0 -rw- .got PROGBITS write,alloc
0x00041e10 0x0 0x44ca9e10 0x58 0x0 -rw- .bss NOBITS write,alloc
0x00041e10 0x1c 0x00000000 0x1c 0x0 ---- .note.gnu.gold-version NOTE
0x00041e2c 0x33 0x00000000 0x33 0x0 ---- .ARM.attributes LOPROC+0x00000003
0x00041e5f 0x14 0x00000000 0x14 0x0 ---- .gnu_debuglink PROGBITS
0x00041e74 0x64 0x00000000 0x64 0x0 ---- .gnu.liblist GNU_LIBLIST
0x00041ed8 0x4a 0x00000000 0x4a 0x0 ---- .gnu.libstr STRTAB
0x00041f24 0x59c 0x00000000 0x59c 0x0 ---- .gnu.prelink_undo PROGBITS
0x000424c0 0x153 0x00000000 0x153 0x0 ---- .shstrtab STRTAB
[0x44c68000]> iSS
paddr size vaddr vsize align perm name
---------------------------------------------------------------
0x00000034 0xe0 0x44c68034 0xe0 0x4 -r-- PHDR
0x00000114 0x13 0x44c68114 0x13 0x1 -r-- INTERP
0x00000000 0x3da04 0x44c68000 0x3da04 0x1000 -r-x LOAD0
0x0003e000 0x3e10 0x44ca6000 0x3e68 0x1000 -rw- LOAD1
0x0003e000 0x108 0x44ca6000 0x108 0x4 -rw- DYNAMIC
0x0003d9fc 0x8 0x44ca59fc 0x8 0x4 -r-- GNU_EH_FRAME
0x00000000 0x0 0x00000000 0x0 0x0 -rw- GNU_STACK
0x00000000 0x34 0x44c68000 0x34 0x0 -rw- ehdr
Curiosly, it seems that the culprit is the wrong value of the entrypoint - it points to the file beginning:
[0x44c70b94]> iH
0x00000000 ELF MAGIC 0x464c457f
0x00000010 Type 0x0003
0x00000012 Machine 0x0028
0x00000014 Version 0x00000001
0x00000018 Entrypoint 0x44c68000
0x0000001c PhOff 0x00000034
0x00000020 ShOff 0x00042614
0x00000024 Flags 0x05000000
0x00000028 EhSize 52
0x0000002a PhentSize 32
0x0000002c PhNum 7
0x0000002e ShentSize 40
0x00000030 ShNum 33
0x00000032 ShrStrndx 32
[0x44c70b94]>
We probably should mark headers as the data-only specifically, if they don't have x bits.
@XVilka the original issue was "Empty operands when analyzing some ARM binary", so I restored the title. That's the problem reported by @xrkk .
@xrkk could you test the fix in https://github.com/rizinorg/rizin/pull/1730 to see if it works for other instructions as well? I think it makes sense, but if you have some spare time to double check that would be awesome. Thanks!
@ret2libc are you sure the issue is about that? It is essentially about ELF loading process.
@ret2libc are you sure the issue is about that? It is essentially about ELF loading process.
Well, this is what @xrkk reported
With rizin version built from source, when analyzing one ARM32 binary, command aoj~{} does not return the 2nd operand.
The 2nd operand is part of the opex structure returned by aoj. Now, there may be other problems with the binary, but let's open separate issues for that. This issue was specifically about the missing operand in opex.
@ret2libc it's not even the actual code, it's a string.
Yep, I got it. But that's a separate problem.
@ret2libc Pull #1730 did fix the 2nd operand problem.
[0x44c68118]> aoj~{}
[
{
"opcode": "stclhs p12, c6, [r4, -0xbc]!",
"disasm": "stclhs p12, c6, [r4, -0xbc]!",
"pseudo": "asm(\"stclhs p12, c6, [r4, -0xbc]!\")",
"mnemonic": "stclhs",
"mask": "ffffffff",
"esil": "cf,?{,,}",
"sign": false,
"prefix": 0,
"id": 191,
"opex": {
"operands": [
{
"type": "pimm",
"value": 12
},
{
"type": "cimm",
"value": 6
},
{
"type": "mem",
"base": "r4",
"scale": 1,
"disp": -188
}
],
"writeback": true,
"cc": "hs"
},
"addr": 1153859864,
"bytes": "2f6c642d",
"size": 4,
"type": "null",
"esilcost": 0,
"scale": 0,
"refptr": 0,
"cycles": 1,
"failcycles": 0,
"delay": 0,
"stackptr": 0,
"family": "cpu"
}
]
[0x44c68118]>
Thank you.