sandsifter icon indicating copy to clipboard operation
sandsifter copied to clipboard

Published 20 hours ago verified publisher icon xoreaxeaxeax

sifter.py fails with "OSError: [Error 2] No such file or directory"

Open rostwald opened this issue 7 years ago • 2 comments

When running sifter.py as per example in the README it fails with [Errno 2] No such file or directory

# ./sifter.py --unk --dis --len --sync --tick -- -P1 -t
Traceback (most recent call last):
  File "./sifter.py", line 842, in <module>
    main()
  File "./sifter.py", line 815, in main
    stderr=subprocess.PIPE
  File "/usr/lib/python2.7/subprocess.py", line 390, in __init__
    errread, errwrite)
  File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
    raise child_exception
OSError: [Errno 2] No such file or directory

sandsifter and capstone have been freshly build from git sources capstone-bindings for python were installed via pip

OS: Alpine Linux 3.5 in an LX-Zone on smartOS (SunOS 5.11 joyent_20170511T001921Z)

I couldn't really figure out what file sifter.py or subprocess.py is failing to open - a quick trace for open* syscalls on the host shows these files being accessed (and existent):

# dtrace -n 'syscall::open*:entry { printf("%s %s",execname,copyinstr(arg0)); }'
dtrace: description 'syscall::open*:entry ' matched 4 probes
CPU     ID                    FUNCTION:NAME
 15   8834                       open:entry sifter.py /var/ld/64/ld.config
 15   8834                       open:entry sifter.py /native/lib/64/libc.so.1
 15   8834                       open:entry sifter.py /native/usr/lib/64/libmapmalloc.so.1
 15   8834                       open:entry sifter.py /native/lib/64/librpcsvc.so.1
 15   8834                       open:entry sifter.py /native/lib/64/libnsl.so.1

A full trace of a failed sifter.py execution is available on pastebin: https://pastebin.com/YP2wUZHy

rostwald avatar Jul 28 '17 14:07 rostwald

@rostwald the error means that sifter was using subprocess module to spawn own another program, which could not be found.

Looking at line 815, (assuming line numbers didn't change since), sifter was trying to spawn off file ./injector to detect 32/64-bit something.

The file utility could not be found. Either it's missing or not in $PATH.

dimaqq avatar Aug 23 '17 01:08 dimaqq

It seems it was indeed a missing "file" tool. I just hate python error output...

sifter.py is running now, but the injector is now immediately crashing with Trace/breakpoint trap (core dumped) I'll have to look into that later I guess...

rostwald avatar Aug 23 '17 07:08 rostwald