[BINARY] fails disassembly arm64 binary #77

bbtzzt · 2024-08-27T03:33:08Z

Hello,I tried to install and use ddisasm on arm.
First, I found the arm64 dockerfile provided by this link：#44 ，However, due to the update of dependency library and versions of ddisasm and gtirb-pprinter, this dockerfile needs to be updated. Finally, I successfully installed the following versions of ddisasm and gtirb-pprinter on Ubuhntu 20.04.The updated dockerfile is provided in the attachment.
Dockerfile-aarch64.zip

root@0eba6fea14aa:/demo# ddisasm --version
1.8.0 (UNKNOWN 2024-08-13) ARM64+IA32+X64+ARM32+MIPS32
root@0eba6fea14aa:/demo# gtirb-pprinter --version
2.2.1 (677dc44 2024-08-12)

Then I started rewriting the arm binary with ddisasm.I have practiced rewriting binary programs such as vim, nginx, redis and ls, but except vim, the remaining programs encountered some errors in the process of generating new binaries by gtirb-pprinter. I don't know the specific reasons for the errors, and I hope to get your reply.

root@0eba6fea14aa:/usr/local/nginx/sbin# gtirb-pprinter nginx.gtirb -b nginx-ddisasm
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:262)  Reading GTIRB file:     "nginx.gtirb"
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:497)  Module nginx has integral symbols; attempting to assign referents...
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:559)  Generating binary for module nginx
Generating binary file
Compiler arguments: -o /tmp/dirhCRYn5/nginx-ddisasm /tmp/filelthbv5.s -Wl,--no-as-needed -l:libdl.so.2 -l:libpthread.so.0 -l:libcrypt.so.1 -l:libpcre2-8.so.0 -l:libz.so.1 -l:libc.so.6 -l:ld-linux-aarch64.so.1 -Wl,--dynamic-list=/tmp/fileHtwQa5.dynamic_list.txt -Wl,-init=__rela_iplt_end_copy -pie -Wl,-z,stack-size=0 -Wl,-z,noexecstack -nodefaultlibs -nostartfiles
/tmp/filelthbv5.s: Assembler messages:
/tmp/filelthbv5.s:8359: Error: unexpected characters following instruction at operand 3 -- `cmeq d0,d0,#0,#0'
/tmp/filelthbv5.s:67074: Error: unexpected characters following instruction at operand 3 -- `cmeq d0,d0,#0,#0'
/tmp/filelthbv5.s:80530: Error: unexpected characters following instruction at operand 3 -- `cmeq d0,d0,#0,#0'
[ERROR] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/ElfBinaryPrinter.cpp:791) assembler returned: 1
[ERROR] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:586) Unable to assemble 'nginx-ddisasm'.

root@0eba6fea14aa:/usr/local/bin# gtirb-pprinter redis-server.gtirb -b redis-server-ddisasm
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:262)  Reading GTIRB file:     "redis-server.gtirb"
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:497)  Module redis-server has integral symbols; attempting to assign referents...
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:559)  Generating binary for module redis-server
Generating binary file
Compiler arguments: -o /tmp/dirJvLiZe/redis-server-ddisasm /tmp/fileAe7Hhd.s -Wl,--no-as-needed -l:libm.so.6 -l:libdl.so.2 -l:libpthread.so.0 -l:libc.so.6 -l:ld-linux-aarch64.so.1 -Wl,--dynamic-list=/tmp/filexeD90g.dynamic_list.txt -Wl,-init=__rela_iplt_end_copy -pie -Wl,-z,stack-size=0 -Wl,-z,noexecstack -nodefaultlibs -nostartfiles
/tmp/fileAe7Hhd.s: Assembler messages:
/tmp/fileAe7Hhd.s:117963: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v2,x23'
/tmp/fileAe7Hhd.s:150224: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v2,x21'
/tmp/fileAe7Hhd.s:568528: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x5'
/tmp/fileAe7Hhd.s:568572: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x5'
/tmp/fileAe7Hhd.s:568750: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x5'
/tmp/fileAe7Hhd.s:570044: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:570407: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:570907: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:570920: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:570934: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:570972: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:571000: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:571014: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:571041: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileAe7Hhd.s:571052: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
[ERROR] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/ElfBinaryPrinter.cpp:791) assembler returned: 1
[ERROR] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:586) Unable to assemble 'redis-server-ddisasm'.

root@0eba6fea14aa:/home/demo# ddisasm ls --ir ls.gtirb
Building the initial gtirb representation [   8ms]
Processing module: ls
    disassembly              load [ 288ms]    compute [    7s]  transform [ 890ms]
    SCC analysis                              compute [  25ms]  transform [   0ms]
    no return analysis       load [  53ms]    compute [ 557ms]  transform [   1ms]
    function inference       load [  80ms]    compute [  42ms]  transform [  23ms]
root@0eba6fea14aa:/home/demo# gtirb-pprinter ls.
ls.bak    ls.gtirb
root@0eba6fea14aa:/home/demo# gtirb-pprinter ls.gtirb -b new_ls
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:262)  Reading GTIRB file:     "ls.gtirb"
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:497)  Module ls has integral symbols; attempting to assign referents...
[INFO] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:559)  Generating binary for module ls
Generating binary file
Compiler arguments: -o /tmp/dir1TIjQF/new_ls /tmp/fileVuFMUF.s -Wl,--no-as-needed -l:libselinux.so.1 -l:libc.so.6 -l:ld-linux-aarch64.so.1 -Wl,--dynamic-list=/tmp/fileucGU6I.dynamic_list.txt -Wl,-init=__rela_iplt_end_copy -Wl,-fini=FUN_17290 -pie -Wl,-z,stack-size=0 -Wl,-z,noexecstack -nodefaultlibs -nostartfiles
/tmp/fileVuFMUF.s: Assembler messages:
/tmp/fileVuFMUF.s:32560: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x5'
/tmp/fileVuFMUF.s:32736: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x5'
/tmp/fileVuFMUF.s:33032: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x5'
/tmp/fileVuFMUF.s:33655: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileVuFMUF.s:34018: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileVuFMUF.s:34273: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileVuFMUF.s:34284: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileVuFMUF.s:34438: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileVuFMUF.s:34448: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
/tmp/fileVuFMUF.s:34461: Error: the top half of a 128-bit FP/SIMD register is expected at operand 1 -- `fmov v0,x3'
[ERROR] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/ElfBinaryPrinter.cpp:791) assembler returned: 1
[ERROR] (/usr/local/src/gtirb-pprinter/src/gtirb_pprinter/driver/pretty_printer.cpp:586) Unable to assemble 'new_ls'.

In addition, I want to install gtirb-rewriting on arm, but I encounter the following prompts. However, I can't find the pip package suitable for capstone-gt and mcasm of arm, which makes it impossible for me to continue to perform the functions of GTIRB Stack Stamp based on python api provided by gtirb-rewriting.

root@0eba6fea14aa:/home/# pip3 install gtirb_rewriting
Collecting gtirb_rewriting
Using cached gtirb_rewriting-0.2.0-py3-none-any.whl.metadata (628 bytes)
INFO: pip is looking at multiple versions of gtirb-rewriting to determine which version is compatible with other requirements. This could take a while.
Using cached gtirb_rewriting-0.1.2-py3-none-any.whl.metadata (639 bytes)
Using cached gtirb_rewriting-0.1.1-py3-none-any.whl.metadata (639 bytes)
Using cached gtirb_rewriting-0.1.0-py3-none-any.whl.metadata (631 bytes)
Using cached gtirb_rewriting-0.0.24-py3-none-any.whl.metadata (657 bytes)
Using cached gtirb_rewriting-0.0.23-py3-none-any.whl.metadata (596 bytes)
Using cached gtirb_rewriting-0.0.22-py3-none-any.whl.metadata (596 bytes)
Using cached gtirb_rewriting-0.0.21-py3-none-any.whl.metadata (523 bytes)
Requirement already satisfied: gtirb-capstone in /usr/local/lib/python3.8/dist-packages/gtirb_capstone-1.0.3.dev0-py3.8.egg (from gtirb_rewriting) (1.0.3.dev0)
Collecting gtirb-functions (from gtirb_rewriting)
Using cached gtirb_functions-1.0.9-py3-none-any.whl.metadata (1.3 kB)
Requirement already satisfied: gtirb in /usr/local/lib/python3.8/dist-packages/gtirb-2.1.0-py3.8.egg (from gtirb_rewriting) (2.1.0)
INFO: pip is still looking at multiple versions of gtirb-rewriting to determine which version is compatible with other requirements. This could take a while.
Collecting gtirb_rewriting
Using cached gtirb_rewriting-0.0.20-py3-none-any.whl.metadata (498 bytes)
Using cached gtirb_rewriting-0.0.19-py3-none-any.whl.metadata (767 bytes)
Using cached gtirb_rewriting-0.0.18-py3-none-any.whl.metadata (767 bytes)
Using cached gtirb_rewriting-0.0.17-py3-none-any.whl.metadata (767 bytes)
Using cached gtirb_rewriting-0.0.16-py3-none-any.whl.metadata (767 bytes)
INFO: This is taking longer than usual. You might need to provide the dependency resolver with stricter constraints to reduce runtime. See https://pip.pypa.io/warnings/backtracking for guidance. If you want to abort this run, press Ctrl + C.
Using cached gtirb_rewriting-0.0.15-py3-none-any.whl.metadata (767 bytes)
Using cached gtirb_rewriting-0.0.14-py3-none-any.whl.metadata (767 bytes)
Using cached gtirb_rewriting-0.0.13-py3-none-any.whl.metadata (767 bytes)
Using cached gtirb_rewriting-0.0.12-py3-none-any.whl.metadata (767 bytes)
Using cached gtirb_rewriting-0.0.11-py3-none-any.whl.metadata (767 bytes)
ERROR: Cannot install gtirb-rewriting==0.0.11, gtirb-rewriting==0.0.12, gtirb-rewriting==0.0.13, gtirb-rewriting==0.0.14, gtirb-rewriting==0.0.15, gtirb-rewriting==0.0.16, gtirb-rewriting==0.0.17, gtirb-rewriting==0.0.18, gtirb-rewriting==0.0.19, gtirb-rewriting==0.0.20, gtirb-rewriting==0.0.21, gtirb-rewriting==0.0.22, gtirb-rewriting==0.0.23, gtirb-rewriting==0.0.24, gtirb-rewriting==0.1.0, gtirb-rewriting==0.1.1, gtirb-rewriting==0.1.2 and gtirb-rewriting==0.2.0 because these package versions have conflicting dependencies.

The conflict is caused by:
gtirb-rewriting 0.2.0 depends on capstone-gt
gtirb-rewriting 0.1.2 depends on capstone-gt
gtirb-rewriting 0.1.1 depends on capstone-gt
gtirb-rewriting 0.1.0 depends on capstone-gt
gtirb-rewriting 0.0.24 depends on capstone-gt
gtirb-rewriting 0.0.23 depends on capstone-gt
gtirb-rewriting 0.0.22 depends on capstone-gt
gtirb-rewriting 0.0.21 depends on mcasm>0.1.2
gtirb-rewriting 0.0.20 depends on mcasm>0.1.2
gtirb-rewriting 0.0.19 depends on mcasm
gtirb-rewriting 0.0.18 depends on mcasm
gtirb-rewriting 0.0.17 depends on mcasm
gtirb-rewriting 0.0.16 depends on mcasm
gtirb-rewriting 0.0.15 depends on mcasm
gtirb-rewriting 0.0.14 depends on mcasm
gtirb-rewriting 0.0.13 depends on mcasm
gtirb-rewriting 0.0.12 depends on mcasm
gtirb-rewriting 0.0.11 depends on mcasm

To fix this you could try to:

loosen the range of package versions you've specified
remove package versions to allow pip to attempt to solve the dependency conflict

ERROR: ResolutionImpossible: for help visit https://pip.pypa.io/en/latest/topics/dependency-resolution/#dealing-with-dependency-conflicts

The text was updated successfully, but these errors were encountered:

aeflores · 2024-10-01T00:39:26Z

Hi @bbtzzt, first of all sorry for the late reply.

For your first problem, failing to reassemble a binary. It would be good if you can share the binary, so we can make sure to reproduce your problem. ARM64 is one of the less matures architectures in Ddisasm, so it's possible that there are easy fixes for those issues.

For your second problem, right now we only publish capstone-gt and mcasm packages for x64 architecture (these are not pure python, and so they are architecture dependent). Even if we are rewriting ARM64 binaries, we run our rewriting tools in x64 and cross-compile. Is it absolutely needed for you to run things in an ARM64?

If so, we might be able to start generating the corresponding wheels. In the meantime, you might want to try generating those yourself. You can find mc-asm here https://github.com/grammatech/mc-asm and our fork of capstone here https://github.com/GrammaTech/capstone/tree/v5

bbtzzt added the binary fails DDisasm fails to correctly disassemble a binary label Aug 27, 2024

bbtzzt assigned aeflores Aug 27, 2024

aeflores assigned jdorn-gt Oct 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[BINARY] fails disassembly arm64 binary #77

[BINARY] fails disassembly arm64 binary #77

bbtzzt commented Aug 27, 2024 •

edited

Loading

aeflores commented Oct 1, 2024

[BINARY] fails disassembly arm64 binary #77

[BINARY] fails disassembly arm64 binary #77

Comments

bbtzzt commented Aug 27, 2024 • edited Loading

aeflores commented Oct 1, 2024

bbtzzt commented Aug 27, 2024 •

edited

Loading