Giters

CheckPointSW / Karta

Karta - source code assisted fast binary matching plugin for IDA

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

KeyError when adding support for Libpcap 1.8.1

YinWinston opened this issue · comments

commented

I'm currently in the process of adding support for libpcap 1.8.1 for Karta. I've created a new JSON configuration file using karta_analyze_src.py and added my libpcap identification script to init. When I run the matcher program in Karta using IDA Pro 7.3, Karta is able to match certain anchor functions in lipcap to those in my program, but when it begins to link the binary functions to their respective tentative files, it throws this exception:
C:\Users\wyin\Documents\Karta-master\src\karta_matcher.py: 4734272L Traceback (most recent call last): File "C:\Program Files\IDA Pro 7.3\python\ida_idaapi.py", line 572, in IDAPython_ExecScript execfile(script, g) File "C:/Users/wyin/Documents/Karta-master/src/karta_matcher.py", line 193, in <module> pluginMain() File "C:/Users/wyin/Documents/Karta-master/src/karta_matcher.py", line 183, in pluginMain matchLibraries() File "C:/Users/wyin/Documents/Karta-master/src/karta_matcher.py", line 144, in matchLibraries matchLibrary(lib_name, actual_version) File "C:/Users/wyin/Documents/Karta-master/src/karta_matcher.py", line 95, in matchLibrary startMatch(cur_config_path, lib_name) File "C:/Users/wyin/Documents/Karta-master/src/karta_matcher.py", line 60, in startMatch matching_engine.locateFileBoundaries() File "C:/Users/wyin/Documents/Karta-master/src\core\matching_engine.py", line 586, in locateFileBoundaries local_bins_ctx = map(lambda ea: self.bin_functions_ctx[ea], all_bin_functions[local_bin_start_index:local_bin_end_index + 1]) File "C:/Users/wyin/Documents/Karta-master/src\core\matching_engine.py", line 586, in <lambda> local_bins_ctx = map(lambda ea: self.bin_functions_ctx[ea], all_bin_functions[local_bin_start_index:local_bin_end_index + 1]) KeyError: 4734272L
The libpcap identification script is the exact same as the identification script for zlib except that the key string has been changed to fit libpcap. Do you know what exactly this error message means and what I could do to fix this?

commented

I have resolved this issue myself. I had forgotten to use the no inlining flag when I compiled libpcap and that led to the keyerrors.