ida7 x64dbg sync failing

Question

ida7 x64dbg sync failing

ed4wg opened this issue 6 years ago · comments

The environment:
win10x64
labeless1.1.2.65 - release binary
ida7.1
x64dbg - Jul 1 2018

The main issue is nothing is syncing properly. I don't see any specific errors when running the sync manually, i just don't see anything flowing over to x64dbg.

Here's an example of what i see in the output window in ida:
Labeless: do sync all now... Labels: 142, comments: 3 RPC Thread: OK, tasks left: 0
in x64dbg log window
LL: Labeless::onClientSockAccept: Connected from: 127.0.0.1:51869 LL: socket 00000848 accepted LL: Labeless::onClientSockRead: Received 8 bytes of 8. LL: Labeless::onClientSockRead: Received 89 bytes of 89. LL: Labeless::onClientSockBufferReceived: new request pushed { jobId: 9, bkg: 0, finished: 0 } LL: Labeless::serverThread: jobId 9 socket 00000848 Response sent, len: 0x0000000A LL: Labeless::serverThread: jobId 9 is removed

When running the "test connection" button inside of the ida plugin, i get: "Test failed, error: Invalid version response:"

I've setup and installed this for both x64 and x86 ida/x64dbg and i get the same result in both setups.

One other thing to note. The 1.1.2.65 release code doesn't have the setup.py in the deploy directory so i just pulled that from master to run the python setup.py install.

a1ext · Answer 1 · Wed Jul 04 2018 00:34:24 GMT+0800 (China Standard Time)

Hi @MalPunch3r ,

You have to reinstall labeless python module:

First uninstall previous one:

pip uninstall labeless

Install the new one using either of two ways, the first - using PyPI (the easiest way, if you have an Internet there on the debugger machine):

pip install --upgrade labeless

the second one - using prebuilt one from the release archive:

pip install deploy\labeless-1.1.2.65-py2.py3-none-any.whl

a1ext · Answer 2 · Wed Jul 04 2018 00:36:17 GMT+0800 (China Standard Time)

I'll add these instructions to the README.md, forgot that, sorry :)

Eric L · Answer 3 · Wed Jul 04 2018 03:19:03 GMT+0800 (China Standard Time)

So i did find the old version in the site-packages folder, and removed it, but i'm still having the same problem. I also completely removed python and started fresh, then reinstalled labeless. Still no luck though. I can also see in the version of the ida plugin and x64dbg plugin that it's reporting the latest version.

Any other suggestions?

a1ext · Answer 4 · Wed Jul 04 2018 04:20:38 GMT+0800 (China Standard Time)

@MalPunch3r Could you show me the error message fully?

a1ext · Answer 5 · Wed Jul 04 2018 04:21:28 GMT+0800 (China Standard Time)

Some of parts IDA PRO or x64dbg has old plugin

Eric L · Answer 6 · Tue Jul 10 2018 03:18:42 GMT+0800 (China Standard Time)

The error simply states: "Test failed, error: Invalid version response:" when clicking the "Test connection" button in the IDA labeless configuration dialog.

I did see an older version of the binary installed in ida and removed that. That didn't work though.

I also tested by installing the latest version on a fresh machine with no prior labeless installed. In this case, it worked as expected, no issues noticed.

So i went back to my non-working VM and i cannot find any references to old versions of labeless anywhere. python, ida, x64. Also, all of these show to be using the 1.1.2.65 version.

I tried syncing labels even though the invalid version response error shows and that seems to be working. So, it'd be cool to figure out why that invalid version shows up when hitting the test connection button, but not enough for me to re-setup my analysis vm. If you end up thinking of any other places to look to remove the older versions of labeless please let me know.

a1ext · Answer 7 · Tue Jul 10 2018 04:37:06 GMT+0800 (China Standard Time)

Hi @MalPunch3r I created the Discord channel, you could reach me faster there and we could quicker solve the issue.

a1ext · Answer 8 · Tue Jul 10 2018 04:46:03 GMT+0800 (China Standard Time)

Hi @MalPunch3r
If you have an old version in IDA you have to copy corresponding plugins to IDA plugins directory, make sure you point to the right location of the IDA in case you have more than one copy.

In case the older version is on your VM then to point out labeless python module location do the following:

open in IDA some IDB, run x64dbg in your VM, put right IP address and port of the machine to the Labeless settings and save
then open the Remote Python Execution view:
put print ll in the right box (right one will be executed in the debugger) and press Run button:
in a second, you will see something like the following:

Eric L · Answer 9 · Tue Jul 10 2018 08:29:42 GMT+0800 (China Standard Time)

So i took a step back and tried to see if it was IDA or x64dbg. I ended up removing other plugins to see if that was it. The problem seems to be having x64dbgpy and labeless both installed in x64dbg. After removing x64dbgpy the test connection with labeless works.

However, even then, when i run the test you mentioned above to run the remote python, i don't get any data back. Just looks like this. Not sure if that's an issue or not. The Test Connection is still successful now though.

request #10

request #9

a1ext · Answer 10 · Wed Jul 11 2018 04:04:05 GMT+0800 (China Standard Time)

It will be solved soon, I've already made a PR to the x64dbgpy and currently waiting when it is merged. I'll update you.

a1ext · Answer 11 · Wed Jul 11 2018 05:38:14 GMT+0800 (China Standard Time)

Done, @MalPunch3r bring the latest x64dbgpy from here https://ci.appveyor.com/project/mrexodia/x64dbg-python/build/artifacts and install it into your x64dbg.
Let me know it this won't fix the issue.

Eric L · Answer 12 · Thu Jul 12 2018 01:43:42 GMT+0800 (China Standard Time)

It's working great now. Thanks for getting this resolved so quickly!