Giters

cea-sec / miasm

Reverse engineering framework in Python

Home Page:https://miasm.re/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

lsl - undefined symbol: load_segment_limit_ok

Summus-31c04089c3cd80 opened this issue · comments

commented

Hello,
Trying to emulate something that may have been an executable code (shellcode) resulted in an unhandled error :
undefined symbol: load_segment_limit_ok

"\x64\xA1\x30\x00\x00\x00\x8B\x50\x0C\x8B\x42\x1C\x8B\x00\x8B\x40\x08\x01\x00\x09\x00\x6A\x0A\x99\x59\xF7\xF9\x80\xC2\x30\x0F\x03\x47\x65\x74\x50"

0:  64 a1 30 00 00 00       mov    eax,fs:0x30
6:  8b 50 0c                mov    edx,DWORD PTR [eax+0xc]
9:  8b 42 1c                mov    eax,DWORD PTR [edx+0x1c]
c:  8b 00                   mov    eax,DWORD PTR [eax]
e:  8b 40 08                mov    eax,DWORD PTR [eax+0x8]
11: 01 00                   add    DWORD PTR [eax],eax
13: 09 00                   or     DWORD PTR [eax],eax
15: 6a 0a                   push   0xa
17: 99                      cdq
18: 59                      pop    ecx
19: f7 f9                   idiv   ecx
1b: 80 c2 30                add    dl,0x30
1e: 0f 03 47 65             lsl    eax,WORD PTR [edi+0x65]
22: 74 50                   je     0x74

OSError: /tmp/miasm_cache/77282c23a695637ac30ba837d098439a.cpython-37m-x86_64-linux-gnu.so: undefined symbol: load_segment_limit_ok

It seems to relate to lsl instruction since it's the only use of load_segment_limit_ok variable :

miasm/miasm/arch/x86/sem.py

Line 3672 in ea5abb5

e.append(m2_expr.ExprAssign(zf, m2_expr.ExprOp('load_segment_limit_ok', src)))

Reproduced on master using the Dockefile provided, with gcc engine :

cd /opt/miasm/example/jitter
echo -ne "\x64\xA1\x30\x00\x00\x00\x8B\x50\x0C\x8B\x42\x1C\x8B\x00\x8B\x40\x08\x01\x00\x09\x00\x6A\x0A\x99\x59\xF7\xF9\x80\xC2\x30\x0F\x03\x47\x65\x74\x50" > test_lsl
python3 x86_32.py error 

Traceback (most recent call last):
  File "x86_32.py", line 34, in <module>
    myjit.run(run_addr)
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitload.py", line 449, in run
    return self.continue_run()
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitload.py", line 430, in continue_run
    return next(self.run_iterator)
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitload.py", line 398, in runiter_once
    self.pc = self.run_at(self.pc)
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitload.py", line 353, in run_at
    set(self.breakpoints_handler.callbacks)
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitcore.py", line 184, in run_at
    cur_block = self.disasm_and_jit_block(offset, cpu.vmmngr)
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitcore.py", line 161, in disasm_and_jit_block
    self.add_block(cur_block)
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitcore_gcc.py", line 133, in add_block
    self.load_code(block.loc_key, fname_out)
  File "/usr/local/lib/python3.7/dist-packages/miasm/jitter/jitcore_gcc.py", line 37, in load_code
    lib = ctypes.cdll.LoadLibrary(fname_so)
  File "/usr/lib/python3.7/ctypes/__init__.py", line 434, in LoadLibrary
    return self._dlltype(name)
  File "/usr/lib/python3.7/ctypes/__init__.py", line 356, in __init__
    self._handle = _dlopen(self._name, mode)
OSError: /tmp/miasm_cache/77282c23a695637ac30ba837d098439a.cpython-37m-x86_64-linux-gnu.so: undefined symbol: load_segment_limit_ok
commented

Hey @Summus-31c04089c3cd80
Yes, it seems we have completely forgotten to implement it in the jitter part...