bingrep is reported as a lib

Question

bingrep is reported as a lib

lilianmoraru opened this issue 7 years ago · comments

Lilian Anatolie Moraru commented 7 years ago

Running bingrep on bingrep, says that it is a lib:

is_lib: true

While unrelated to this issue, I would also like to note that Soname prints Some("lib") when it is a lib.
Maybe it would be better to match on that value and present the name of the lib directly.

m4b · Answer 1 · Mon Jun 12 2017 16:16:17 GMT+0800 (China Standard Time)

Hi @lilianmoraru thanks for the bug report ! :)

Are you on OSX (and can you paste debug output with -d)?

There's a hack in OSX for dylibs, as reexports index 0 (iirc) as a sort of Self, so you have to extend the libraries vector with Self as 0; the soname printing "lib" is a bug probably relating to this hack.

If you're on linux/unix I suspect it prints is_lib for self because rust compiles binaries as position independent executables by default, which are technically dynamic libraries. Would have to add some kind of heuristic to check whether it's a PIE or real dynamic lib; checking if soname is empty maybe, would have to look into it.

Lilian Anatolie Moraru · Answer 2 · Mon Jun 12 2017 18:10:05 GMT+0800 (China Standard Time)

@m4b I am on Linux.
I guess you don't need the debug output, because it seems that you know which problem it is.

m4b · Answer 3 · Tue Jun 13 2017 05:22:39 GMT+0800 (China Standard Time)

If your running bingrep on ELF dylib and it's printing Some("lib") for soname then that's def a bug tho :/ can you paste the output here just in case?

Lilian Anatolie Moraru · Answer 4 · Tue Jun 13 2017 08:02:13 GMT+0800 (China Standard Time)

uname -a:

Linux lilian-neon 4.11.4-xanmod7 #1 SMP Mon Jun 12 10:26:32 EEST 2017 x86_64 x86_64 x86_64 GNU/Linux

Gist doesn't want to present many lines and GitHub doesn't accept the attachment for some reason...
Uncompressed, 2.0 MB(.txt): https://drive.google.com/open?id=0B36L1TDvAttnMkpOTVJiUFZtNHM
Compressed, 143.7 KB(tar.xz): https://drive.google.com/open?id=0B36L1TDvAttneVV0R3RUWFQ3Z0U

Soname is at the line 16059.

readelf -h on the same library:

ELF Header:
  Magic:   7f 45 4c 46 02 01 01 03 00 00 00 00 00 00 00 00 
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - GNU
  ABI Version:                       0
  Type:                              DYN (Shared object file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0xc6220
  Start of program headers:          64 (bytes into file)
  Start of section headers:          5930040 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         7
  Size of section headers:           64 (bytes)
  Number of section headers:         29
  Section header string table index: 28

Lilian Anatolie Moraru · Answer 5 · Tue Jun 13 2017 08:08:13 GMT+0800 (China Standard Time)

I am thinking now that my Some("lib") might be confusing.
By Some("lib") I mean Soname: Some("[the lib name here]")

m4b · Answer 6 · Tue Jun 13 2017 09:09:07 GMT+0800 (China Standard Time)

Ohhhhh haha yea I thought it was printing Some("lib") 😆 that would def be a bug! The some printing is also a bug, should be an easy fix, just haven't had time. PRs welcome :)

m4b · Answer 7 · Wed Nov 08 2017 15:01:33 GMT+0800 (China Standard Time)

This is actually fixed now, not sure which version, but latest (0.4.1) no longer prints Some("libc.so.6") and just instead prints libc.so.6, etc.