keensecuritylab / binabsinspector Goto Github PK
View Code? Open in Web Editor NEWBinAbsInspector: Vulnerability Scanner for Binaries
License: GNU General Public License v3.0
BinAbsInspector: Vulnerability Scanner for Binaries
License: GNU General Public License v3.0
Hey, when i'm trying to execute binabsinspector in headless mode with parameters
"@@ -all -entry 0x180006c64 -K 50 -callStringK 3 -timeout -1 -Z3Timeout 1000"
I got a error:
Exception in thread "main" ghidra.util.exception.InvalidInputException: Bad argument: -entry
➜ build git:(master) ✗ sudo make install
[sudo] password for w0lfzhang:
Z3 was successfully installed.
BinAbsInspector.java> Running...
BinAbsInspector.java> Cannot detect z3 solver library, please check your z3 solver installation or disable z3 solver in configuration.
BinAbsInspector.java> Finished!
您好,我使用docker方式进行搭建这个程序,在分析一个elf文件的时候出现这种错误,请问大佬如何解决
docker run -v $(pwd):/data/workspace bai "@@<script parameters>" -import test
openjdk version "11.0.11" 2021-04-20
OpenJDK Runtime Environment AdoptOpenJDK-11.0.11+9 (build 11.0.11+9)
OpenJDK 64-Bit Server VM AdoptOpenJDK-11.0.11+9 (build 11.0.11+9, mixed mode)
INFO Using log config file: jar:file:/opt/ghidra/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)
INFO Using log file: /root/.ghidra/.ghidra_10.1.2_PUBLIC/application.log (LoggingInitialization)
INFO Loading user preferences: /root/.ghidra/.ghidra_10.1.2_PUBLIC/preferences (Preferences)
INFO Class search complete (1304 ms) (ClassSearcher)
INFO Initializing SSL Context (SSLContextInitializer)
INFO Initializing Random Number Generator... (SecureRandomFactory)
INFO Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)
INFO Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)
Exception in thread "main" ghidra.util.exception.InvalidInputException: /data/workspace/BinAbsInspector/test is not a valid directory or file.
at ghidra.app.util.headless.AnalyzeHeadless.parseOptions(AnalyzeHeadless.java:212)
at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:113)
at ghidra.GhidraLauncher.launch(GhidraLauncher.java:59)
at ghidra.Ghidra.main(Ghidra.java:47)
I have downloaded z3-4.8.17-x86-win.zip and unziped it.And set the PATH environment to z3-4.8.17-x86-win\bin .But BinAbsInspector.java still tell me :Cannot detect z3 solver library, please check your z3 solver installation or disable z3 solver in configuration. How could I install z3 solver?
严格按照安装指导书进行安装,启动工具失败,报错如下:
java.lang.StackOverflowError
at com.bai.solver.CFG.visit(CFG.java:80)
at com.bai.solver.CFG.visit(CFG.java:84)
at com.bai.solver.CFG.visit(CFG.java:84)
Build Date: 2022-Jan-25 1526 EST
Ghidra Version: 10.1.2
Java Home: C:\Program Files\Eclipse Adoptium\jdk-11.0.14.101-hotspot
JVM Version: Eclipse Adoptium 11.0.14.1
OS: Windows 10 10.0 amd64
LAB_001695f8 XREF[2]: 001695b0(j), 00169684(j)
001695f8 73 52 4b b9 ldr w19,[x19, #0xb50]=>PTR_002cfb50 = 00000000
001695fc e0 03 14 2a mov w0,w20
00169600 a2 8f 40 b9 ldr w2,[x29, #local_4]
00169604 61 02 40 b9 ldr w1,[x19] CWE476: Null pointer dereference
这里报空指针异常,应该是指[X19]寄存器里面的内容吧,实际上它是在w19中被赋值了的。
The following error occurred when I build Dockerfile. 😥
149250K .......... .......... .......... .......... .......... 43% 97.3K 13m18s
149300K .......... .......... .......... .......... .......... 43% 192K 13m18s
149350K .......... .......... .......... .......... .......... 43% 192K 13m18s
149400K .......... .......... .......... .......... .......... 43% 187K 13m18s
149450K .......... .......... .......... .......... .......... 43% 191K 13m17s
149500K .......... .......... .......... .......... .......... 43% 94.4K 13m18s
149550K .......... .......... .......... .......... .......... 43% 201K 13m17s
149600K .......... .......... .......... .......... .......... 43% 200K 13m17s
(Download ...)
2022-05-06 01:09:44 (239 KB/s) - Connection closed at byte 153387008. Retrying.
Connecting to objects.githubusercontent.com (objects.githubusercontent.com)|185.199.108.133|:443... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Username/Password Authentication Failed.
The command '/bin/sh -c wget https://github.com/NationalSecurityAgency/ghidra/releases/download/${GHIDRA_RELEASE_TAG}/${GHIDRA_BUILD}.zip && unzip -d ghidra ${GHIDRA_BUILD}.zip && rm ${GHIDRA_BUILD}.zip && mv ghidra/ghidra_* /opt/ghidra' returned a non-zero code: 6
I don't know why this error persists
processConstraints()中只传入了inOutEnv,当conditionVarnode是tmp变量时,无法从inOutEnv中获取相应的值集。或许应该把tmpEnv传进函数,然后调用KSet conditionKSet = getKSet(conditionVarnode,inOutEnv,tmpEnv,pcode);?
使用dockerfile 构建镜像后,能否给一个使用该镜像进行分析的使用例子
My command is : analyzeHeadless ./bai bai_2022_09_09 -import ./test2 -postScript BinAbsInspector "@@ -all"
And i get the error followed:
root@3893d60a101e:/bai# analyzeHeadless ./bai bai_2022_09_09 -import ./test2 -postScript BinAbsInspector "@@ -all"
openjdk version "17.0.4.1" 2022-08-12
OpenJDK Runtime Environment Temurin-17.0.4.1+1 (build 17.0.4.1+1)
OpenJDK 64-Bit Server VM Temurin-17.0.4.1+1 (build 17.0.4.1+1, mixed mode)
INFO Using log config file: jar:file:/bai/ghidra_10.1.2_PUBLIC/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)
INFO Using log file: /root/.ghidra/.ghidra_10.1.2_PUBLIC/application.log (LoggingInitialization)
INFO Loading user preferences: /root/.ghidra/.ghidra_10.1.2_PUBLIC/preferences (Preferences)
INFO Loading previous preferences: /root/.ghidra/.ghidra_10.1.5_PUBLIC/preferences (Preferences)
INFO Class search complete (1497 ms) (ClassSearcher)
INFO Initializing SSL Context (SSLContextInitializer)
INFO Initializing Random Number Generator... (SecureRandomFactory)
INFO Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)
INFO Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)
INFO HEADLESS Script Paths:
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/MicrosoftCodeAnalyzer/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/Base/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Processors/DATA/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/FileFormats/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Debug/Debugger/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Processors/PIC/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Debug/Debugger-agent-dbgmodel-traceloader/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/Python/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/BytePatterns/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Extensions/BinAbsInspector/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/Decompiler/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Processors/8051/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/FunctionID/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/VersionTracking/ghidra_scripts
/bai/ghidra_10.1.2_PUBLIC/Ghidra/Features/GnuDemangler/ghidra_scripts (HeadlessAnalyzer)
ERROR REPORT SCRIPT ERROR: BinAbsInspector : Missing plugin needed to run scripts of this type. Please ensure you have installed the necessary plugin. (HeadlessAnalyzer)
ERROR Abort due to Headless analyzer error: Invalid script: BinAbsInspector (HeadlessAnalyzer) java.lang.IllegalArgumentException: Invalid script: BinAbsInspector
at ghidra.app.util.headless.HeadlessAnalyzer.checkScript(HeadlessAnalyzer.java:788)
at ghidra.app.util.headless.HeadlessAnalyzer.checkScriptsList(HeadlessAnalyzer.java:801)
at ghidra.app.util.headless.HeadlessAnalyzer.compileScripts(HeadlessAnalyzer.java:835)
at ghidra.app.util.headless.HeadlessAnalyzer.processLocal(HeadlessAnalyzer.java:408)
at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:121)
at ghidra.GhidraLauncher.launch(GhidraLauncher.java:59)
at ghidra.Ghidra.main(Ghidra.java:47)
I have tried many methods but failed in the end, could you please help me? thanks a lot
docker build报错
COPY failed: file not found in build context or excluded by .dockerignore: stat ghidra_scripts: file does not exist
这个怎么处理
Take com.bai.env.funcs.externalfuncs.GetenvFunction as an example. (External function model for char *getenv(const char *name)
)
the source is:
public void invoke(PcodeOp pcode, AbsEnv inOutEnv, AbsEnv tmpEnv, Context context, Function callFunc) {
ALoc retALoc = getReturnALoc(callFunc, false);
if (retALoc == null) {
return;
}
long taints = TaintMap.getTaints(context, callFunc);
inOutEnv.set(retALoc, KSet.getTop(taints), true);
}
context
doesn't include the current callsite of external function. So, for different callsites in the current function, TaintMap.getTaints
will return the same taint.
If I analyze this shared object:
// clang -shared -o test.so -fPIC ./test.c
char *getenv(const char *name);
int main() {
getenv("test");
getenv("aaa");
return 0;
}
and set breakpoint at GetenvFunction.invoke
, I can see the same context (main[0, 0, 0]
) and the same taints (taints = 2
) twice.
I think it should return different taints?
(by the way, I am working on a research project that heavily uses BinAbsInspector)
如题
Ghidra version:
10.1.3
JDK version:
openjdk version "11.0.15" 2022-04-19
OpenJDK Runtime Environment Temurin-11.0.15+10 (build 11.0.15+10)
OpenJDK 64-Bit Server VM Temurin-11.0.15+10 (build 11.0.15+10, mixed mode)
when I tried to install BinAbsInspector as extension , it said imcompatible:
maybe I have to use Ghidra 10.1.2 ?
I just found this work, it is really interesting and fantastic.
I have tested it on several binaries and the results are great.
But I have issues when performing on X86 object files.
I am wondering when will you support object files.
Besides, since MIPS is also a popular architecture, especially on IoT firmware, do you have any plans to support MIPS?
Thanks!
Hi, could you document some of the ideas behind BinAbsInspector, how it uses Z3?
Is there a research paper to understand this?
Super interesting!
Thanks.
Can BinAbsInspector analysis the libxxx.so or libxxx.a file? i noticed that this tool require a main fuction as the entry, can i use it to analysis a libxxx.so or libxxx.a which without main function?
thank you
在测试用例CWE78_OS_Command_Injection__char_connect_socket_system_01.out失败,经过分析发现,没有处理System调用返回值,导致在判断返回值时依据错误的rax值,导致部分路径不可达,从而未分析到漏洞路径。
sVar2 = strlen((char *)local_10);
*(undefined4 *)((longlong)local_10 + sVar2) = 0x2a2e2a;
iVar1 = system((char )local_10); 没有处理返回值,此时iVar1变量即rax是错误值
if (iVar1 != 0) {进入该分支,exit函数无返回导致分析中止,
printLine("command execution failed!");
/ WARNING: Subroutine does not return */
exit(1);
}
return;未进入该分支
建议当externalFunction没有自定义实现,且函数具有返回值时,将返回值设置为Top。
private Status invokeExternal(PcodeOp pcode, AbsEnv inOutEnv, AbsEnv tmpEnv, Function callee) {
String funcName = callee.getName();
ExternalFunctionBase externalFunction = FunctionModelManager.getExternalFunction(funcName);
if (externalFunction != null) {
Logging.debug("Invoke external function model: " + funcName);
externalFunction.invoke(pcode, inOutEnv, tmpEnv, context, callee);
} else {// change ret value
Parameter ret = callee.getReturn();
if (ret != null) {
Register retreg = ret.getRegister();
String rettype = ret.getDataType().getName();
if ((retreg != null) && (!rettype.equals("undefined"))){
ALoc retALoc = ALoc.getALoc(
Reg.getInstance(), retreg.getOffset(), GlobalState.arch.getDefaultPointerSize());
inOutEnv.set(retALoc, KSet.getTop(0), true);
}
}
}
I am using Ubuntu 22.04.1 Desktop OS and I followed the installation of BinAbsInspector strictly.
I have ghidra 10.1.2
I got the *.so files like this:
https://github.com/Z3Prover/z3/releases/download/z3-4.8.15/z3-4.8.15-x64-glibc-2.31.zip
$ unzip z3-4.8.15-x64-glibc-2.31.zip
$ cd ~/z3-4.8.15-x64-glibc-2.31/bin
$ sudo cp *.so /usr/local/lib/
I imported the ghidra_10.1.2_PUBLIC_20220420_BinAbsInspector.zip file successfully, but I get this error in ghidra:
Tis is the java environment:
$ java --version
openjdk 11.0.16 2022-07-19
OpenJDK Runtime Environment (build 11.0.16+8-post-Ubuntu-0ubuntu122.04)
OpenJDK 64-Bit Server VM (build 11.0.16+8-post-Ubuntu-0ubuntu122.04, mixed mode, sharing)
I have no idea what to do, please help!
Current getEntryFunction
implementation can only handle an ELF header, thus the extension can't locate an entry point for PE/PE+ files automatically.
The logic of analyze
function seems to be odd, as there's a generic way of locating an entry point through the analyzeFromMain
function, which isn't called at all if the executable header wasn't successfully parsed.
Another thing, that analyzeFromMain
is only trying to locate a global main
function, which isn't always present in, for example, executables created in MASM. Probably it should locate and utilize an entry
function address, if main
is not present.
ghidra version: 10.1.2
BinAbslnspector: 10.1.2
Z3 version :z3-4.8.17-x64-win
解析文件:
$ file NDynSover.exe
NDynSover.exe: PE32+ executable (console) x86-64, for MS Windows
file test.exe
test.exe: PE32+ executable (DLL) (console) x86-64, for MS Windows
file PeachValidator.exe
PeachValidator.exe: PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
这些PE文件都被报错如下:
BinAbsInspector.java> Running...
BinAbsInspector.java> [INFO] Preparing the program
BinAbsInspector.java> Unsupported file format.
BinAbsInspector.java> Cannot find entry function, maybe unsupported file format or corrupted header.
BinAbsInspector.java> Failed to analyze the program: no entrypoint.
BinAbsInspector.java> Finished!
BinAbsInspector.java> Running...
BinAbsInspector.java> Finished!
I have successfully run this script in my project for some time, but I can only view the problems found according to the console output.
I want to know if there is a way to export the results of script execution as a report so that other people who do not have ghidra and BinAbsInspector installed on their computers can view the problems?
Hello,
Many checks are not implemented or available for the plugin (via -all
or --check <>
).
The checker manager map has a 1:1 mapping of half of the supported checks listed on the README.
https://github.com/KeenSecurityLab/BinAbsInspector/blob/main/src/main/java/com/bai/checkers/CheckerManager.java#L10-L20
There seems to be a lot of checks that are in the MemoryCorruption bit that are tested but not exposed to the end user.
https://github.com/KeenSecurityLab/BinAbsInspector/tree/main/src/main/java/com/bai/checkers
https://github.com/KeenSecurityLab/BinAbsInspector/blob/main/src/main/java/com/bai/checkers/MemoryCorruption.java
我测试使用headless模式和GUI模式对同一个应用进行测试,但是测试结果不一样,GUI模式显示发现14个warn;headless模式有100多条这样的数据:{"timestamp":"2022-07-19T03:33:00","level":"WARN","logger":"CWE","message":"CWE787: Stack Out-of-Bound Write @ 0010f193 [ ]"}。请问这是什么原因
`FAILURE: Build failed with an exception.
Where:
Build file '/data/home/wjl/ghidra_10.1.2_PUBLIC/BinAbsInspector/build.gradle' line: 18
What went wrong:
Plugin [id: 'net.ltgt.errorprone', version: '2.0.2'] was not found in any of the following sources:
Run with --stacktrace option to get the stack trace.
Run with --info or --debug option to get more log output.
Run with --scan to get full insights.
BUILD FAILED in 323ms
`
[INFO - BinAbsInspector] Running solver on "main()" function
ERROR REPORT SCRIPT ERROR: ( /input ) /root/.ghidra/.ghidra_10.1.2_PUBLIC/Extensions/BinAbsInspector/ghidra_scripts/BinAbsInspector.java : Index 0 out of bounds for length 0 (HeadlessAnalyzer) java.lang.IndexOutOfBoundsException: Index 0 out of bounds for length 0
at java.base/jdk.internal.util.Preconditions.outOfBounds(Preconditions.java:64)
at java.base/jdk.internal.util.Preconditions.outOfBoundsCheckIndex(Preconditions.java:70)
at java.base/jdk.internal.util.Preconditions.checkIndex(Preconditions.java:248)
at java.base/java.util.Objects.checkIndex(Objects.java:372)
at java.base/java.util.ArrayList.get(ArrayList.java:459)
at com.bai.env.Context.prepareMainAbsEnv(Context.java:215)
at com.bai.env.Context.initContext(Context.java:275)
at com.bai.solver.InterSolver.run(InterSolver.java:32)
at BinAbsInspector.analyzeFromMain(BinAbsInspector.java:52)
at BinAbsInspector.analyze(BinAbsInspector.java:86)
at BinAbsInspector.run(BinAbsInspector.java:153)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:379)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:234)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:212)
at ghidra.app.util.headless.HeadlessAnalyzer.runScript(HeadlessAnalyzer.java:576)
at ghidra.app.util.headless.HeadlessAnalyzer.runScriptsList(HeadlessAnalyzer.java:909)
at ghidra.app.util.headless.HeadlessAnalyzer.analyzeProgram(HeadlessAnalyzer.java:1057)
at ghidra.app.util.headless.HeadlessAnalyzer.processFileWithImport(HeadlessAnalyzer.java:1550)
at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1688)
at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1753)
at ghidra.app.util.headless.HeadlessAnalyzer.processLocal(HeadlessAnalyzer.java:445)
at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:121)
at ghidra.GhidraLauncher.launch(GhidraLauncher.java:59)
at ghidra.Ghidra.main(Ghidra.java:47)
INFO ANALYZING changes made by post scripts: /input (HeadlessAnalyzer)
INFO REPORT: Post-analysis succeeded for file: /input (HeadlessAnalyzer)
INFO REPORT: Save succeeded for file: /input (HeadlessAnalyzer)
Context.prepareMainAbsEnv
throw exception where there is no function called "_start", we should adjust this logic.
bbgp.zip
Don't know why, I meet this error:
INFO REPORT: Analysis succeeded for file: /test3 (HeadlessAnalyzer)
INFO SCRIPT: /bai/ghidra_10.1.2_PUBLIC/Ghidra/Extensions/BinAbsInspector/ghidra_scripts/BinAbsInspector.java (HeadlessAnalyzer)
Loaded config: Config{z3TimeOut=1000, isDebug=false, isOutputJson=true, K=50, callStringK=3, checkers=[CWE676, CWE78, CWE467, CWE426, CWE134, CWE190, CWE367], entryAddress='null', timeout=-1, isEnableZ3=t
rue, z3Tactics=[], externalMapPath=null}
2022-09-13 17:43:33,156 main ERROR Invalid URL jar:file:/bai/ghidra_10.1.2_PUBLIC/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml java.net.MalformedURLException: Unknown protocol: jar
at java.base/java.net.URL.<init>(URL.java:708)
at java.base/java.net.URL.fromURI(URL.java:748)
at java.base/java.net.URI.toURL(URI.java:1139)
at org.apache.logging.log4j.core.config.ConfigurationSource.fromUri(ConfigurationSource.java:330)
at org.apache.logging.log4j.core.config.ConfigurationFactory$Factory.getConfiguration(ConfigurationFactory.java:505)
at org.apache.logging.log4j.core.config.ConfigurationFactory$Factory.getConfiguration(ConfigurationFactory.java:498)
at org.apache.logging.log4j.core.config.ConfigurationFactory$Factory.getConfiguration(ConfigurationFactory.java:422)
at org.apache.logging.log4j.core.config.ConfigurationFactory.getConfiguration(ConfigurationFactory.java:323)
at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:695)
at org.apache.logging.log4j.core.LoggerContext.reconfigure(LoggerContext.java:716)
at org.apache.logging.log4j.core.LoggerContext.start(LoggerContext.java:270)
at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:245)
at org.apache.logging.log4j.core.impl.Log4jContextFactory.getContext(Log4jContextFactory.java:47)
at org.apache.logging.log4j.LogManager.getContext(LogManager.java:176)
at com.bai.util.Logging.init(Logging.java:46)
at BinAbsInspector.run(BinAbsInspector.java:132)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:379)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:234)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:212)
at ghidra.app.util.headless.HeadlessAnalyzer.runScript(HeadlessAnalyzer.java:576)
at ghidra.app.util.headless.HeadlessAnalyzer.runScriptsList(HeadlessAnalyzer.java:909)
at ghidra.app.util.headless.HeadlessAnalyzer.analyzeProgram(HeadlessAnalyzer.java:1057)
at ghidra.app.util.headless.HeadlessAnalyzer.processFileNoImport(HeadlessAnalyzer.java:1146)
at ghidra.app.util.headless.HeadlessAnalyzer.processFolderNoImport(HeadlessAnalyzer.java:1313)
at ghidra.app.util.headless.HeadlessAnalyzer.processNoImport(HeadlessAnalyzer.java:1342)
at ghidra.app.util.headless.HeadlessAnalyzer.processLocal(HeadlessAnalyzer.java:442)
at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:121)
at ghidra.GhidraLauncher.launch(GhidraLauncher.java:59)
at ghidra.Ghidra.main(Ghidra.java:47) Caused by: java.lang.IllegalStateException: Unknown protocol: jar
at org.apache.felix.framework.URLHandlersStreamHandlerProxy.parseURL(URLHandlersStreamHandlerProxy.java:373)
at java.base/java.net.URL.<init>(URL.java:703)
And I solved this following the guide:
https://test.ocom.vn/?url=github.com/NationalSecurityAgency/ghidra/issues/3355
Hope someone else meets this problem could solve this quickly(Although I spend two days on it :( )
this line has a error in function getVarArgsSignature
DataTypeSymbol symbol = HighFunctionDBUtil.readOverride(symbols[0]);
log:
[INFO - BinAbsInspector] Running solver on "entry()" function
ERROR REPORT SCRIPT ERROR: ( /bin/ls ) /root/.ghidra/.ghidra_10.1.2_PUBLIC/Extensions/BinAbsInspector/ghidra_scripts/BinAbsInspector.java : Expected CODE symbol (HeadlessAnalyzer) java.lang.IllegalArgumentException: Expected CODE symbol
at ghidra.program.model.pcode.DataTypeSymbol.readSymbol(DataTypeSymbol.java:128)
at ghidra.program.model.pcode.HighFunctionDBUtil.readOverride(HighFunctionDBUtil.java:704)
at com.bai.env.funcs.externalfuncs.VarArgsFunctionBase.getVarArgsSignature(VarArgsFunctionBase.java:157)
at com.bai.checkers.MemoryCorruption.checkExternalCallParameters(MemoryCorruption.java:284)
at com.bai.solver.PcodeVisitor.visit_CALL(PcodeVisitor.java:684)
at com.bai.solver.PcodeVisitor.visit(PcodeVisitor.java:1334)
at com.bai.solver.PcodeVisitor.visit(PcodeVisitor.java:1466)
at com.bai.env.Context.loop(Context.java:304)
at com.bai.env.Context.mainLoop(Context.java:463)
at com.bai.solver.InterSolver.run(InterSolver.java:35)
at BinAbsInspector.analyze(BinAbsInspector.java:95)
at BinAbsInspector.run(BinAbsInspector.java:152)
at ghidra.app.script.GhidraScript.executeNormal(GhidraScript.java:379)
at ghidra.app.script.GhidraScript.doExecute(GhidraScript.java:234)
at ghidra.app.script.GhidraScript.execute(GhidraScript.java:212)
at ghidra.app.util.headless.HeadlessAnalyzer.runScript(HeadlessAnalyzer.java:576)
at ghidra.app.util.headless.HeadlessAnalyzer.runScriptsList(HeadlessAnalyzer.java:909)
at ghidra.app.util.headless.HeadlessAnalyzer.analyzeProgram(HeadlessAnalyzer.java:1057)
at ghidra.app.util.headless.HeadlessAnalyzer.processFileWithImport(HeadlessAnalyzer.java:1550)
at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1688)
at ghidra.app.util.headless.HeadlessAnalyzer.processWithImport(HeadlessAnalyzer.java:1753)
at ghidra.app.util.headless.HeadlessAnalyzer.processLocal(HeadlessAnalyzer.java:445)
at ghidra.app.util.headless.AnalyzeHeadless.launch(AnalyzeHeadless.java:121)
at ghidra.GhidraLauncher.launch(GhidraLauncher.java:59)
at ghidra.Ghidra.main(Ghidra.java:47)
startup command:
analyzeHeadless ~ tmp "-deleteProject" "-overwrite" "-postScript" "BinAbsInspector.java" "@@-all" -import /bin/ls
I tried using BinAbsInspector on MacOS, but got the following error:
BinAbsInspector.java> Cannot detect z3 solver library, please check your z3 solver installation or disable z3 solver in configuration
But I have successfully installed Z3 using the command: brew install z3, and I can find the z3 library in /usr/local/lib.
I don't know where I went wrong. Could you give me some advice?
please add sysprintf syscall in CWE78 checking process
Ubuntu 20.04, Docker 20.10.14
$ docker build . -t BinAbsInspector
invalid argument "BinAbsInspector" for "-t, --tag" flag: invalid reference format: repository name must be lowercase
See 'docker build --help'.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.