Default armeb_hello_static doesn't work

[hardik05]

*Describe the bug I am trying to run "examples/rootfs/armeb_linux/bin/armeb_hello_static" with following command on latest qiling-dev version 1.4.2 qltool run --rootfs examples/rootfs/armeb_linux -f examples/rootfs/armeb_linux/bin/armeb_hello_static

but its giving error: unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)

Following is the output

[x]     CPU Context:
[x]     r0      : 0x0
[x]     r1      : 0x0
[x]     r2      : 0x0
[x]     r3      : 0x0
[x]     r4      : 0x1f47d400
[x]     r5      : 0x0
[x]     r6      : 0x0
[x]     r7      : 0xf007d1f5
[x]     r8      : 0x0
[x]     r9      : 0x0
[x]     r10     : 0x0
[x]     r11     : 0x0
[x]     r12     : 0x0
[x]     sp      : 0x7ff3ced0
[x]     lr      : 0x0
[x]     pc      : 0x10824
[x]     f0      : 0x0
[x]     f1      : 0x0
[x]     f2      : 0x0
[x]     f3      : 0x0
[x]     f4      : 0x0
[x]     f5      : 0x0
[x]     f6      : 0x0
[x]     f7      : 0x0
[x]     fps     : 0x0
[x]     cpsr    : 0x1f3
[x]     c1_c0_2 : 0x0
[x]     c13_c0_3        : 0x0
[x]     fpexc   : 0x40000000
[x]     Hexdump:
[x]     4f f0 00 0b 4f f0 00 0e
[x]     Disassembly:
[=]     00010824 [armeb_hello_static   + 0x000824]  4f f0 00 0b 4f f0 00 0e 02 bc 6a 46 04 b4 01 b4 df f8 10 c0 4d f8 04 cd 03 48 04 4b 00 f0 8a f8 03 f0 d4 fc 00 01 0f 1d 00 01 09 39 00 01 0e 9d 14 30 9f e5 14 20 9f e5 03 30 8f e0 02 20 93 e7mov.w                fp, #0
> mov.w                lr, #0
> pop                  {r1}
> mov                  r2, sp
> push                 {r2}
> push                 {r0}
> ldr.w                ip, [pc, #0x10]
> str                  ip, [sp, #-0x4]!
> ldr                  r0, [pc, #0xc]
> ldr                  r3, [pc, #0x10]
> bl                   #0x10958
> bl                   #0x141f0
> lsls                 r0, r0, #4
> adds                 r7, r1, #4
> lsls                 r0, r0, #4
> subs                 r1, #9
> lsls                 r0, r0, #4
> ldr                  r5, [sp, #0x38]
> adds                 r0, #0x14
> b                    #0x10398
> movs                 r0, #0x14
> b                    #0x1039c
> adds                 r0, #3
> b                    #0x10980
> movs                 r0, #2
> b                    #0x1078c
[x]     PC = 0x00010824 (examples/rootfs/armeb_linux/bin/armeb_hello_static + 0x10824)

[=]     Memory map:
[=]     Start      End        Perm    Label          Image
[=]     00010000 - 0006c000   r-x     examples/rootfs/armeb_linux/bin/armeb_hello_static   examples/rootfs/armeb_linux/bin/armeb_hello_static
[=]     0007b000 - 0007e000   rw-     examples/rootfs/armeb_linux/bin/armeb_hello_static   examples/rootfs/armeb_linux/bin/armeb_hello_static
[=]     0007e000 - 00080000   rwx     [hook_mem]
[=]     7ff0d000 - 7ff3d000   rwx     [stack]
[=]     ffff0000 - ffff1000   rwx     [arm_tls]
Traceback (most recent call last):
  File "/usr/local/bin/qltool", line 256, in <module>
    ql.run(timeout=options.timeout)
  File "/usr/local/lib/python3.9/dist-packages/qiling/core.py", line 728, in run
    self.os.run()
  File "/usr/local/lib/python3.9/dist-packages/qiling/os/linux/linux.py", line 149, in run
    self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
  File "/usr/local/lib/python3.9/dist-packages/qiling/core.py", line 879, in emu_start
    self.uc.emu_start(begin, end, timeout, count)
  File "/home/kali/.local/lib/python3.9/site-packages/unicorn/unicorn.py", line 465, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)

why is that?

Expected behavior It should work properly without the error?

[elicn]

Interesting.. I rolled back Qiling dev branch to end of 2020 and it still crashes at the same location. Since it is less likely for Qiling to have a broken example for that long, I suspect it might be Unicorn 2 which got upgraded just recently.

Could you please tell what is your Unicorn version?

• on Linux: pip3 list | grep unicorn
• on Windows: pip3 list | FindStr /C:"unicorn"

[hardik05]

using kali linux. following are the version details: unicorn 2.0.0rc5.post1 unicornafl 1.0.3

[wtdcode]

Confirmed it's a Unicorn bug. Would have a fix ASAP.

[hardik05]

Thanks. Does it break any other example or functionality??

[wtdcode]

Thanks. Does it break any other example or functionality??

I think no? We have CI tests for most examples and test cases, maybe we could add this one to CI too.

[hardik05]

getting error with examples/rootfs/x8664_linux/bin/x8664_hello as well: command qltool run -f examples/rootfs/x8664_linux/bin/x8664_hello --gdb 127.0.0.1:9999 --rootfs examples/rootfs/x8664_linux steps:

1. launch gdb and then connect to gdbserver
2. target remote 127.0.0.1:9999
3. type si

Traceback (most recent call last):
  File "/usr/local/bin/qltool", line 256, in <module>
    ql.run(timeout=options.timeout)
  File "/usr/local/lib/python3.9/dist-packages/qiling/core.py", line 732, in run
    self._debugger.run()
  File "/usr/local/lib/python3.9/dist-packages/qiling/debugger/gdb/gdb.py", line 764, in run
    commands[cmd](subcmd)
  File "/usr/local/lib/python3.9/dist-packages/qiling/debugger/gdb/gdb.py", line 679, in handle_v
    handle_s(subcmd)
  File "/usr/local/lib/python3.9/dist-packages/qiling/debugger/gdb/gdb.py", line 693, in handle_s
    self.gdb.resume_emu()
  File "/usr/local/lib/python3.9/dist-packages/qiling/debugger/gdb/utils.py", line 113, in resume_emu
    self.ql.emu_start(self.current_address, self.exit_point)
  File "/usr/local/lib/python3.9/dist-packages/qiling/core.py", line 879, in emu_start
    self.uc.emu_start(begin, end, timeout, count)
  File "/home/kali/.local/lib/python3.9/site-packages/unicorn/unicorn.py", line 465, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Write to write-protected memory (UC_ERR_WRITE_PROT)

trying latest dev version now..

[xwings]

Close for now.

We updated the codebase for Qiling and Unicorn since this issue being posted.

Feel free to try the latest version.