qiling
qiling copied to clipboard
qilingframework
Issue running UEFI hello world
*Describe the bug Running a UEFI hello world binary with qltool fails:
$ qltool run -f hello_x64.efi --rootfs .
[=] Located heap at 0x78000000
[=] Located stack at 0x77fffff0
[=] Global tables:
[=] | gST 0x78000000
[=] | gBS 0x78000078
[=] | gRT 0x780001f0
[=] | gDS 0x78000278
[=]
[=] Initializing EFI_BOOT_SERVICES
[=] | RaiseTPL 0x78000090
[=] | RestoreTPL 0x78000098
[=] | AllocatePages 0x780000a0
[=] | FreePages 0x780000a8
[=] | GetMemoryMap 0x780000b0
[=] | AllocatePool 0x780000b8
[=] | FreePool 0x780000c0
[=] | CreateEvent 0x780000c8
[=] | SetTimer 0x780000d0
[=] | WaitForEvent 0x780000d8
[=] | SignalEvent 0x780000e0
[=] | CloseEvent 0x780000e8
[=] | CheckEvent 0x780000f0
[=] | InstallProtocolInterface 0x780000f8
[=] | ReinstallProtocolInterface 0x78000100
[=] | UninstallProtocolInterface 0x78000108
[=] | HandleProtocol 0x78000110
[=] | RegisterProtocolNotify 0x78000120
[=] | LocateHandle 0x78000128
[=] | LocateDevicePath 0x78000130
[=] | InstallConfigurationTable 0x78000138
[=] | LoadImage 0x78000140
[=] | StartImage 0x78000148
[=] | Exit 0x78000150
[=] | UnloadImage 0x78000158
[=] | ExitBootServices 0x78000160
[=] | GetNextMonotonicCount 0x78000168
[=] | Stall 0x78000170
[=] | SetWatchdogTimer 0x78000178
[=] | ConnectController 0x78000180
[=] | DisconnectController 0x78000188
[=] | OpenProtocol 0x78000190
[=] | CloseProtocol 0x78000198
[=] | OpenProtocolInformation 0x780001a0
[=] | ProtocolsPerHandle 0x780001a8
[=] | LocateHandleBuffer 0x780001b0
[=] | LocateProtocol 0x780001b8
[=] | InstallMultipleProtocolInterfaces 0x780001c0
[=] | UninstallMultipleProtocolInterfaces 0x780001c8
[=] | CalculateCrc32 0x780001d0
[=] | CopyMem 0x780001d8
[=] | SetMem 0x780001e0
[=] | CreateEventEx 0x780001e8
[=]
[=] Initializing EFI_RUNTIME_SERVICES
[=] | GetTime 0x78000208
[=] | SetTime 0x78000210
[=] | GetWakeupTime 0x78000218
[=] | SetWakeupTime 0x78000220
[=] | SetVirtualAddressMap 0x78000228
[=] | ConvertPointer 0x78000230
[=] | GetVariable 0x78000238
[=] | GetNextVariableName 0x78000240
[=] | SetVariable 0x78000248
[=] | GetNextHighMonotonicCount 0x78000250
[=] | ResetSystem 0x78000258
[=] | UpdateCapsule 0x78000260
[=] | QueryCapsuleCapabilities 0x78000268
[=] | QueryVariableInfo 0x78000270
[=]
[=] Initializing EFI_DXE_SERVICES
[=] | AddMemorySpace 0x78000290
[=] | AllocateMemorySpace 0x78000298
[=] | FreeMemorySpace 0x780002a0
[=] | RemoveMemorySpace 0x780002a8
[=] | GetMemorySpaceDescriptor 0x780002b0
[=] | SetMemorySpaceAttributes 0x780002b8
[=] | GetMemorySpaceMap 0x780002c0
[=] | AddIoSpace 0x780002c8
[=] | AllocateIoSpace 0x780002d0
[=] | FreeIoSpace 0x780002d8
[=] | RemoveIoSpace 0x780002e0
[=] | GetIoSpaceDescriptor 0x780002e8
[=] | GetIoSpaceMap 0x780002f0
[=] | Dispatch 0x780002f8
[=] | Schedule 0x78000300
[=] | Trust 0x78000308
[=] | ProcessFirmwareVolume 0x78000310
[=] | SetMemorySpaceCapabilities 0x78000318
[=]
[=] Initializing EFI_SMM_ACCESS2_PROTOCOL
[=] | Open 0x78040000
[=] | Close 0x78040008
[=] | Lock 0x78040010
[=] | GetCapabilities 0x78040018
[=]
[=] Initializing EFI_SMM_BASE2_PROTOCOL
[=] | InSmm 0x78040028
[=] | GetSmstLocation 0x78040030
[=]
[=] Located SMM heap at 0x7a000000
[=] Initializing EFI_RUNTIME_SERVICES
[=] | GetTime 0x7a000108
[=] | SetTime 0x7a000110
[=] | GetWakeupTime 0x7a000118
[=] | SetWakeupTime 0x7a000120
[=] | SetVirtualAddressMap 0x7a000128
[=] | ConvertPointer 0x7a000130
[=] | GetVariable 0x7a000138
[=] | GetNextVariableName 0x7a000140
[=] | SetVariable 0x7a000148
[=] | GetNextHighMonotonicCount 0x7a000150
[=] | ResetSystem 0x7a000158
[=] | UpdateCapsule 0x7a000160
[=] | QueryCapsuleCapabilities 0x7a000168
[=] | QueryVariableInfo 0x7a000170
[=]
[=] Initializing EFI_SMM_SYSTEM_TABLE2
[=] | SmmInstallConfigurationTable 0x7a000028
[=] | SmmAllocatePool 0x7a000050
[=] | SmmFreePool 0x7a000058
[=] | SmmAllocatePages 0x7a000060
[=] | SmmFreePages 0x7a000068
[=] | SmmStartupThisAp 0x7a000070
[=] | SmmInstallProtocolInterface 0x7a0000a8
[=] | SmmUninstallProtocolInterface 0x7a0000b0
[=] | SmmHandleProtocol 0x7a0000b8
[=] | SmmRegisterProtocolNotify 0x7a0000c0
[=] | SmmLocateHandle 0x7a0000c8
[=] | SmmLocateProtocol 0x7a0000d0
[=] | SmiManage 0x7a0000d8
[=] | SmiHandlerRegister 0x7a0000e0
[=] | SmiHandlerUnRegister 0x7a0000e8
[=]
[=] Initializing EFI_SMM_CPU_PROTOCOL
[=] | SmmReadSaveState 0x7a040000
[=] | SmmWriteSaveState 0x7a040008
[=]
[=] Initializing EFI_SMM_SW_DISPATCH2_PROTOCOL
[=] | Register 0x7a040010
[=] | UnRegister 0x7a040018
[=]
[=] Module hello_x64.efi loaded to 0x140000000
[=] Module entry point at 0x140001000
[=] Initializing EFI_LOADED_IMAGE_PROTOCOL
[=]
[=] Done with loading hello_x64.efi
[=] Running from 0x140001000 of hello_x64.efi
[x] CPU Context:
[x] rax = 0000000000000000, eax = 00000000, ax = 0000, ah = 00, al = 00
[x] rbx = 0000000000000000, ebx = 00000000, bx = 0000, bh = 00, bl = 00
[x] rcx = 0000000140000000, ecx = 40000000, cx = 0000, ch = 00, cl = 00
[x] rdx = 0000000078000000, edx = 78000000, dx = 0000, dh = 00, dl = 00
[x] rsi = 0000000000000000, esi = 00000000, si = 0000
[x] rdi = 0000000000000000, edi = 00000000, di = 0000
[x] rsp = 0000000077ffff90, esp = 77ffff90, sp = ff90
[x] rbp = 0000000077fffff0, ebp = 77fffff0, bp = fff0
[x] rip = 0000000140001000, eip = 40001000, ip = 1000
[x]
[x] r8 = 0000000000000000, r8d = 00000000, r8w = 0000, r8b = 00
[x] r9 = 0000000000000000, r9d = 00000000, r9w = 0000, r9b = 00
[x] r10 = 0000000000000000, r10d = 00000000, r10w = 0000, r10b = 00
[x] r11 = 0000000000000000, r11d = 00000000, r11w = 0000, r11b = 00
[x] r12 = 0000000000000000, r12d = 00000000, r12w = 0000, r12b = 00
[x] r13 = 0000000000000000, r13d = 00000000, r13w = 0000, r13b = 00
[x] r14 = 0000000000000000, r14d = 00000000, r14w = 0000, r14b = 00
[x] r15 = 0000000000000000, r15d = 00000000, r15w = 0000, r15b = 00
[x]
[x] cs = 0000
[x] ds = 0000
[x] es = 0000
[x] fs = 0000
[x] gs = 0000
[x] ss = 0000
[x]
[x] Hexdump:
[x] 140001000 : 48 83 ec 58 48 89 54 24 50 48 89 4c 24 48 48 8b
[x] 140001010 : 44 24 50 48 89 05 d6 ab 00 00 48 8b 05 cf ab 00
[x] 140001020 : 00 48 8b 40 40 48 8b 40 30 48 8b 0d c0 ab 00 00
[x] 140001030 : 48 8b 49 40 ff d0 48 8b 0d b3 ab 00 00 48 8b 49
[x] 140001040 :
[x]
[x] Disassembly:
[x] 140001000 : 4883ec58 sub rsp, 0x58
[x] 140001004 : 4889542450 mov qword ptr [rsp + 0x50], rdx
[x] 140001009 : 48894c2448 mov qword ptr [rsp + 0x48], rcx
[x] 14000100e : 488b442450 mov rax, qword ptr [rsp + 0x50]
[x] 140001013 : 488905d6ab0000 mov qword ptr [rip + 0xabd6], rax
[x] 14000101a : 488b05cfab0000 mov rax, qword ptr [rip + 0xabcf]
[x] 140001021 : 488b4040 mov rax, qword ptr [rax + 0x40]
[x] 140001025 : 488b4030 mov rax, qword ptr [rax + 0x30]
[x]
[x] PC = 0x140001000 (hello_x64.efi + 0x1000)
[x] Memory map:
[=] [+] Start End Perm. Path
[=] [+] 77800000 - 78000000 - rwx [mapped]
[=] [+] 78000000 - 78040000 - rwx [heap]
[=] [+] 78040000 - 78041000 - rwx [heap]
[=] [+] 7a000000 - 7a040000 - rwx [heap]
[=] [+] 7a040000 - 7a041000 - rwx [heap]
[=] [+] fd000000 - fe000000 - rwx [mapped]
[=] [+] 140000000 - 140015000 - rwx [module] (hello_x64.efi)
Traceback (most recent call last):
File "/home/foo/.local/bin/qltool", line 300, in <module>
ql.run(timeout=timeout)
File "/home/foo/.local/lib/python3.7/site-packages/qiling/core.py", line 756, in run
self.os.run()
File "/home/foo/.local/lib/python3.7/site-packages/qiling/os/uefi/uefi.py", line 151, in run
self.ql.emu_start(self.ql.loader.entry_point, self.exit_point, self.ql.timeout, self.ql.count)
File "/home/foo/.local/lib/python3.7/site-packages/qiling/core.py", line 897, in emu_start
self.uc.emu_start(begin, end, timeout, count)
File "/home/foo/.local/lib/python3.7/site-packages/unicorn/unicorn.py", line 318, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
Sample Code
#include <efi.h>
#include <efilib.h>
EFI_STATUS EFIAPI efi_main(EFI_HANDLE ImageHandle, EFI_SYSTEM_TABLE *SystemTable) {
ST = SystemTable;
ST->ConOut->ClearScreen(ST->ConOut);
ST->ConOut->OutputString(ST->ConOut, L"Hello World\n");
ST->ConIn->Reset(ST->ConIn, FALSE);
EFI_INPUT_KEY Key;
while(ST->ConIn->ReadKeyStroke(ST->ConIn, &Key) == EFI_NOT_READY) {
}
return EFI_SUCCESS;
}
Compile this with GNU-EFI.
Expected behavior It to run without error.
ConOut and ConIn are not implemented at the moment.
Could you attach the executable here please?
Will you be able to try the latest version of Qiling and see if you still face same issue. There is lots of rework since 2021. Feel free to open a new issue if you have any similar problem.
Will you be able to try the latest version of Qiling and see if you still face same issue. There is lots of rework since 2021. Feel free to open a new issue if you have any similar problem.
@xwings The latest version of qiling still doesn't seem to implement ConOut and ConIn
Is here any progress on this? What are the necessary steps to hook up ConIn/ConOut emulation?
No, there wasn't any progress on this.. The short answer is that we don't currently support UEFI Shell Applications, only DXE and SMM drivers. I could give it a try, but it would really help you could provide a few compiled samples with their source code.