Ghidra: ELFLoader: Multiple uncaught exceptions
Describe the bug
Multiple Uncaught Exceptions
To Reproduce
Steps to reproduce the behavior:
- Get Melkor : https://github.com/IOActive/Melkor_ELF_Fuzzer
- generate bins based on foo_dlopen
- drag and drop to your project for (batch)
- or run in debug mode and attach it to IntelliJ IDEA
Expected behavior
Handled Exceptions
Screenshots
If applicable, add screenshots to help explain your problem.
ADDRESS OVERFLOW/AddressOutOfBoundsException
Environment (please complete the following information):
Batch Import Task - Uncaught Exception: ghidra.program.model.address.AddressOutOfBoundsException: Address Overflow in subtract: .interp::00100238 - 0x238
ghidra.program.model.address.AddressOutOfBoundsException: Address Overflow in subtract: .interp::00100238 - 0x238
at ghidra.program.model.address.AbstractAddressSpace.add(AbstractAddressSpace.java:493)
at ghidra.program.model.address.OverlayAddressSpace.add(OverlayAddressSpace.java:18)
at ghidra.program.model.address.GenericAddress.add(GenericAddress.java:237)
at ghidra.app.util.opinion.MemorySectionResolver.reconcileSectionRangeOverlap(MemorySectionResolver.java:602)
at ghidra.app.util.opinion.MemorySectionResolver.allocateSectionMemory(MemorySectionResolver.java:500)
at ghidra.app.util.opinion.MemorySectionResolver.resolveSectionMemory(MemorySectionResolver.java:271)
at ghidra.app.util.opinion.MemorySectionResolver.resolve(MemorySectionResolver.java:252)
at ghidra.app.util.opinion.ElfProgramBuilder.load(ElfProgramBuilder.java:128)
at ghidra.app.util.opinion.ElfProgramBuilder.loadElf(ElfProgramBuilder.java:107)
at ghidra.app.util.opinion.ElfLoader.load(ElfLoader.java:153)
at ghidra.app.util.opinion.AbstractLibrarySupportLoader.doLoad(AbstractLibrarySupportLoader.java:346)
at ghidra.app.util.opinion.AbstractLibrarySupportLoader.loadProgram(AbstractLibrarySupportLoader.java:83)
at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:114)
at ghidra.plugins.importer.tasks.ImportBatchTask.doImportApp(ImportBatchTask.java:149)
at ghidra.plugins.importer.tasks.ImportBatchTask.doImportBatchGroup(ImportBatchTask.java:127)
at ghidra.plugins.importer.tasks.ImportBatchTask.doBatchImport(ImportBatchTask.java:116)
at ghidra.plugins.importer.tasks.ImportBatchTask.run(ImportBatchTask.java:91)
at ghidra.util.task.Task.monitoredRun(Task.java:128)
at ghidra.util.task.TaskLauncher.lambda$startBackgroundThread$2(TaskLauncher.java:315)
at java.base/java.lang.Thread.run(Thread.java:834)
NullPointer EXCEPTION
Error importing file: orc_0013
java.lang.NullPointerException
at ghidra.program.database.mem.MemoryMapDB.getBlock(MemoryMapDB.java:278)
at ghidra.app.util.opinion.MemorySectionResolver.getUniqueSectionChunkName(MemorySectionResolver.java:136)
at ghidra.app.util.opinion.MemorySectionResolver.processSectionRanges(MemorySectionResolver.java:337)
at ghidra.app.util.opinion.MemorySectionResolver.resolveSectionMemory(MemorySectionResolver.java:275)
at ghidra.app.util.opinion.MemorySectionResolver.resolve(MemorySectionResolver.java:252)
at ghidra.app.util.opinion.ElfProgramBuilder.load(ElfProgramBuilder.java:128)
at ghidra.app.util.opinion.ElfProgramBuilder.loadElf(ElfProgramBuilder.java:107)
at ghidra.app.util.opinion.ElfLoader.load(ElfLoader.java:153)
at ghidra.app.util.opinion.AbstractLibrarySupportLoader.doLoad(AbstractLibrarySupportLoader.java:346)
at ghidra.app.util.opinion.AbstractLibrarySupportLoader.loadProgram(AbstractLibrarySupportLoader.java:83)
at ghidra.app.util.opinion.AbstractProgramLoader.load(AbstractProgramLoader.java:114)
at ghidra.plugin.importer.ImporterUtilities.doSingleImport(ImporterUtilities.java:360)
at ghidra.plugin.importer.ImporterDialog.lambda$okCallback$6(ImporterDialog.java:363)
at ghidra.util.task.TaskLauncher$1.run(TaskLauncher.java:93)
at ghidra.util.task.Task.monitoredRun(Task.java:128)
at ghidra.util.task.TaskLauncher.lambda$startBackgroundThread$2(TaskLauncher.java:315)
at java.base/java.lang.Thread.run(Thread.java:834)
Build Date: 2019-Feb-28 1236 EST
Ghidra Version: 9.0
Java Home: /usr/lib/jvm/java-11-openjdk-amd64
JVM Version: Oracle Corporation 11.0.1
OS: Linux 4.18.0-15-generic amd64
Workstation: goldleaf
Additional context
Release the code !!!!!
ehabhussein
All 10 comments
The code is in the release in the lib folder of the modules.
WasserEsser
on 6 Mar 2019
@WasserEsser where is the code, you say?
joxeankoret
on 6 Mar 2019
@joxeankoret Looks like all (see below) the source code is stored in zip archives in the form */lib/*-src.zip
$ find . -name "*-src.zip"
./GPL/DMG/data/lib/hfsexplorer-0_21-src.zip
./Ghidra/Processors/PIC/lib/PIC-src.zip
./Ghidra/Processors/PowerPC/lib/PowerPC-src.zip
./Ghidra/Processors/Toy/lib/Toy-src.zip
./Ghidra/Processors/JVM/lib/JVM-src.zip
./Ghidra/Processors/ARM/lib/ARM-src.zip
./Ghidra/Processors/MIPS/lib/MIPS-src.zip
./Ghidra/Processors/Sparc/lib/Sparc-src.zip
./Ghidra/Processors/68000/lib/68000-src.zip
./Ghidra/Processors/Atmel/lib/Atmel-src.zip
./Ghidra/Processors/AARCH64/lib/AARCH64-src.zip
./Ghidra/Processors/x86/lib/x86-src.zip
./Ghidra/Processors/DATA/lib/DATA-src.zip
./Ghidra/Features/Recognizers/lib/Recognizers-src.zip
./Ghidra/Features/SourceCodeLookup/lib/SourceCodeLookup-src.zip
./Ghidra/Features/FileFormats/lib/FileFormats-src.zip
./Ghidra/Features/FunctionID/lib/FunctionID-src.zip
./Ghidra/Features/MicrosoftDemangler/lib/MicrosoftDemangler-src.zip
./Ghidra/Features/GnuDemangler/lib/GnuDemangler-src.zip
./Ghidra/Features/DebugUtils/lib/DebugUtils-src.zip
./Ghidra/Features/Decompiler/lib/Decompiler-src.zip
./Ghidra/Features/Base/lib/Base-src.zip
./Ghidra/Features/FunctionGraphDecompilerExtension/lib/FunctionGraphDecompilerExtension-src.zip
./Ghidra/Features/FunctionGraph/lib/FunctionGraph-src.zip
./Ghidra/Features/PDB/lib/PDB-src.zip
./Ghidra/Features/MicrosoftDmang/lib/MicrosoftDmang-src.zip
./Ghidra/Features/ByteViewer/lib/ByteViewer-src.zip
./Ghidra/Features/GhidraServer/lib/GhidraServer-src.zip
./Ghidra/Features/BytePatterns/lib/BytePatterns-src.zip
./Ghidra/Features/VersionTracking/lib/VersionTracking-src.zip
./Ghidra/Features/GraphFunctionCalls/lib/GraphFunctionCalls-src.zip
./Ghidra/Features/DecompilerDependent/lib/DecompilerDependent-src.zip
./Ghidra/Features/MicrosoftCodeAnalyzer/lib/MicrosoftCodeAnalyzer-src.zip
./Ghidra/Features/ProgramDiff/lib/ProgramDiff-src.zip
./Ghidra/Features/Python/lib/Python-src.zip
./Ghidra/Framework/Help/lib/Help-src.zip
./Ghidra/Framework/Utility/lib/Utility-src.zip
./Ghidra/Framework/Generic/lib/Generic-src.zip
./Ghidra/Framework/Project/lib/Project-src.zip
./Ghidra/Framework/Docking/lib/Docking-src.zip
./Ghidra/Framework/SoftwareModeling/lib/SoftwareModeling-src.zip
./Ghidra/Framework/Graph/lib/Graph-src.zip
./Ghidra/Framework/Demangler/lib/Demangler-src.zip
./Ghidra/Framework/FileSystem/lib/FileSystem-src.zip
./Ghidra/Framework/DB/lib/DB-src.zip
Also, keep in mind this taken from the FAQ:
Where is the complete Ghidra source code?
This repository is a placeholder for the full open source release. Be assured efforts are under way to make the software available here. In the meantime, enjoy using Ghidra on your SRE efforts, developing your own scripts and plugins, and perusing the over a million lines of Java and Sleigh code released within the initial public release. The release can be downloaded from our project homepage at www.ghidra-sre.org. Please consider taking a look at our contributor guide to see how you can participate in this open source project when it becomes available.
https://github.com/NationalSecurityAgency/ghidra/issues/29 is related
schieb
on 6 Mar 2019
Thank you!
joxeankoret
on 6 Mar 2019
@joxeankoret Here my repository (https://github.com/kant2002/Ghidra) which may simplify building fixes. This is essentially src.zip files unpacked with Maven build script bolted on
kant2002
on 14 Mar 2019
@ehabhussein what kind of executable do you apply Melkor to? I try both melkor itself and gcc, with no luck to reproduce the issue.
Commands which I use to generate binaries
./melkor /usr/bin/gcc templates/foo_dlopen
./melkor ./melkor templates/foo_dlopen
@kant2002 i uploaded the binary to https://uploadfiles.io/dm9w5 this will throw the exception
ehabhussein
on 24 Mar 2019
@ehabhussein Thanks, I able to reproduce, and make small test for the case you are experiencing. I may not finish fix immediately, but at least somebody could play with it.
During running test following output produced, if this is gives somebody clue. Interesting what's all these "Failed to read Elf String" means.
Elf symbol table section .dynsym linked to string table section .dynstr
Elf symbol table section .symtab linked to string table section .strtab
Failed to read Elf String at offset 0x1 within String Table at offset 0x2048
Failed to read Elf String at offset 0xc within String Table at offset 0x2048
Failed to read Elf String at offset 0xe within String Table at offset 0x2048
Failed to read Elf String at offset 0x21 within String Table at offset 0x2048
Failed to read Elf String at offset 0x37 within String Table at offset 0x2048
Failed to read Elf String at offset 0x46 within String Table at offset 0x2048
Failed to read Elf String at offset 0x6d within String Table at offset 0x2048
Failed to read Elf String at offset 0x79 within String Table at offset 0x2048
Failed to read Elf String at offset 0x98 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1 within String Table at offset 0x2048
Failed to read Elf String at offset 0xa5 within String Table at offset 0x2048
Failed to read Elf String at offset 0xb3 within String Table at offset 0x2048
Failed to read Elf String at offset 0xc4 within String Table at offset 0x2048
Failed to read Elf String at offset 0xcd within String Table at offset 0x2048
Failed to read Elf String at offset 0xe0 within String Table at offset 0x2048
Failed to read Elf String at offset 0xf3 within String Table at offset 0x2048
Failed to read Elf String at offset 0x109 within String Table at offset 0x2048
Failed to read Elf String at offset 0x119 within String Table at offset 0x2048
Failed to read Elf String at offset 0x135 within String Table at offset 0x2048
Failed to read Elf String at offset 0x196 within String Table at offset 0x2048
Failed to read Elf String at offset 0x149 within String Table at offset 0x2048
Failed to read Elf String at offset 0x15b within String Table at offset 0x2048
Failed to read Elf String at offset 0x113 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1a2 within String Table at offset 0x2048
Failed to read Elf String at offset 0x162 within String Table at offset 0x2048
Failed to read Elf String at offset 0x175 within String Table at offset 0x2048
Failed to read Elf String at offset 0x194 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1a1 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1b6 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1c5 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1d2 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1e1 within String Table at offset 0x2048
Failed to read Elf String at offset 0x1f5 within String Table at offset 0x2048
Failed to read Elf String at offset 0x205 within String Table at offset 0x2048
Failed to read Elf String at offset 0xbf within String Table at offset 0x2048
Failed to read Elf String at offset 0x19a within String Table at offset 0x2048
Failed to read Elf String at offset 0x219 within String Table at offset 0x2048
Failed to read Elf String at offset 0x22e within String Table at offset 0x2048
Failed to read Elf String at offset 0x23a within String Table at offset 0x2048
Failed to read Elf String at offset 0x23f within String Table at offset 0x2048
Failed to read Elf String at offset 0x251 within String Table at offset 0x2048
Failed to read Elf String at offset 0x25d within String Table at offset 0x2048
Failed to read Elf String at offset 0x277 within String Table at offset 0x2048
Failed to read Elf String at offset 0x28a within String Table at offset 0x2048
Failed to read Elf String at offset 0x1ff within String Table at offset 0x2048
Failed to read Elf String at offset 0x2a6 within String Table at offset 0x2048
Failed to read Elf String at offset 0x2bb within String Table at offset 0x2048
Elf relocation table section .rela.dyn linked to symbol table section .dynsym affecting PT_LOAD
Elf relocation table section .rela.plt linked to symbol table section .dynsym affecting .got
Loading block .comment at 00000000 from file offset 4112
Loading block .data at 00201000 from file offset 4096
Loading block .got at 4000ef47 from file offset 3952
Loading block .dynamic at 00200d70 from file offset 3440
Loading block .fini_array at 00200d68 from file offset 3432
Loading block .init_array at 00200d60 from file offset 3424
Loading block .eh_frame_hdr at 717969a7 from file offset 2980
Loading block .rodata at ffffffffcccccccc from file offset 2912
Loading block .fini at 00000b54 from file offset 2900
Loading block null at 00000860 from file offset 2144
I think I make it. at least for NPE exception.
@ehabhussein if you could provide binaries for
ADDRESS OVERFLOW/AddressOutOfBoundsException
Environment (please complete the following information):
Batch Import Task - Uncaught Exception: ghidra.program.model.address.AddressOutOfBoundsException: Address Overflow in subtract: .interp::00100238 - 0x238
ghidra.program.model.address.AddressOutOfBoundsException: Address Overflow in subtract: .interp::00100238 - 0x238
Maybe that would be "fixed" in a sense that you could apply patch yourself, or compile modified version from my repository.
kant2002
on 24 Mar 2019
@kant2002 https://ufile.io/w5plr
ehabhussein
on 25 Mar 2019
Related issues
astrelsky
路
3Comments
Merculous
路
3Comments
loudinthecloud
路
3Comments
chibicitiberiu
路
3Comments
tambry
路
3Comments
Most helpful comment
@joxeankoret Looks like
all(see below) the source code is stored in zip archives in the form*/lib/*-src.zipAlso, keep in mind this taken from the FAQ:
Where is the complete Ghidra source code?
This repository is a placeholder for the full open source release. Be assured efforts are under way to make the software available here. In the meantime, enjoy using Ghidra on your SRE efforts, developing your own scripts and plugins, and perusing the over a million lines of Java and Sleigh code released within the initial public release. The release can be downloaded from our project homepage at www.ghidra-sre.org. Please consider taking a look at our contributor guide to see how you can participate in this open source project when it becomes available.
https://github.com/NationalSecurityAgency/ghidra/issues/29 is related