Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARM64 MACOS flag mapping error #1491

Open
90n20 opened this issue Aug 20, 2024 · 2 comments
Open

ARM64 MACOS flag mapping error #1491

90n20 opened this issue Aug 20, 2024 · 2 comments

Comments

@90n20
Copy link

90n20 commented Aug 20, 2024
edited
Loading

Hi all,

I am getting a crash, trying to emulate a linux x86-64 ELF in a MAC m1 (Sonoma 14.6.1), related to flags mappings not defined for the underlaying SO/Host:

[+] 	Profile: default
[+] 	Mapping GDT at 0x30000 with limit 0x1000
[+] 	Mapped 0x555555554000-0x555555555000
[+] 	Mapped 0x555555555000-0x555555556000
[+] 	Mapped 0x555555556000-0x555555557000
[+] 	Mapped 0x555555557000-0x555555559000
[+] 	mem_start : 0x555555554000
[+] 	mem_end   : 0x555555559000
[+] 	Interpreter path: /lib64/ld-linux-x86-64.so.2
[+] 	Interpreter addr: 0x7ffff7dd5000
[+] 	Mapped 0x7ffff7dd5000-0x7ffff7dfc000
[+] 	Mapped 0x7ffff7ffc000-0x7ffff7fff000
[+] 	mmap_address is : 0x7fffb7dd6000
[+] 	rel name b'_ITM_deregisterTMCloneTable'
[+] 	rel name b'__libc_start_main'
[+] 	rel name b'__gmon_start__'
[+] 	rel name b'_ITM_registerTMCloneTable'
[+] 	rel name b'__cxa_finalize'
[+] 	rel name b'getenv'
[+] 	rel name b'strcpy'
[+] 	rel name b'puts'
[+] 	rel name b'__stack_chk_fail'
[+] 	rel name b'strcmp'
[+] 	rel name b'ptrace'
[+] 	rel name b'strcat'
[+] 	rel name b'exit'
[+] 	0x00007ffff7df0ec7: brk(inp = 0x0) = 0x55555555b000
[+] 	0x00007ffff7df2015: uname(buf = 0x7ffffffff9c0) = 0x0
[+] 	access("/etc/ld.so.nohwcap", 00) = -2
[+] 	0x00007ffff7de47dc: access(path = 0x7ffff7df6082, mode = 0x0) = -0x2 (ENOENT)
[+] 	access("/etc/ld.so.preload", 04) = -2
[+] 	0x00007ffff7df1e25: access(path = 0x7ffff7df8dd0, mode = 0x4) = -0x2 (ENOENT)
[x] 	Syscall ERROR: ql_syscall_openat DEBUG: flags were not defined for hosting ARM64 MACOS

Traceback:

File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/posix.py", line 213, in load_syscall
    retval = syscall_hook(self.ql, *params)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/syscall/fcntl.py", line 62, in ql_syscall_openat
    regreturn = absvpath if isinstance(absvpath, int) else __do_open(ql, absvpath, flags, mode)
                                                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/syscall/fcntl.py", line 31, in __do_open
    flags = ql_open_flag_mapping(ql, flags)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/const_mapping.py", line 98, in ql_open_flag_mapping
    raise NotImplementedError(f'flags were not defined for hosting {archtype.name} {ostype.name}')
NotImplementedError: flags were not defined for hosting ARM64 MACOS
Traceback (most recent call last):
  File "/Users/90n20/Projects/CTF/ine.py", line 14, in <module>
    ql.run()
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/core.py", line 588, in run
    self.os.run()
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/linux/linux.py", line 178, in run
    self.ql.emu_start(self.ql.loader.entry_point, entry_address, self.ql.timeout)
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/core.py", line 768, in emu_start
    raise self.internal_exception
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/core_hooks.py", line 141, in wrapper
    return callback(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/core_hooks.py", line 204, in _hook_insn_cb
    ret = hook.call(ql, *hook_args)
          ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/core_hooks_types.py", line 25, in call
    return self.callback(ql, *args)
           ^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/linux/linux.py", line 138, in hook_syscall
    return self.load_syscall()
           ^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/posix.py", line 231, in load_syscall
    raise e
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/posix.py", line 213, in load_syscall
    retval = syscall_hook(self.ql, *params)
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/syscall/fcntl.py", line 62, in ql_syscall_openat
    regreturn = absvpath if isinstance(absvpath, int) else __do_open(ql, absvpath, flags, mode)
                                                           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/syscall/fcntl.py", line 31, in __do_open
    flags = ql_open_flag_mapping(ql, flags)
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/90n20/Tools/qilingenv/lib/python3.12/site-packages/qiling/os/posix/const_mapping.py", line 98, in ql_open_flag_mapping
    raise NotImplementedError(f'flags were not defined for hosting {archtype.name} {ostype.name}')
NotImplementedError: flags were not defined for hosting ARM64 MACOS

Any thoughts or ideas to solve this?
@elicn elicn mentioned this issue Oct 7, 2024
Closed
@noopoo
Copy link

noopoo commented Dec 4, 2024

assuming that arm and x86 macOS using the same open flag, add this code to const.py:

class macos_arm_open_flags(QlPrettyFlag):
    O_RDONLY    = 0x000000
    O_WRONLY    = 0x000001
    O_RDWR      = 0x000002
    O_NONBLOCK  = 0x000004
    O_APPEND    = 0x000008
    O_ASYNC     = 0x000040
    O_SYNC      = 0x000080
    O_NOFOLLOW  = 0x000100
    O_CREAT     = 0x000200
    O_TRUNC     = 0x000400
    O_EXCL      = 0x000800
    O_NOCTTY    = 0x020000
    O_DIRECTORY = 0x100000
    O_BINARY    = None
    O_LARGEFILE = None

and add macos_arm_open_flags to const_mapping.py :

QL_OS.MACOS: {
            QL_ARCH.X86:   macos_x86_open_flags,
            QL_ARCH.X8664: macos_x86_open_flags,
            QL_ARCH.ARM: macos_arm_open_flags,         <------------- add this line
            QL_ARCH.ARM64: macos_arm_open_flags,         <------------- add this line
        }

this works for me

@90n20
Copy link
Author

90n20 commented Jan 22, 2025

assuming that arm and x86 macOS using the same open flag, add this code to const.py:

class macos_arm_open_flags(QlPrettyFlag):
O_RDONLY = 0x000000
O_WRONLY = 0x000001
O_RDWR = 0x000002
O_NONBLOCK = 0x000004
O_APPEND = 0x000008
O_ASYNC = 0x000040
O_SYNC = 0x000080
O_NOFOLLOW = 0x000100
O_CREAT = 0x000200
O_TRUNC = 0x000400
O_EXCL = 0x000800
O_NOCTTY = 0x020000
O_DIRECTORY = 0x100000
O_BINARY = None
O_LARGEFILE = None
and add macos_arm_open_flags to const_mapping.py :

QL_OS.MACOS: {
QL_ARCH.X86: macos_x86_open_flags,
QL_ARCH.X8664: macos_x86_open_flags,
QL_ARCH.ARM: macos_arm_open_flags, <------------- add this line
QL_ARCH.ARM64: macos_arm_open_flags, <------------- add this line
}
this works for me

Worked like a charm, good catch!!

do you consider to create a PR to fix/patch this @noopoo ? If not I could try to handle that giving credits to you ofc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@noopoo @90n20