Comments (8)
TL;DR
I can reproduce your situation by running
s2e new_project --image debian-9.2.1-x86_64 ~/s2e/source/CRAXplusplus/proxies/sym_stdin/sym_stdin
The above command will generate a new version of bootstrap.sh.
However, if you run my setup.sh
(from CRAX++ repo), that new version of bootstrap.sh will be replaced with mine, which is an old version.
If you're using debian-9.2.1-x86_64
, then edit ~/s2e/projects/sym_stdin/bootstrap.sh:
- COMMON_TOOLS="s2ecmd s2eget s2eput"
+ COMMON_TOOLS="s2ecmd"
Run ./launch-crax.sh
. I tried it and it worked.
Full story:
About a month ago, S2E upstream removed s2eget
and s2ecmd
, and replaced them with s2ecmd get|put
. See: S2E/s2e@d021305.
Intuitively, I thought that we could just run s2e new_project
again and edit the new version of ~/s2e/projects/sym_stdin/bootstrap.sh
However, if you're using the old s2e images (i.e. debian-9.2.1-x86_64), the gueset VM doesn't contain the new version of s2ecmd
, so if you replace s2eget
with s2ecmd get
, it won't work.
However, the old s2e images still have s2eget
and s2eput
inside! So back to your question, what caused this?
5 [State 0] Terminating state: State was terminated by opcode
message: "Could not get s2eget from the host. Make sure that guest tools are installed properly."
status: 0x0
I traced ~/s2e/projects/sym_stdin/bootstrap.sh
and found the culprit:
for TOOL in ${COMMON_TOOLS}; do
${OUR_S2EGET} ${TARGET_TOOLS_ROOT}/${TOOL}
if [ ! -f ${TOOL} ]; then
${OUR_S2ECMD} kill 0 "Could not get ${TOOL} from the host. Make sure that guest tools are installed properly."
exit 1
fi
chmod +x ${TOOL}
done
COMMON_TOOLS="s2ecmd s2eget s2eput"
This boostrap.sh will be run inside the guest, and it executes s2eget
to download s2ecmd, s2eget and s2eput. If s2eget
is already inside the guest filesystem, I'm not sure why it needs to run s2eget
to download itself again ?_?
So I tried to edit ~/s2e/projects/sym_stdin/bootstrap.sh:
- COMMON_TOOLS="s2ecmd s2eget s2eput"
+ COMMON_TOOLS="s2ecmd"
Then I run ./launch-crax.sh
and it works again.
I'm sorry if you feel annoyed, but S2E is actually the most stable platform I've seen. It just requires a little patience to trace code and fix these slight problems.
from craxplusplus.
It does work now!
21 [State 0] CRAX: Switching to direct mode...
21 [State 0] CRAX: Generated exploit script: exploit_0.py
21 [State 0] Terminating state: End of exploit generation
All states were terminated
qemu-system-x86_64: terminating on signal 15 from pid 14465 (/home/fuzz/s2e/install/bin/qemu-system-x86_64)
s2e-block: dirty sectors on close:336
Terminating node id 0 (instance slot 0)
Thank you!
from craxplusplus.
Can you show me the output of these commands:
ls -la ~/s2e/projects/sym_stdin/guest-tools64
ls -la ~/s2e/install/bin | grep guest
ls -la ~/s2e/install/bin/guest-tools64/s2eget
Here's mine:
[S2E:s2e] (venv)
/home/aesophor/s2e/projects/sym_stdin [aesophor@aesophor-vm] [19:30]
> ll ~/s2e/projects/sym_stdin/guest-tools64
lrwxrwxrwx 1 aesophor aesophor 44 Jan 21 2022 /home/aesophor/s2e/projects/sym_stdin/guest-tools64 -> /home/aesophor/s2e/install/bin/guest-tools64
[S2E:s2e] (venv)
/home/aesophor/s2e/projects/sym_stdin [aesophor@aesophor-vm] [19:30]
> ll ~/s2e/install/bin | grep guest
drwxr-xr-x 3 aesophor aesophor 4.0K Aug 29 19:28 guest-tools32
drwxr-xr-x 3 aesophor aesophor 4.0K Aug 29 19:28 guest-tools64
[S2E:s2e] (venv)
/home/aesophor/s2e/projects/sym_stdin [aesophor@aesophor-vm] [19:32]
> ll ~/s2e/install/bin/guest-tools64/s2eget
-rwxr-xr-x 1 aesophor aesophor 23K May 5 05:49 /home/aesophor/s2e/install/bin/guest-tools64/s2eget
It seems that s2eget
isn't there, but a symlink should be created automatically by s2e new_project
. The real binary is at ~/s2e/install/bin/guest-tools64/s2eget
.
It the binary itself isn't there, could you please show me the output of s2e build
?
from craxplusplus.
[S2E:s2e] (venv) fuzz@ubuntu:~/s2e/source/CRAXplusplus$ ls -la ~/s2e/projects/sym_stdin/guest-tools64
lrwxrwxrwx 1 fuzz fuzz 40 Aug 29 02:07 /home/fuzz/s2e/projects/sym_stdin/guest-tools64 -> /home/fuzz/s2e/install/bin/guest-tools64
[S2E:s2e] (venv) fuzz@ubuntu:~/s2e/source/CRAXplusplus$ ls -la ~/s2e/install/bin | grep guest
drwxr-xr-x 3 fuzz fuzz 4096 Aug 28 20:06 guest-tools32
drwxr-xr-x 3 fuzz fuzz 4096 Aug 28 20:06 guest-tools64
[S2E:s2e] (venv) fuzz@ubuntu:~/s2e/source/CRAXplusplus$ ls -la ~/s2e/install/bin/guest-tools64/s2eget
ls: cannot access '/home/fuzz/s2e/install/bin/guest-tools64/s2eget': No such file or directory
[S2E:s2e] (venv) fuzz@ubuntu:~/s2e/source/CRAXplusplus$ cd ~/s2e/install/bin/guest-tools64/
[S2E:s2e] (venv) fuzz@ubuntu:~/s2e/install/bin/guest-tools64$ ls
cgccmd drvctl.exe include launch.sh libs2e32.dll libs2e64.dll s2e-bios.bin s2ecmd s2ecmd.exe s2e.inf s2e.so s2e.sys tickler.exe
from craxplusplus.
What's the output of s2e build
?
from craxplusplus.
$ s2e build
INFO: [build] Building S2E (release) in /home/fuzz/s2e/build
make: Entering directory '/home/fuzz/s2e/build'
INFO: [sh.command] <Command '/usr/bin/make --directory=/home/fuzz/s2e/build --file=/home/fuzz/s2e/source/Makefile install', pid 11793>: process started
echo /home/fuzz/s2e/install/bin/guest-tools32/s2e.sys /home/fuzz/s2e/install/bin/guest-tools32/s2e.inf /home/fuzz/s2e/install/bin/guest-tools32/drvctl.exe /home/fuzz/s2e/install/bin/guest-tools32/libs2e32.dll /home/fuzz/s2e/install/bin/guest-tools32/tickler.exe
/home/fuzz/s2e/install/bin/guest-tools32/s2e.sys /home/fuzz/s2e/install/bin/guest-tools32/s2e.inf /home/fuzz/s2e/install/bin/guest-tools32/drvctl.exe /home/fuzz/s2e/install/bin/guest-tools32/libs2e32.dll /home/fuzz/s2e/install/bin/guest-tools32/tickler.exe
echo /home/fuzz/s2e/install/bin/guest-tools64/s2e.sys /home/fuzz/s2e/install/bin/guest-tools64/s2e.inf /home/fuzz/s2e/install/bin/guest-tools64/drvctl.exe /home/fuzz/s2e/install/bin/guest-tools64/libs2e32.dll /home/fuzz/s2e/install/bin/guest-tools64/libs2e64.dll /home/fuzz/s2e/install/bin/guest-tools64/tickler.exe
/home/fuzz/s2e/install/bin/guest-tools64/s2e.sys /home/fuzz/s2e/install/bin/guest-tools64/s2e.inf /home/fuzz/s2e/install/bin/guest-tools64/drvctl.exe /home/fuzz/s2e/install/bin/guest-tools64/libs2e32.dll /home/fuzz/s2e/install/bin/guest-tools64/libs2e64.dll /home/fuzz/s2e/install/bin/guest-tools64/tickler.exe
make -j4 -C guest-tools32 install
make[1]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[2]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[4]: Entering directory '/home/fuzz/s2e/build/guest-tools32/s2ebios'
make[4]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule.
[ 32%] Built target models_test
[ 28%] Built target glibc-compat-main
[ 39%] Built target s2ecmd
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
make[4]: Leaving directory '/home/fuzz/s2e/build/guest-tools32/s2ebios'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
[ 39%] Built target s2ebios
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
[ 71%] Built target s2e
[ 78%] Built target quicksort
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32'
[ 85%] Built target vulnerabilities
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
[ 92%] Built target maze
[100%] Built target cgccmd
make[2]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
Install the project...
-- Install configuration: ""
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/./s2e-bios.bin
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/include/s2e/s2e.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/include/s2e/opcodes.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/./s2ecmd
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/.
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/./launch.sh
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/./cgccmd
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/./s2e.so
make[1]: Leaving directory '/home/fuzz/s2e/build/guest-tools32'
make -j4 -C guest-tools64 install
make[1]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[2]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make[4]: Entering directory '/home/fuzz/s2e/build/guest-tools64/s2ebios'
make[4]: warning: jobserver unavailable: using -j1. Add '+' to parent make rule.
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make[4]: Leaving directory '/home/fuzz/s2e/build/guest-tools64/s2ebios'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
[ 7%] Built target glibc-compat-main
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
[ 28%] Built target s2ecmd
[ 39%] Built target models_test
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
[ 39%] Built target s2ebios
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
[ 71%] Built target s2e
[ 78%] Built target vulnerabilities
[ 85%] Built target quicksort
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64'
[ 92%] Built target maze
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
[100%] Built target cgccmd
make[2]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
Install the project...
-- Install configuration: ""
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/./s2e-bios.bin
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/include/s2e/s2e.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/include/s2e/opcodes.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/./s2ecmd
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/.
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/./launch.sh
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/./cgccmd
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/./s2e.so
make[1]: Leaving directory '/home/fuzz/s2e/build/guest-tools64'
make -j4 -C guest-tools32-win install
make[1]: Entering directory '/home/fuzz/s2e/build/guest-tools32-win'
make[2]: Entering directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools32-win'
[ 50%] Built target quicksort
[ 50%] Built target maze
[ 83%] Built target s2ecmd
[100%] Built target vulnerabilities
make[2]: Leaving directory '/home/fuzz/s2e/build/guest-tools32-win'
Install the project...
-- Install configuration: ""
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/include/s2e/s2e.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/include/s2e/opcodes.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools32/./s2ecmd.exe
make[1]: Leaving directory '/home/fuzz/s2e/build/guest-tools32-win'
make -j4 -C guest-tools64-win install
make[1]: Entering directory '/home/fuzz/s2e/build/guest-tools64-win'
make[2]: Entering directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Entering directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64-win'
make[3]: Leaving directory '/home/fuzz/s2e/build/guest-tools64-win'
[ 16%] Built target quicksort
[ 66%] Built target s2ecmd
[ 83%] Built target maze
[100%] Built target vulnerabilities
make[2]: Leaving directory '/home/fuzz/s2e/build/guest-tools64-win'
Install the project...
-- Install configuration: ""
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/include/s2e/s2e.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/include/s2e/opcodes.h
-- Up-to-date: /home/fuzz/s2e/install/bin/guest-tools64/./s2ecmd.exe
make[1]: Leaving directory '/home/fuzz/s2e/build/guest-tools64-win'
cp /home/fuzz/s2e/build/llvm-release/lib/LLVMgold.so /home/fuzz/s2e/install/lib
make: Leaving directory '/home/fuzz/s2e/build'
SUCCESS: [build] S2E built
from craxplusplus.
I've identified the root cause of the problem, working on it
Edit: give me a few more seconds, i'm interrupted by other matters
from craxplusplus.
That's great! Glad it works!
from craxplusplus.
Related Issues (19)
- ret2csu: handle different variants of __libc_csu_init() by parsing the binary
- 繼續跑 good !!! HOT 1
- Can not build CRAXplusplus in ubuntu20.04 HOT 3
- Missing debian-9.2.1-x86 image. HOT 10
- How to obtain Thesis HOT 1
- pybind11-dev was not found HOT 5
- crax
- ./launch-crax.sh HOT 1
- CRAX++ exits immediately after executing aslr-nx sample binary without generating an exploit HOT 3
- each technique should contain an assessment method to check whether it is viable
- Assertion `guestDataSize == m_commandSize' failed in state 0: Invalid command size 60 != 84 from pagedir=0xf3c2000 pc=0xffffffffa00020eb HOT 2
- libs2eplugins: MemoryMap: stack mapping not tracked HOT 1
- CRAX: properly handle plugin dependency
- CRAX/API: make Memory/Register API stateful
- CRAX: Add support for symbolic pointer and symbolic array index
- s2e-linux-kernel: mm/util.c:vm_mmap_pgoff(): pass image pathname to s2e
- Decouple pwnlib and pybind11 from CRAX HOT 1
- 偷跑 bad
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from craxplusplus.