Decompilation errors on 64b Windows 10 with 32b MSYS2

[boondoggler]

Setting up the ida plugin from these instructions, ida starts to run the plugin:

https://n0where.net/retargetable-machine-code-decompiler-retdec/

Referring to x64 Windows box, installed Msys32 variant (Msys64 is a dog and will not update)
Issue 1: IDA runs the plugin but fails giving errors as per below respectively

then

Issue 2: Running directly in bash gives a myriad of other errors. If I add architecture (-a) and format type (-p), I now get issue with format type "pe" not being supported.

$ decompile.sh exploit_x86.exe -a x86 -f pe

Checking if file is a Mach-O Universal static library...

RUN: /c/retdec/bin/macho-extractor --list /c/retdec/bin/exploit_x86.exe

Checking if file is an archive...

RUN: /c/retdec/bin/ar-extractor --arch-magic /c/retdec/bin/exploit_x86.exe
Not an archive, going to the next step.

Gathering file information...

RUN: /c/retdec/bin/fileinfo -c /c/retdec/bin/exploit_x86.c.json --similarity /c/retdec/bin/exploit_x86.exe --no-hashes=all --crypto /c/retdec/bin/../share/generic/yara_patterns/signsrch/signsrch.yara

Trying to unpack /c/retdec/bin/exploit_x86.exe into /c/retdec/bin/exploit_x86-unpacked.tmp by using generic unpacker...

RUN: /c/retdec/bin/unpacker -d /c/retdec/bin/unpacker-plugins -o /c/retdec/bin/exploit_x86-unpacked.tmp /c/retdec/bin/exploit_x86.exe

Unpacking by using generic unpacker: nothing to do

Trying to unpack /c/retdec/bin/exploit_x86.exe into /c/retdec/bin/exploit_x86-unpacked.tmp by using UPX...

RUN: upx -d /c/retdec/bin/exploit_x86.exe -o /c/retdec/bin/exploit_x86-unpacked.tmp

Unpacking by using UPX: nothing to do

Error: Unsupported target format 'PE'. Supported formats: ELF32, PE32, Intel HEX 32.

[0x0ACB]

Are you runnign windows 10 ? I had the same problem and calling decompile.sh test.exe directly from the commandline instead of from the MSYS2 terminal or with bash decompile.sh test.exe works fine. While the other two give me the same errors.

[boondoggler]

Yes I am running Windows 10. Same issue direct from command line running either:

bash decompile.sh exploit_x86.exe -a x86 -f pe
or
decompile.sh exploit_x86.exe -a x86 -f pe

(can't check the IDA plugin from cmd line)

[s3rvac]

Thank you for the report. I believe that this problem might be related to #18. We will verify this and will let you know.

[s3rvac]

In #18, we have found out that this problem occurs when running Windows 10 with WSL. In such a case, you have to ensure that in your system PATH, the path to programs from MSYS2 is placed before the path to programs from WSL. For more details, see #18 and our wiki.

@boondoggler, can you please try modifying your system PATH so that C:\msys32\usr\bin;C:\msys32\mingw32\bin (or its 64b equivalent) occurs before the path to programs from WSL? Then, try running bash decompile.sh exploit_x86.exe from a new console to see whether this fixed the issue you reported.

[boondoggler]

Aha...

(I moved C:\msys32\usr\bin;C:\msys32\mingw32\bin to the top of the list and rebooted)

C:\retdec\bin>bash decompile.sh exploit_x86.exe
0 [main] bash (3312) C:\msys32\usr\bin\bash.exe: *** fatal error - cygheap base mismatch detected - 0xF6C408/0xE8C408.
This problem is probably due to using incompatible versions of the cygwin DLL.
Search for cygwin1.dll using the Windows Start->Find/Search facility
and delete all but the most recent version. The most recent version should
reside in x:\cygwin\bin, where 'x' is the drive on which you have
installed the cygwin distribution. Rebooting is also suggested if you
are unable to find another cygwin DLL.
0 [main] bash 4480 fork: child -1 - forked process 3312 died unexpectedly, retry 0, exit code 0xC0000142, errno 11

This I think is what I briefly saw in IDA also before it closed the window after about 2ns

I am not aware I have manually installed cygwin

[s3rvac]

From what I was able to find, you can try:

• Do what the error message suggests (try to find an incompatible version of the cygwin DLL).
• Reboot your PC.
• Update MSYS2.
• Replace 32b MSYS2 with its 64b version.

I am sorry I cannot give you a better answer as I a not sure what the underlying problem is. All I know is that this is nothing specific to RetDec and different users offer different solutions.

[boondoggler]

Ok so after another reboot, I now get the original issue:

c:\retdec\bin>bash decompile.sh exploit_x86.exe

Checking if file is a Mach-O Universal static library...

RUN: /c/retdec/bin/macho-extractor --list /c/retdec/bin/exploit_x86.exe

Checking if file is an archive...

RUN: /c/retdec/bin/ar-extractor --arch-magic /c/retdec/bin/exploit_x86.exe
Not an archive, going to the next step.

Gathering file information...

RUN: /c/retdec/bin/fileinfo -c /c/retdec/bin/exploit_x86.c.json --similarity /c/retdec/bin/exploit_x86.exe --no-hashes=all --crypto /c/retdec/bin/../share/generic/yara_patterns/signsrch/signsrch.yara

Trying to unpack /c/retdec/bin/exploit_x86.exe into /c/retdec/bin/exploit_x86-unpacked.tmp by using generic unpacker...

RUN: /c/retdec/bin/unpacker -d /c/retdec/bin/unpacker-plugins -o /c/retdec/bin/exploit_x86-unpacked.tmp /c/retdec/bin/exploit_x86.exe

Unpacking by using generic unpacker: nothing to do

Trying to unpack /c/retdec/bin/exploit_x86.exe into /c/retdec/bin/exploit_x86-unpacked.tmp by using UPX...

RUN: upx -d /c/retdec/bin/exploit_x86.exe -o /c/retdec/bin/exploit_x86-unpacked.tmp

Unpacking by using UPX: nothing to do

Error: Unsupported target architecture ''. Supported architectures: Intel x86, ARM, ARM+Thumb, MIPS, PIC32, PowerPC.

Here is my current path:

c:\retdec\bin>path
PATH=C:\msys32\usr\bin;C:\msys32\mingw32\bin;C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0;C:\retdec\bin;C:\Program Files\doxygen\bin

I am convinced cygwin isn't installed and I haven't voluntarily installed WSL either. Part of the MSYS install was to update, I have tried again but still same issue. The 64bit version of MSYS wouldn't install correctly

[s3rvac]

@boondoggler Could you please attach/send us the following items so we can investigate this further?

1. Input binary file.
2. A complete (unabridged) output from decompile.sh that was printed to the console.
3. An archive containing all the files that decompile.sh created for your input file.

[boondoggler]

Attached are the requested files.

retdec_issue.zip

Exploit_x86.exe is just a compiled .exe from the overflow_example.c file in the archive - nothing nefarious

I have in the interim installed (on a fresh copy of W10 x64) the 64 bit versions of Msys and retdec. After a great deal of pain getting all the packages from the Msys64 archive, it seems to work.

It would still be good to understand why the 32 bit version issue here is failing here.

[s3rvac]

Thank you for the files. If I understand you correctly, everything works correctly with 64b MSYS, but fails with 32b MSYS?

[boondoggler]

Yes,

• x64 Windows 10 fresh with Msys64 and retdec x64 appears ok

• x64 Windows 10 with Msys32 and retdec x32 fails

[PeterMatula]

We just moved from Bash to Python (see #147). You can try if it is working now - no MSYS is needed. If you do not want to build it yourself, wait a few days for a new Windows binary release.

If there will be any problems, open a new issue, but this one is no longer valid, since there are no Bash scripts, MSYS, etc.