Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

BinExport assertion fail for register (unexpected child expression) #2528

Closed
mr-tz opened this issue Dec 6, 2024 · 2 comments · Fixed by #2531
Closed

BinExport assertion fail for register (unexpected child expression) #2528

mr-tz opened this issue Dec 6, 2024 · 2 comments · Fixed by #2531
Assignees
Labels
binexport related to BinExport support bug Something isn't working

Comments

@mr-tz
Copy link
Collaborator

mr-tz commented Dec 6, 2024

sample available on request

$ python scripts/inspect-binexport2.py tests/data/binexport2/sample.BinExport -d                                                                                                                                                                                             ─╯
DEBUG    inspect-binexport2: perf: loading BinExport2: 0.10s                                                                                                                                                                                                                                                               inspect-binexport2.py:31
DEBUG    inspect-binexport2: perf: indexing BinExport2: 1.56s                                                                                                                                                                                                                                                              inspect-binexport2.py:31
Traceback (most recent call last):
  File "capa/scripts/inspect-binexport2.py", line 461, in <module>
    sys.exit(main())
             ^^^^^^
  File "capa/scripts/inspect-binexport2.py", line 369, in main
    operands.append(render_operand(be2, operand, index=operand_index))
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "capa/scripts/inspect-binexport2.py", line 210, in render_operand
    _render_expression_tree(be2, operand, tree, 0, o)
  File "capa/scripts/inspect-binexport2.py", line 162, in _render_expression_tree
    raise NotImplementedError(len(children_tree_indexes))
NotImplementedError: 0

when passing that exception:

Traceback (most recent call last):
  File "capa/scripts/inspect-binexport2.py", line 462, in <module>
    sys.exit(main())
             ^^^^^^
  File "capa/scripts/inspect-binexport2.py", line 370, in main
    operands.append(render_operand(be2, operand, index=operand_index))
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "capa/scripts/inspect-binexport2.py", line 211, in render_operand
    _render_expression_tree(be2, operand, tree, 0, o)
  File "capa/scripts/inspect-binexport2.py", line 84, in _render_expression_tree
    assert len(children_tree_indexes) == 0
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError

on first triage I see a register with symbol z3 and child expression .

likely an issue in the BinExport plugin, which could be handled more gracefully here

@mr-tz mr-tz added bug Something isn't working binexport related to BinExport support labels Dec 6, 2024
@williballenthin
Copy link
Collaborator

would you send the be2 to me and i'll triage?

@williballenthin williballenthin self-assigned this Dec 6, 2024
@williballenthin
Copy link
Collaborator

This is an aarch64 program. The exception occurs with the instruction at 0x53de58.

I think this isn't actually a real instruction (Ghidra is probably wrong here), but whatever, we should be able to handle whatever disassembly:

image

The BinExport2 indicates the operand looks like: z31.S, with structure like (z31 (. (S))):

image

or maybe its easier to understand, like:

reg: z31
     ^
     |
sym: .
     ^
     |
sym: S

Gemini tells me this isn't actually valid aarch64:

image

But again, we should be able to handle whatever disassembly the system produces, and we'd have to handle this case for the valid vector operands, anyways:

image

Today we assert that register operands have no children:

image

so we have to update this case to handle children, such as with aarch64 vector instructions.

williballenthin added a commit that referenced this issue Dec 9, 2024
analogous to the inspect-binexport2 issues reported in #2528 and #2530,
but this fixes the feature extractor.
williballenthin added a commit that referenced this issue Dec 9, 2024
analogous to the inspect-binexport2 issues reported in #2528 and #2530,
but this fixes the feature extractor.
williballenthin added a commit that referenced this issue Dec 9, 2024
analogous to the inspect-binexport2 issues reported in #2528 and #2530,
but this fixes the feature extractor.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
binexport related to BinExport support bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants