*Describe the bug
在模拟httpd过程中,load shared libraries 报错,提示libpcre.so.0 Operation not permitted
─# ls usr/lib/libpcre.so* -all
lrwxrwxrwx 1 root root 16 Oct 30 02:27 usr/lib/libpcre.so.0 -> libpcre.so.0.0.1
-rwxr-xr-x 1 root root 109240 Oct 30 02:27 usr/lib/libpcre.so.0.0.1
Sample Code
from qiling import *
from qiling.const import QL_VERBOSE
def custom_geteuid32(ql, *args, **kwargs):
return 0 # 返回一个自定义的有效用户 ID
def my_sandbox(path, rootfs):
# setup Qiling engine
ql = Qiling(path, rootfs,verbose=QL_VERBOSE.OFF,console=True,multithread=False) # QL_VERBOSE.OFF QL_VERBOSE.DEBUG
ql.os.set_syscall("geteuid32", custom_geteuid32)
ql.run()
if __name__ == "__main__":
my_sandbox(["./rootfs/usr/sbin/lighttpd"], "./rootfs/")Expected behavior
运行lighttpd
Screenshots
# python qiling_v_http.py
./rootfs/usr/sbin/lighttpd: error while loading shared libraries: libpcre.so.0: cannot open shared object file: Operation not permitted
[x] CPU Context:
[x] r0 : 0xeee4
[x] r1 : 0x7ff3c840
[x] r2 : 0x7ff3c424
[x] r3 : 0x3d4a0
[x] r4 : 0x47d4750
[x] r5 : 0x47d4bbc
[x] r6 : 0x7ff3cfe4
[x] r7 : 0xf8
[x] r8 : 0x7ff3c858
[x] r9 : 0x1
[x] r10 : 0x47de000
[x] r11 : 0x0
[x] r12 : 0x4c180
[x] sp : 0x7ff3c414
[x] lr : 0x4c124
[x] pc : 0x0
[x] cpsr : 0x600001d3
[x] c1_c0_2 : 0x0
[x] c13_c0_3 : 0x0
[x] fpexc : 0x40000000
[x] d0 : 0x0
[x] d1 : 0x0
[x] d2 : 0x0
[x] d3 : 0x0
[x] d4 : 0x0
[x] d5 : 0x0
[x] d6 : 0x0
[x] d7 : 0x0
[x] d8 : 0x0
[x] d9 : 0x0
[x] d10 : 0x0
[x] d11 : 0x0
[x] d12 : 0x0
[x] d13 : 0x0
[x] d14 : 0x0
[x] d15 : 0x0
[x] d16 : 0x0
[x] d17 : 0x0
[x] d18 : 0x0
[x] d19 : 0x0
[x] d20 : 0x0
[x] d21 : 0x0
[x] d22 : 0x0
[x] d23 : 0x0
[x] d24 : 0x0
[x] d25 : 0x0
[x] d26 : 0x0
[x] d27 : 0x0
[x] d28 : 0x0
[x] d29 : 0x0
[x] d30 : 0x0
[x] d31 : 0x0
[x] fpscr : 0x0
[x] q0 : 0x0
[x] q1 : 0x0
[x] q2 : 0x0
[x] q3 : 0x0
[x] q4 : 0x0
[x] q5 : 0x0
[x] q6 : 0x0
[x] q7 : 0x0
[x] q8 : 0x0
[x] q9 : 0x0
[x] q10 : 0x0
[x] q11 : 0x0
[x] q12 : 0x0
[x] q13 : 0x0
[x] q14 : 0x0
[x] q15 : 0x0
[x] s0 : 0x0
[x] s1 : 0x0
[x] s2 : 0x0
[x] s3 : 0x0
[x] s4 : 0x0
[x] s5 : 0x0
[x] s6 : 0x0
[x] s7 : 0x0
[x] s8 : 0x0
[x] s9 : 0x0
[x] s10 : 0x0
[x] s11 : 0x0
[x] s12 : 0x0
[x] s13 : 0x0
[x] s14 : 0x0
[x] s15 : 0x0
[x] s16 : 0x0
[x] s17 : 0x0
[x] s18 : 0x0
[x] s19 : 0x0
[x] s20 : 0x0
[x] s21 : 0x0
[x] s22 : 0x0
[x] s23 : 0x0
[x] s24 : 0x0
[x] s25 : 0x0
[x] s26 : 0x0
[x] s27 : 0x0
[x] s28 : 0x0
[x] s29 : 0x0
[x] s30 : 0x0
[x] s31 : 0x0
[x] PC = 0x00000000 (unreachable)
[x] Memory map:
[x] Start End Perm Label Image
[x] 0000008000 - 0000044000 r-x lighttpd /root/test/docker/draytek/Vigor2960_v1.5.1.4/rootfs/usr/sbin/lighttpd
[x] 000004c000 - 0000052000 rw- lighttpd /root/test/docker/draytek/Vigor2960_v1.5.1.4/rootfs/usr/sbin/lighttpd
[x] 0000052000 - 0000054000 rwx [hook_mem]
[x] 00047ba000 - 00047d6000 r-x ld-linux.so.3 /root/test/docker/draytek/Vigor2960_v1.5.1.4/rootfs/lib/ld-2.7.so
[x] 00047dd000 - 00047df000 rw- ld-linux.so.3 /root/test/docker/draytek/Vigor2960_v1.5.1.4/rootfs/lib/ld-2.7.so
[x] 007ff0d000 - 007ff3d000 rwx [stack]
[x] 0090000000 - 0090001000 rw- [mmap anonymous]
[x] 00ffff0000 - 00ffff1000 rwx [arm_traps]
Traceback (most recent call last):
File "qiling_v_http.py", line 15, in <module>
my_sandbox(["./rootfs/usr/sbin/lighttpd"], "./rootfs/")
File "qiling_v_http.py", line 12, in my_sandbox
ql.run()
File "/root/.local/lib/python3.8/site-packages/qiling/core.py", line 597, in run
self.os.run()
File "/root/.local/lib/python3.8/site-packages/qiling/os/linux/linux.py", line 184, in run
self.ql.emu_start(self.ql.loader.elf_entry, self.exit_point, self.ql.timeout, self.ql.count)
File "/root/.local/lib/python3.8/site-packages/qiling/core.py", line 771, in emu_start
self.uc.emu_start(begin, end, timeout, count)
File "/usr/local/lib/python3.8/site-packages/unicorn/unicorn.py", line 547, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory fetch (UC_ERR_FETCH_UNMAPPED)
谢谢!
*Describe the bug
在模拟httpd过程中,load shared libraries 报错,提示libpcre.so.0 Operation not permitted
Sample Code
Expected behavior
运行lighttpd
Screenshots
谢谢!