*Describe the bug
[=] [pe_uefi.py:206] [+] Located heap at 0x78000000
[=] [pe_uefi.py:213] [+] Located stack at 0x77fffff0
[=] [st.py:64] Global tables:
[=] [st.py:65] | gST 0x78000000
[=] [st.py:66] | gBS 0x78000078
[=] [st.py:67] | gRT 0x780001f0
[=] [st.py:68] | gDS 0x78000278
[=] [st.py:69]
[=] [utils.py:81] Initializing EFI_BOOT_SERVICES
[=] [utils.py:92] | RaiseTPL 0x78000090
[=] [utils.py:92] | RestoreTPL 0x78000098
[=] [utils.py:92] | AllocatePages 0x780000a0
[=] [utils.py:92] | FreePages 0x780000a8
[=] [utils.py:92] | GetMemoryMap 0x780000b0
[=] [utils.py:92] | AllocatePool 0x780000b8
[=] [utils.py:92] | FreePool 0x780000c0
[=] [utils.py:92] | CreateEvent 0x780000c8
[=] [utils.py:92] | SetTimer 0x780000d0
[=] [utils.py:92] | WaitForEvent 0x780000d8
[=] [utils.py:92] | SignalEvent 0x780000e0
[=] [utils.py:92] | CloseEvent 0x780000e8
[=] [utils.py:92] | CheckEvent 0x780000f0
[=] [utils.py:92] | InstallProtocolInterface 0x780000f8
[=] [utils.py:92] | ReinstallProtocolInterface 0x78000100
[=] [utils.py:92] | UninstallProtocolInterface 0x78000108
[=] [utils.py:92] | HandleProtocol 0x78000110
[=] [utils.py:92] | RegisterProtocolNotify 0x78000120
[=] [utils.py:92] | LocateHandle 0x78000128
[=] [utils.py:92] | LocateDevicePath 0x78000130
[=] [utils.py:92] | InstallConfigurationTable 0x78000138
[=] [utils.py:92] | LoadImage 0x78000140
[=] [utils.py:92] | StartImage 0x78000148
[=] [utils.py:92] | Exit 0x78000150
[=] [utils.py:92] | UnloadImage 0x78000158
[=] [utils.py:92] | ExitBootServices 0x78000160
[=] [utils.py:92] | GetNextMonotonicCount 0x78000168
[=] [utils.py:92] | Stall 0x78000170
[=] [utils.py:92] | SetWatchdogTimer 0x78000178
[=] [utils.py:92] | ConnectController 0x78000180
[=] [utils.py:92] | DisconnectController 0x78000188
[=] [utils.py:92] | OpenProtocol 0x78000190
[=] [utils.py:92] | CloseProtocol 0x78000198
[=] [utils.py:92] | OpenProtocolInformation 0x780001a0
[=] [utils.py:92] | ProtocolsPerHandle 0x780001a8
[=] [utils.py:92] | LocateHandleBuffer 0x780001b0
[=] [utils.py:92] | LocateProtocol 0x780001b8
[=] [utils.py:92] | InstallMultipleProtocolInterfaces 0x780001c0
[=] [utils.py:92] | UninstallMultipleProtocolInterfaces 0x780001c8
[=] [utils.py:92] | CalculateCrc32 0x780001d0
[=] [utils.py:92] | CopyMem 0x780001d8
[=] [utils.py:92] | SetMem 0x780001e0
[=] [utils.py:92] | CreateEventEx 0x780001e8
[=] [utils.py:98]
[=] [utils.py:81] Initializing EFI_RUNTIME_SERVICES
[=] [utils.py:92] | GetTime 0x78000208
[=] [utils.py:92] | SetTime 0x78000210
[=] [utils.py:92] | GetWakeupTime 0x78000218
[=] [utils.py:92] | SetWakeupTime 0x78000220
[=] [utils.py:92] | SetVirtualAddressMap 0x78000228
[=] [utils.py:92] | ConvertPointer 0x78000230
[=] [utils.py:92] | GetVariable 0x78000238
[=] [utils.py:92] | GetNextVariableName 0x78000240
[=] [utils.py:92] | SetVariable 0x78000248
[=] [utils.py:92] | GetNextHighMonotonicCount 0x78000250
[=] [utils.py:92] | ResetSystem 0x78000258
[=] [utils.py:92] | UpdateCapsule 0x78000260
[=] [utils.py:92] | QueryCapsuleCapabilities 0x78000268
[=] [utils.py:92] | QueryVariableInfo 0x78000270
[=] [utils.py:98]
[=] [utils.py:81] Initializing EFI_DXE_SERVICES
[=] [utils.py:92] | AddMemorySpace 0x78000290
[=] [utils.py:92] | AllocateMemorySpace 0x78000298
[=] [utils.py:92] | FreeMemorySpace 0x780002a0
[=] [utils.py:92] | RemoveMemorySpace 0x780002a8
[=] [utils.py:92] | GetMemorySpaceDescriptor 0x780002b0
[=] [utils.py:92] | SetMemorySpaceAttributes 0x780002b8
[=] [utils.py:92] | GetMemorySpaceMap 0x780002c0
[=] [utils.py:92] | AddIoSpace 0x780002c8
[=] [utils.py:92] | AllocateIoSpace 0x780002d0
[=] [utils.py:92] | FreeIoSpace 0x780002d8
[=] [utils.py:92] | RemoveIoSpace 0x780002e0
[=] [utils.py:92] | GetIoSpaceDescriptor 0x780002e8
[=] [utils.py:92] | GetIoSpaceMap 0x780002f0
[=] [utils.py:92] | Dispatch 0x780002f8
[=] [utils.py:92] | Schedule 0x78000300
[=] [utils.py:92] | Trust 0x78000308
[=] [utils.py:92] | ProcessFirmwareVolume 0x78000310
[=] [utils.py:92] | SetMemorySpaceCapabilities 0x78000318
[=] [utils.py:98]
[=] [utils.py:81] Initializing EFI_SMM_ACCESS2_PROTOCOL
[=] [utils.py:92] | Open 0x78040000
[=] [utils.py:92] | Close 0x78040008
[=] [utils.py:92] | Lock 0x78040010
[=] [utils.py:92] | GetCapabilities 0x78040018
[=] [utils.py:98]
[=] [utils.py:81] Initializing EFI_SMM_BASE2_PROTOCOL
[=] [utils.py:92] | InSmm 0x78040028
[=] [utils.py:92] | GetSmstLocation 0x78040030
[=] [utils.py:98]
[=] [utils.py:81] Initializing PCD_PROTOCOL
[=] [utils.py:92] | SetSku 0x78040038
[=] [utils.py:92] | Get8 0x78040040
[=] [utils.py:92] | Get16 0x78040048
[=] [utils.py:92] | Get32 0x78040050
[=] [utils.py:92] | Get64 0x78040058
[=] [utils.py:92] | GetPtr 0x78040060
[=] [utils.py:92] | GetBool 0x78040068
[=] [utils.py:92] | GetSize 0x78040070
[=] [utils.py:92] | Get8Ex 0x78040078
[=] [utils.py:92] | Get16Ex 0x78040080
[=] [utils.py:92] | Get32Ex 0x78040088
[=] [utils.py:92] | Get64Ex 0x78040090
[=] [utils.py:92] | GetPtrEx 0x78040098
[=] [utils.py:92] | GetBoolEx 0x780400a0
[=] [utils.py:92] | GetSizeEx 0x780400a8
[=] [utils.py:92] | Set8 0x780400b0
[=] [utils.py:92] | Set16 0x780400b8
[=] [utils.py:92] | Set32 0x780400c0
[=] [utils.py:92] | Set64 0x780400c8
[=] [utils.py:92] | SetPtr 0x780400d0
[=] [utils.py:92] | SetBool 0x780400d8
[=] [utils.py:92] | Set8Ex 0x780400e0
[=] [utils.py:92] | Set16Ex 0x780400e8
[=] [utils.py:92] | Set32Ex 0x780400f0
[=] [utils.py:92] | Set64Ex 0x780400f8
[=] [utils.py:92] | SetPtrEx 0x78040100
[=] [utils.py:92] | SetBoolEx 0x78040108
[=] [utils.py:92] | CallbackOnSet 0x78040110
[=] [utils.py:92] | CancelCallback 0x78040118
[=] [utils.py:92] | GetNextToken 0x78040120
[=] [utils.py:92] | GetNextTokenSpace 0x78040128
[=] [utils.py:98]
[=] [pe_uefi.py:241] [+] Located SMM heap at 0x7a000000
[=] [utils.py:81] Initializing EFI_SMM_SYSTEM_TABLE2
[=] [utils.py:92] | SmmInstallConfigurationTable 0x7a000028
[=] [utils.py:92] | SmmAllocatePool 0x7a000050
[=] [utils.py:92] | SmmFreePool 0x7a000058
[=] [utils.py:92] | SmmAllocatePages 0x7a000060
[=] [utils.py:92] | SmmFreePages 0x7a000068
[=] [utils.py:92] | SmmStartupThisAp 0x7a000070
[=] [utils.py:92] | SmmInstallProtocolInterface 0x7a0000a8
[=] [utils.py:92] | SmmUninstallProtocolInterface 0x7a0000b0
[=] [utils.py:92] | SmmHandleProtocol 0x7a0000b8
[=] [utils.py:92] | SmmRegisterProtocolNotify 0x7a0000c0
[=] [utils.py:92] | SmmLocateHandle 0x7a0000c8
[=] [utils.py:92] | SmmLocateProtocol 0x7a0000d0
[=] [utils.py:92] | SmiManage 0x7a0000d8
[=] [utils.py:92] | SmiHandlerRegister 0x7a0000e0
[=] [utils.py:92] | SmiHandlerUnRegister 0x7a0000e8
[=] [utils.py:98]
[=] [utils.py:81] Initializing EFI_SMM_CPU_PROTOCOL
[=] [utils.py:92] | SmmReadSaveState 0x7a040000
[=] [utils.py:92] | SmmWriteSaveState 0x7a040008
[=] [utils.py:98]
[=] [utils.py:81] Initializing EFI_SMM_SW_DISPATCH2_PROTOCOL
[=] [utils.py:92] | Register 0x7a040010
[=] [utils.py:92] | UnRegister 0x7a040018
[=] [utils.py:98]
[=] [pe_uefi.py:110] [+] Loading rootfs/x8664_efi/bin/TcgPlatformSetupPolicy to 0x77000000
[=] [pe_uefi.py:115] [+] PE entry point at 0x770002f0
[=] [utils.py:81] Initializing EFI_LOADED_IMAGE_PROTOCOL
[=] [utils.py:98]
[=] [pe_uefi.py:280] [+] Done with loading rootfs/x8664_efi/bin/TcgPlatformSetupPolicy
[=] [pe_uefi.py:166] Running from 0x770002f0 of rootfs/x8664_efi/bin/TcgPlatformSetupPolicy
[=] [utils.py:80] gdb> Breakpoint added at: 0x770002f0
[=] [utils.py:59] gdb> Breakpoint found, stop at address: 0x770002f0
[=] [gdb.py:133] gdb> Listening on 0.0.0.0:9999
Traceback (most recent call last):
File "simple_efi_x8664.py", line 41, in <module>
ql.run()
File "/usr/local/lib/python3.6/dist-packages/qiling-1.2.1-py3.6.egg/qiling/core.py", line 769, in run
self._debugger.run()
File "/usr/local/lib/python3.6/dist-packages/qiling-1.2.1-py3.6.egg/qiling/debugger/gdb/gdb.py", line 820, in run
commands[cmd](subcmd)
File "/usr/local/lib/python3.6/dist-packages/qiling-1.2.1-py3.6.egg/qiling/debugger/gdb/gdb.py", line 691, in handle_v
file_abspath = self.ql.os.transform_to_real_path(file_path)
File "/usr/local/lib/python3.6/dist-packages/qiling-1.2.1-py3.6.egg/qiling/os/utils.py", line 183, in transform_to_real_path
if os.path.islink(real_path):
File "/usr/lib/python3.6/posixpath.py", line 171, in islink
st = os.lstat(path)
TypeError: lstat: path should be string, bytes or os.PathLike, not NoneType
Sample Code
#!/usr/bin/env python3
#
# Cross Platform and Multi Architecture Advanced Binary Emulation Framework
# Built on top of Unicorn emulator (www.unicorn-engine.org)
import sys
import pickle
sys.path.append("..")
from qiling import *
from qiling.const import *
from qiling.os.uefi.const import *
def force_notify_RegisterProtocolNotify(ql, address, params):
event_id = params['Event']
if event_id in ql.loader.events:
ql.loader.events[event_id]['Guid'] = params["Protocol"]
# let's force notify
event = ql.loader.events[event_id]
event["Set"] = True
ql.loader.notify_list.append((event_id, event['NotifyFunction'], event['NotifyContext']))
######
return EFI_SUCCESS
return EFI_INVALID_PARAMETER
def my_onenter(ql, param_num, params, f, arg, kwargs):
print("\n")
print("=" * 40)
print(" Enter into my_onenter mode")
print("=" * 40)
print("\n")
return param_num, params, f, arg, kwargs
if __name__ == "__main__":
with open("rootfs/x8664_efi/rom2_nvar.pickel", 'rb') as f:
env = pickle.load(f)
ql = Qiling(["rootfs/x8664_efi/bin/TcgPlatformSetupPolicy"], "rootfs/x8664_efi", env=env)
ql.set_api("hook_RegisterProtocolNotify", force_notify_RegisterProtocolNotify)
ql.set_api("hook_CopyMem", my_onenter, QL_INTERCEPT.ENTER)
ql.debugger = "0.0.0.0:9999"
ql.run()python3 ./examples/simple_efi_x8664.py
*Describe the bug
Sample Code
python3 ./examples/simple_efi_x8664.py