$ qltool run -f hello_x64.efi --rootfs .
[=] Located heap at 0x78000000
[=] Located stack at 0x77fffff0
[=] Global tables:
[=] | gST 0x78000000
[=] | gBS 0x78000078
[=] | gRT 0x780001f0
[=] | gDS 0x78000278
[=]
[=] Initializing EFI_BOOT_SERVICES
[=] | RaiseTPL 0x78000090
[=] | RestoreTPL 0x78000098
[=] | AllocatePages 0x780000a0
[=] | FreePages 0x780000a8
[=] | GetMemoryMap 0x780000b0
[=] | AllocatePool 0x780000b8
[=] | FreePool 0x780000c0
[=] | CreateEvent 0x780000c8
[=] | SetTimer 0x780000d0
[=] | WaitForEvent 0x780000d8
[=] | SignalEvent 0x780000e0
[=] | CloseEvent 0x780000e8
[=] | CheckEvent 0x780000f0
[=] | InstallProtocolInterface 0x780000f8
[=] | ReinstallProtocolInterface 0x78000100
[=] | UninstallProtocolInterface 0x78000108
[=] | HandleProtocol 0x78000110
[=] | RegisterProtocolNotify 0x78000120
[=] | LocateHandle 0x78000128
[=] | LocateDevicePath 0x78000130
[=] | InstallConfigurationTable 0x78000138
[=] | LoadImage 0x78000140
[=] | StartImage 0x78000148
[=] | Exit 0x78000150
[=] | UnloadImage 0x78000158
[=] | ExitBootServices 0x78000160
[=] | GetNextMonotonicCount 0x78000168
[=] | Stall 0x78000170
[=] | SetWatchdogTimer 0x78000178
[=] | ConnectController 0x78000180
[=] | DisconnectController 0x78000188
[=] | OpenProtocol 0x78000190
[=] | CloseProtocol 0x78000198
[=] | OpenProtocolInformation 0x780001a0
[=] | ProtocolsPerHandle 0x780001a8
[=] | LocateHandleBuffer 0x780001b0
[=] | LocateProtocol 0x780001b8
[=] | InstallMultipleProtocolInterfaces 0x780001c0
[=] | UninstallMultipleProtocolInterfaces 0x780001c8
[=] | CalculateCrc32 0x780001d0
[=] | CopyMem 0x780001d8
[=] | SetMem 0x780001e0
[=] | CreateEventEx 0x780001e8
[=]
[=] Initializing EFI_RUNTIME_SERVICES
[=] | GetTime 0x78000208
[=] | SetTime 0x78000210
[=] | GetWakeupTime 0x78000218
[=] | SetWakeupTime 0x78000220
[=] | SetVirtualAddressMap 0x78000228
[=] | ConvertPointer 0x78000230
[=] | GetVariable 0x78000238
[=] | GetNextVariableName 0x78000240
[=] | SetVariable 0x78000248
[=] | GetNextHighMonotonicCount 0x78000250
[=] | ResetSystem 0x78000258
[=] | UpdateCapsule 0x78000260
[=] | QueryCapsuleCapabilities 0x78000268
[=] | QueryVariableInfo 0x78000270
[=]
[=] Initializing EFI_DXE_SERVICES
[=] | AddMemorySpace 0x78000290
[=] | AllocateMemorySpace 0x78000298
[=] | FreeMemorySpace 0x780002a0
[=] | RemoveMemorySpace 0x780002a8
[=] | GetMemorySpaceDescriptor 0x780002b0
[=] | SetMemorySpaceAttributes 0x780002b8
[=] | GetMemorySpaceMap 0x780002c0
[=] | AddIoSpace 0x780002c8
[=] | AllocateIoSpace 0x780002d0
[=] | FreeIoSpace 0x780002d8
[=] | RemoveIoSpace 0x780002e0
[=] | GetIoSpaceDescriptor 0x780002e8
[=] | GetIoSpaceMap 0x780002f0
[=] | Dispatch 0x780002f8
[=] | Schedule 0x78000300
[=] | Trust 0x78000308
[=] | ProcessFirmwareVolume 0x78000310
[=] | SetMemorySpaceCapabilities 0x78000318
[=]
[=] Initializing EFI_SMM_ACCESS2_PROTOCOL
[=] | Open 0x78040000
[=] | Close 0x78040008
[=] | Lock 0x78040010
[=] | GetCapabilities 0x78040018
[=]
[=] Initializing EFI_SMM_BASE2_PROTOCOL
[=] | InSmm 0x78040028
[=] | GetSmstLocation 0x78040030
[=]
[=] Located SMM heap at 0x7a000000
[=] Initializing EFI_RUNTIME_SERVICES
[=] | GetTime 0x7a000108
[=] | SetTime 0x7a000110
[=] | GetWakeupTime 0x7a000118
[=] | SetWakeupTime 0x7a000120
[=] | SetVirtualAddressMap 0x7a000128
[=] | ConvertPointer 0x7a000130
[=] | GetVariable 0x7a000138
[=] | GetNextVariableName 0x7a000140
[=] | SetVariable 0x7a000148
[=] | GetNextHighMonotonicCount 0x7a000150
[=] | ResetSystem 0x7a000158
[=] | UpdateCapsule 0x7a000160
[=] | QueryCapsuleCapabilities 0x7a000168
[=] | QueryVariableInfo 0x7a000170
[=]
[=] Initializing EFI_SMM_SYSTEM_TABLE2
[=] | SmmInstallConfigurationTable 0x7a000028
[=] | SmmAllocatePool 0x7a000050
[=] | SmmFreePool 0x7a000058
[=] | SmmAllocatePages 0x7a000060
[=] | SmmFreePages 0x7a000068
[=] | SmmStartupThisAp 0x7a000070
[=] | SmmInstallProtocolInterface 0x7a0000a8
[=] | SmmUninstallProtocolInterface 0x7a0000b0
[=] | SmmHandleProtocol 0x7a0000b8
[=] | SmmRegisterProtocolNotify 0x7a0000c0
[=] | SmmLocateHandle 0x7a0000c8
[=] | SmmLocateProtocol 0x7a0000d0
[=] | SmiManage 0x7a0000d8
[=] | SmiHandlerRegister 0x7a0000e0
[=] | SmiHandlerUnRegister 0x7a0000e8
[=]
[=] Initializing EFI_SMM_CPU_PROTOCOL
[=] | SmmReadSaveState 0x7a040000
[=] | SmmWriteSaveState 0x7a040008
[=]
[=] Initializing EFI_SMM_SW_DISPATCH2_PROTOCOL
[=] | Register 0x7a040010
[=] | UnRegister 0x7a040018
[=]
[=] Module hello_x64.efi loaded to 0x140000000
[=] Module entry point at 0x140001000
[=] Initializing EFI_LOADED_IMAGE_PROTOCOL
[=]
[=] Done with loading hello_x64.efi
[=] Running from 0x140001000 of hello_x64.efi
[x] CPU Context:
[x] rax = 0000000000000000, eax = 00000000, ax = 0000, ah = 00, al = 00
[x] rbx = 0000000000000000, ebx = 00000000, bx = 0000, bh = 00, bl = 00
[x] rcx = 0000000140000000, ecx = 40000000, cx = 0000, ch = 00, cl = 00
[x] rdx = 0000000078000000, edx = 78000000, dx = 0000, dh = 00, dl = 00
[x] rsi = 0000000000000000, esi = 00000000, si = 0000
[x] rdi = 0000000000000000, edi = 00000000, di = 0000
[x] rsp = 0000000077ffff90, esp = 77ffff90, sp = ff90
[x] rbp = 0000000077fffff0, ebp = 77fffff0, bp = fff0
[x] rip = 0000000140001000, eip = 40001000, ip = 1000
[x]
[x] r8 = 0000000000000000, r8d = 00000000, r8w = 0000, r8b = 00
[x] r9 = 0000000000000000, r9d = 00000000, r9w = 0000, r9b = 00
[x] r10 = 0000000000000000, r10d = 00000000, r10w = 0000, r10b = 00
[x] r11 = 0000000000000000, r11d = 00000000, r11w = 0000, r11b = 00
[x] r12 = 0000000000000000, r12d = 00000000, r12w = 0000, r12b = 00
[x] r13 = 0000000000000000, r13d = 00000000, r13w = 0000, r13b = 00
[x] r14 = 0000000000000000, r14d = 00000000, r14w = 0000, r14b = 00
[x] r15 = 0000000000000000, r15d = 00000000, r15w = 0000, r15b = 00
[x]
[x] cs = 0000
[x] ds = 0000
[x] es = 0000
[x] fs = 0000
[x] gs = 0000
[x] ss = 0000
[x]
[x] Hexdump:
[x] 140001000 : 48 83 ec 58 48 89 54 24 50 48 89 4c 24 48 48 8b
[x] 140001010 : 44 24 50 48 89 05 d6 ab 00 00 48 8b 05 cf ab 00
[x] 140001020 : 00 48 8b 40 40 48 8b 40 30 48 8b 0d c0 ab 00 00
[x] 140001030 : 48 8b 49 40 ff d0 48 8b 0d b3 ab 00 00 48 8b 49
[x] 140001040 :
[x]
[x] Disassembly:
[x] 140001000 : 4883ec58 sub rsp, 0x58
[x] 140001004 : 4889542450 mov qword ptr [rsp + 0x50], rdx
[x] 140001009 : 48894c2448 mov qword ptr [rsp + 0x48], rcx
[x] 14000100e : 488b442450 mov rax, qword ptr [rsp + 0x50]
[x] 140001013 : 488905d6ab0000 mov qword ptr [rip + 0xabd6], rax
[x] 14000101a : 488b05cfab0000 mov rax, qword ptr [rip + 0xabcf]
[x] 140001021 : 488b4040 mov rax, qword ptr [rax + 0x40]
[x] 140001025 : 488b4030 mov rax, qword ptr [rax + 0x30]
[x]
[x] PC = 0x140001000 (hello_x64.efi + 0x1000)
[x] Memory map:
[=] [+] Start End Perm. Path
[=] [+] 77800000 - 78000000 - rwx [mapped]
[=] [+] 78000000 - 78040000 - rwx [heap]
[=] [+] 78040000 - 78041000 - rwx [heap]
[=] [+] 7a000000 - 7a040000 - rwx [heap]
[=] [+] 7a040000 - 7a041000 - rwx [heap]
[=] [+] fd000000 - fe000000 - rwx [mapped]
[=] [+] 140000000 - 140015000 - rwx [module] (hello_x64.efi)
Traceback (most recent call last):
File "/home/foo/.local/bin/qltool", line 300, in <module>
ql.run(timeout=timeout)
File "/home/foo/.local/lib/python3.7/site-packages/qiling/core.py", line 756, in run
self.os.run()
File "/home/foo/.local/lib/python3.7/site-packages/qiling/os/uefi/uefi.py", line 151, in run
self.ql.emu_start(self.ql.loader.entry_point, self.exit_point, self.ql.timeout, self.ql.count)
File "/home/foo/.local/lib/python3.7/site-packages/qiling/core.py", line 897, in emu_start
self.uc.emu_start(begin, end, timeout, count)
File "/home/foo/.local/lib/python3.7/site-packages/unicorn/unicorn.py", line 318, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Invalid memory read (UC_ERR_READ_UNMAPPED)
Compile this with GNU-EFI.
*Describe the bug
Running a UEFI hello world binary with qltool fails:
Sample Code
Compile this with GNU-EFI.
Expected behavior
It to run without error.