-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
epanos depends on older/non-current versions of pycparser #1
Comments
Can you provide a backtrace or more details about the problem you're having? (I can guarantee you that indentation isn't the problem here, as others have been able to successfully run the code from this repo!) |
I will do a check on my XP VM when I get home... |
By the way, just in case you're expecting this to work on any MIPS binary, you'll probably be disappointed (but if you want an example file that will successfully decompile, I can provide one). |
@techbliss Do you recall the errors when trying to run epanos? |
Well its due to cpp binary. |
Just as a sanity check, first make sure pycparser, flufl.enum, and pyc-fmtstr-parser are installed. Can you try using the C preprocessor binary from clang and fake stdlib headers from pycparser? Don't forget to set the paths in epanos.py. When I wrote epanos, I was using the C preprocessor binary from lcc that pycparser used to bundle, so if you have problems with the clang one, the lcc one should definitely work. |
Yes pycparser, flufl.enum, and pyc-fmtstr-parser are installed.correctly, i can call them from ida python shell. |
OK, let me know how it goes. :) |
I figured out I had to fix this as well: nihilus@526f093 for some reason unknown :-/ I am using Python 2.7.6 |
traceback without C preprocessor binary from clang and fake stdlib headers from pycparser? error
|
It's been a while since I've looked at the code, but I'm pretty sure if it's getting to that point, then the C preprocessor is at least working, so that's good. As for getting it to work on your target, you're almost certainly going to have to modify the code and do some manual annotations on your database. Here's an example to help get you started. To use it:
The decompilation result should show up in the message pane. |
still getting a error (another one)i will look at it tommorow #include <stdlib.h> 'tuple' object has no attribute 'decls' |
Hi @techbliss, were you able to get this working? Please let me know if you're still having trouble. |
@techbliss Wake up! |
sorry for late reply.
Can you explain more about the arguments. |
Me neither... The tuple error seems to be a show-stopper :-( |
@drvink However feel free to from my MIPS-fork of snowman (http://www.gitgub.com/nihilus/snowman) and help me implement the ISA :-) |
I finally had a chance to sit down and take a look at this. I figured it out--sorry it took so long. :) If you use cpp.exe from LCC, it should just work. Alternatively, if you want to use clang as your preprocessor, apply this patch (edit the paths accordingly, of course): diff --git a/epanos/epanos.py b/epanos/epanos.py
index 7a09efb..076601e 100644
--- a/epanos/epanos.py
+++ b/epanos/epanos.py
@@ -22,13 +22,13 @@ except:
def run(decompile=True):
# change cpp path/args as needed
- pycparser_dir = r'%s\local\pycparser\utils' % os.environ['HOMEPATH']
+ pycparser_dir = r'C:\Python27\Lib\site-packages\pycparser'
decomp_dir = os.path.dirname(os.path.abspath(__file__))
- cpppath = r'%s\cpp.exe' % pycparser_dir
- cppargs = [
+ cpppath = r'C:\LLVM\bin\clang.exe'
+ cppargs = [r'-E'] + [
r'-I%s' % path for path in
- (r'%s\fake_libc_include' % pycparser_dir,
- decomp_dir)]
+ (r'C:\path\to\fake_libc_include',
+ decomp_dir)] + ['-']
decomp.set_cpp(cpppath, cppargs)
## Desired functions (missing functions will cause a warning if encountered cpp.exe from gcc should also work. I've tried all three and I get the same decompilation results regardless of which I use. Please let me know if this works for you! |
Wont work... I included llc cpp in my fork and it doesnt work. Check at my fork where Ive included the dependencies etc. |
can you specify a little more about
|
@nihilus OK, will look in a moment. @techbliss Clone eliben/pycparser and change that path to the location of the |
when runned the fptrs.py.It sets the new_fptrs. fptrs
But when running the fptrs.py nothing happends, or at least nothing at all shows after running. anyway to modify fptrs.py to check if the script actuelly worked. |
|
yes im am using the one you supplied. before
after ftprs.py
there is a little difference but to be honest i am not sure if the changes are correct.
|
This is harder than writing the decompiler was!
I'll try installing IDA in a VM and see if I can get the decompiler to run under that just to ensure there's not something special about my environment that I set up ages ago. |
Using your repo. |
I was able to successfully run the decompiler on a completely fresh Windows 7 VM just now. The trick is that you'll need an older version of pycparser: it worked for me with |
@drvink Ah, thx for investigating this. :-) 👍 |
@nihilus Were you able to get it to run? |
I will give it a try tonight. Been to occupied with implementing MIPS-support for Snowman. |
@nihilus @techbliss Had a chance to try with pycparser 2.10? It's great to hear you're working on an actual MIPS decompiler, by the way--the work I did here was rather specialized, not a very general-purpose tool. |
@drvink That made things work... However I see epanos is unable to handle little-endian files. A pity :-/ |
Yes. I'm afraid it's endian-ignorant, as it was basically a PoC for single binary where there were no endianness issues. I hope it may give you some ideas toward static analysis/recompilation, but it's very far from a complete solution. Endianness is probably one of the easier things you could fix in it, but honestly, extending epanos is not what I would recommend. However, I encourage you to learn from two of its design choices which have been proven in both research and industry code: mapping of types to functions and data, and mapping between instructions and types. Types are key! You may find LLVM's MIPS TableGen files to be especially helpful in your development (and similar to epanos's instruction categorization). MIPS's instructions are fairly naturally and intuitively related to C and the way compilers familiar to any reverser will translate code. :) |
@drvink wasent epanos also more of proof of concept.Rather than making it decompile both big and little endian.Still great work. https://github.com/yegord/snowman/issues/14 longest issue i have seen in a long time. :) |
You mean that the ISA is orthogonal? ;-P |
I had quite a lot of fun writing it, and I hope you're having fun as well. Another thing to keep in mind: I don't know if your goal involves human readability, but as epanos shows, the decompiled code can be damn ugly if you only want to feed it back to a compiler. :) If epanos is of any inspiration or help to you, I'd appreciate a citation in your work! |
Also, if you were both able to get epanos to run, may I close this issue? |
yes you can close issue, thx for the help. |
Cheers, guys, and good luck! |
Seems like you got the indentation wrong when you checked in the code... I cannot get it running and I am not a python wizard.
The text was updated successfully, but these errors were encountered: