Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIGSEGV in libjvm.so when diffing large binaries #97

Open
ducphanduyagentp opened this issue Jun 18, 2024 · 4 comments
Open

SIGSEGV in libjvm.so when diffing large binaries #97

ducphanduyagentp opened this issue Jun 18, 2024 · 4 comments

Comments

@ducphanduyagentp
Copy link

Hi,

I've encountered this error multiple times when diffing large binaries. I've tried tweaking max RAM percent, changing JDK, changing options, exporting to Ghidra Zip File from Ghidra UI, but it will not complete the diff. This specific instance, I got SIGSEGV, and some others I got SIGBUS.

INFO | ghidriff | Init Ghidra Diff Engine...
INFO | ghidriff | Engine Console Log: INFO
INFO | ghidriff | Engine File Log:  ghidriffs/ghidriff.log INFO
INFO | ghidriff | Starting Ghidra...
INFO  Using log config file: jar:file:/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)  
INFO  Using log file: /home/user/ghidriffs/ghidriff.log (LoggingInitialization)  
INFO  Loading user preferences: /home/user/.config/ghidra/ghidra_11.1.1_PUBLIC/preferences (Preferences)  
INFO  Searching for classes... (ClassSearcher)  
INFO  Ignoring class 'ghidra.GhidraClassLoader' from '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. Already found at '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. (ClassSearcher)  
INFO  Ignoring class 'generic.jar.GClassLoader' from '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. Already found at '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. (ClassSearcher)  
INFO  Class search complete (473 ms) (ClassSearcher)  
INFO  Initializing SSL Context (SSLContextInitializer)  
INFO  Initializing Random Number Generator... (SecureRandomFactory)  
INFO  Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)  
INFO  Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)  
INFO | ghidriff | GHIDRA_INSTALL_DIR: /home/user/Downloads/ghidra_11.1.1_PUBLIC
INFO | ghidriff | GHIDRA 11.1.1  Build Date: 2024-Jun-14 1025 EDT Release: PUBLIC
INFO | ghidriff | Engine Args:
INFO | ghidriff | 	old:                ['old.exe.gzf']
INFO | ghidriff | 	new:                [['new.exe.gzf']]
INFO | ghidriff | 	engine:             VersionTrackingDiff
INFO | ghidriff | 	output_path:        ghidriffs
INFO | ghidriff | 	summary:            False
INFO | ghidriff | 	project_location:   ghidra_projects
INFO | ghidriff | 	project_name:       ghidriff
INFO | ghidriff | 	symbols_path:       symbols
INFO | ghidriff | 	threaded:           True
INFO | ghidriff | 	force_analysis:     False
INFO | ghidriff | 	force_diff:         True
INFO | ghidriff | 	no_symbols:         True
INFO | ghidriff | 	log_level:          INFO
INFO | ghidriff | 	file_log_level:     INFO
INFO | ghidriff | 	log_path:           ghidriff.log
INFO | ghidriff | 	va:                 False
INFO | ghidriff | 	min_func_len:       10
INFO | ghidriff | 	use_calling_counts: False
INFO | ghidriff | 	gdt:                []
INFO | ghidriff | 	bsim:               True
INFO | ghidriff | 	bsim_full:          True
INFO | ghidriff | 	max_ram_percent:    100
INFO | ghidriff | 	print_flags:        False
INFO | ghidriff | 	jvm_args:           None
INFO | ghidriff | 	side_by_side:       False
INFO | ghidriff | 	max_section_funcs:  200
INFO | ghidriff | 	md_title:           None
INFO | ghidriff | Setting Up Ghidra Project...
INFO  Opening project: /home/user/ghidriffs/ghidra_projects/ghidriff-old.exe.gzf-new.exe.gzf/ghidriff-old.exe.gzf-new.exe.gzf (DefaultProject)  
INFO | ghidriff | Opened project: ghidriff-old.exe.gzf-new.exe.gzf
INFO | ghidriff | Project Location: /home/user/ghidriffs/ghidra_projects/ghidriff-old.exe.gzf-new.exe.gzf/
INFO | ghidriff | Opening old.exe.gzf
INFO | ghidriff | Loaded old.exe - .ProgramDB
INFO | ghidriff | Opening new.exe.gzf
INFO | ghidriff | Loaded new.exe - .ProgramDB
INFO | ghidriff | Project Files:
INFO | ghidriff | ghidriff-old.exe.gzf-new.exe.gzf:/old.exe.gzf-b7fb88
INFO | ghidriff | ghidriff-old.exe.gzf-new.exe.gzf:/new.exe.gzf-a74d23
INFO | ghidriff | Program: old.exe.gzf-b7fb88 imported: True has_pdb: False pdb_loaded: False analyzed True
INFO | ghidriff | Program: new.exe.gzf-a74d23 imported: True has_pdb: False pdb_loaded: False analyzed True
INFO | ghidriff | Starting analysis for 2 binaries
INFO | ghidriff | Analyzing: new.exe - .ProgramDB
Using file gdts: [windows_vs12_32]
INFO | ghidriff | Analyzing: old.exe - .ProgramDB
Using file gdts: [windows_vs12_32]
INFO | ghidriff | Analysis already complete.. skipping new.exe - .ProgramDB!
INFO | ghidriff | Analysis already complete.. skipping old.exe - .ProgramDB!
INFO | ghidriff | Analysis for ghidriff-old.exe.gzf-new.exe.gzf:/new.exe.gzf-a74d23 complete
INFO | ghidriff | Analysis for ghidriff-old.exe.gzf-new.exe.gzf:/old.exe.gzf-b7fb88 complete
INFO | ghidriff | Diffing bins: old.exe.gzf - new.exe.gzf
INFO | ghidriff | Setup 48 decompliers
INFO | ghidriff | Loaded old program: old.exe
INFO | ghidriff | Loaded new program: new.exe
INFO | ghidriff | p1 sym count: reported: 2338147 analyzed: 52645
INFO | ghidriff | p2 sym count: reported: 2300389 analyzed: 52641
INFO | ghidriff | Found unmatched: 1126 matched: 52080 symbols
INFO  Hashing symbols in old.exe (ConsoleTaskMonitor)  
INFO  Hashing symbols in new.exe (ConsoleTaskMonitor)  
INFO  Eliminate non-unique matches (ConsoleTaskMonitor)  
INFO  Finding symbol matches (ConsoleTaskMonitor)  
INFO | ghidriff | Exec time: 0.8930 secs
INFO | ghidriff | Match count 126080
INFO | ghidriff | Counter({('SymbolsHash',): 10196})
INFO | ghidriff | Running correlator: ExactBytesFunctionHasher
INFO | ghidriff | name: ExactBytesFunctionHasher one_to_one: True one_to_many: False
INFO  Hashing functions in old.exe (ConsoleTaskMonitor)  
INFO  Hashing functions in new.exe (ConsoleTaskMonitor)  
INFO  Finding function matches (ConsoleTaskMonitor)  
INFO | ghidriff | Match count: 38299
INFO | ghidriff | ExactBytesFunctionHasher Exec time: 46.1940 secs
INFO | ghidriff | Running correlator: ExactInstructionsFunctionHasher
INFO | ghidriff | name: ExactInstructionsFunctionHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 82287
INFO | ghidriff | ExactInstructionsFunctionHasher Exec time: 43.0633 secs
INFO | ghidriff | Running correlator: StructuralGraphExactHash
INFO | ghidriff | name: StructuralGraphExactHash one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 873
INFO | ghidriff | StructuralGraphExactHash Exec time: 179.8756 secs
INFO | ghidriff | Running correlator: ExactMnemonicsFunctionHasher
INFO | ghidriff | name: ExactMnemonicsFunctionHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 50
INFO | ghidriff | ExactMnemonicsFunctionHasher Exec time: 41.9512 secs
INFO | ghidriff | Running correlator: BSIM
INFO | ghidriff | name: BSIM one_to_one: True one_to_many: False
INFO | ghidriff | Starting BSIM correlator
INFO | ghidriff | Match Set 0 - 130832 matches [Correlator=Manual Match]
INFO | ghidriff | Match Set -1 - 0 matches [Correlator=Implied Match]
WARN  Decompiling 0072f480, pcode error at 0072f674: Unable to resolve constructor at 0072f674 (DecompileCallback)  
WARN  Decompiling 00a5d770, pcode error at 00a5d8fc: Unable to resolve constructor at 00a5d8fc (DecompileCallback)  
WARN  Decompiling 00a8a3b0, pcode error at 08a950a3: Could not follow disassembly flow into non-existing memory at 08a950a3 (DecompileCallback)  
WARN  Decompiling 01835370, pcode error at 01836144: Unable to resolve constructor at 01836144 (DecompileCallback)  
WARN  Decompiling 01aa8e90, pcode error at 01aa9105: Unable to resolve constructor at 01aa9105 (DecompileCallback)  
WARN  Decompiling 01d08b70, pcode error at 01d090ad: Unable to resolve constructor at 01d090ad (DecompileCallback)  
WARN  Decompiling 01d09170, pcode error at 0b01d092: Could not follow disassembly flow into non-existing memory at 0b01d092 (DecompileCallback)  
WARN  Decompiling 01d3a600, pcode error at 01d3a8ad: Unable to resolve constructor at 01d3a8ad (DecompileCallback)  
WARN  Decompiling 01ed9ef0: Unable to read bytes at ram:0cc483ff (DecompileCallback)  
WARN  Decompiling 01ffcef0, pcode error at 01ffe0ac: Unable to resolve constructor at 01ffe0ac (DecompileCallback)  
WARN  Decompiling 0216ef50, pcode error at 0216f281: Unable to resolve constructor at 0216f281 (DecompileCallback)  
WARN  Decompiling 02290960, pcode error at 02291038: Unable to resolve constructor at 02291038 (DecompileCallback)  
WARN  Decompiling 0230bdc0, pcode error at 0230caad: Unable to resolve constructor at 0230caad (DecompileCallback)  
WARN  Decompiling 02f31910: Unable to read bytes at ram:0af31c00 (DecompileCallback)  
WARN  Decompiling 034fd820, pcode error at 034fdc14: Unable to resolve constructor at 034fdc14 (DecompileCallback)  
WARN  Decompiling 03503da0, pcode error at 035040a0: Unable to resolve constructor at 035040a0 (DecompileCallback)  
WARN  Decompiling 03601e80, pcode error at 03602960: Unable to resolve constructor at 03602960 (DecompileCallback)  
WARN  Decompiling 037af640: Unable to read bytes at ram:75ff56ff (DecompileCallback)  
WARN  Decompiling 03a90920, pcode error at 03a90b28: Unable to resolve constructor at 03a90b28 (DecompileCallback)  
WARN  Decompiling 03b28ee0, pcode error at 03b2907d: Unable to resolve constructor at 03b2907d (DecompileCallback)  
WARN  Decompiling 03b28cc0, pcode error at 03b28ecd: Failed to resolve varnode <Sreg>, index=6 (DecompileCallback)  
WARN  Decompiling 03b2c5b0, pcode error at 03b2c8ef: Unable to resolve constructor at 03b2c8ef (DecompileCallback)  
WARN  Decompiling 03b2d030, pcode error at ff03b2d0: Could not follow disassembly flow into non-existing memory at ff03b2d0 (DecompileCallback)  
WARN  Decompiling 03c13470, pcode error at 03c134ec: Failed to resolve varnode <Sreg>, index=6 (DecompileCallback)  
WARN  Decompiling 03c4ee10, pcode error at 03c4f448: Unable to resolve constructor at 03c4f448 (DecompileCallback)  
WARN  Decompiling 041ac5d0, pcode error at 041ac6b5: Unable to resolve constructor at 041ac6b5 (DecompileCallback)  
WARN  Decompiling 05987578, pcode error at 059b5520: Could not follow disassembly flow into non-existing memory at 059b5520 (DecompileCallback)  
WARN  Decompiling 059874b8, pcode error at 059b5520: Could not follow disassembly flow into non-existing memory at 059b5520 (DecompileCallback)  
WARN  Decompiling 00738e70, pcode error at 00739075: Unable to resolve constructor at 00739075 (DecompileCallback)  
WARN  Decompiling 0172ddf0, pcode error at 0172f0f8: Unable to resolve constructor at 0172f0f8 (DecompileCallback)  
WARN  Decompiling 01eea6b0: Unable to read bytes at ram:0cc483ff (DecompileCallback)  
WARN  Decompiling 02526360, pcode error at c254b8f0: Could not follow disassembly flow into non-existing memory at c254b8f0 (DecompileCallback)  
WARN  Decompiling 02b46bb0, pcode error at 02b46f34: Unable to resolve constructor at 02b46f34 (DecompileCallback)  
WARN  Decompiling 02b5d540, pcode error at 02b5dc9d: Unable to resolve constructor at 02b5dc9d (DecompileCallback)  
WARN  Decompiling 02f23c10: Unable to read bytes at ram:0af23f00 (DecompileCallback)  
WARN  Decompiling 0339f6d0, pcode error at 0339fbec: Unable to resolve constructor at 0339fbec (DecompileCallback)  
WARN  Decompiling 034efd00, pcode error at 034eff64: Unable to resolve constructor at 034eff64 (DecompileCallback)  
WARN  Decompiling 03545820, pcode error at 03549455: Unable to resolve constructor at 03549455 (DecompileCallback)  
WARN  Decompiling 035f4610, pcode error at 035f51ee: Unable to resolve constructor at 035f51ee (DecompileCallback)  
WARN  Decompiling 037a1e00: Unable to read bytes at ram:75ff56ff (DecompileCallback)  
WARN  Decompiling 03b21210, pcode error at 03b213a8: Unable to resolve constructor at 03b213a8 (DecompileCallback)  
WARN  Decompiling 03b68d90, pcode error at 03b691c9: Failed to resolve varnode <Sreg>, index=6 (DecompileCallback)  
WARN  Decompiling 03b7c030, pcode error at 03b7c3c8: Unable to resolve constructor at 03b7c3c8 (DecompileCallback)  
WARN  Decompiling 03b7cc50, pcode error at 03b7cd24: Unable to resolve constructor at 03b7cd24 (DecompileCallback)  
WARN  Decompiling 03beed70, pcode error at 03bef6c1: Unable to resolve constructor at 03bef6c1 (DecompileCallback)  
WARN  Decompiling 0597f0d0, pcode error at 059ad080: Could not follow disassembly flow into non-existing memory at 059ad080 (DecompileCallback)  
WARN  Decompiling 0597f010, pcode error at 059ad080: Could not follow disassembly flow into non-existing memory at 059ad080 (DecompileCallback)  
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007f02efddf557, pid=83120, tid=83158
#
# JRE version: OpenJDK Runtime Environment (21.0.3+9) (build 21.0.3+9-Ubuntu-1ubuntu122.04.1)
# Java VM: OpenJDK 64-Bit Server VM (21.0.3+9-Ubuntu-1ubuntu122.04.1, mixed mode, tiered, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x7df557]  void OopOopIterateDispatch<G1MarkAndPushClosure>::Table::oop_oop_iterate<InstanceKlass, oopDesc*>(G1MarkAndPushClosure*, oopDesc*, Klass*)+0xf7
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /home/user/core.83120)
#
# An error report file with more information is saved as:
# /home/user/hs_err_pid83120.log
#
# If you would like to submit a bug report, please visit:
#   https://bugs.launchpad.net/ubuntu/+source/openjdk-21
#
[1]    83120 IOT instruction (core dumped)  ghidriff --force-diff --bsim-full --max-ram-percent 100 --no-symbols

My machine has 64GB RAM and 16GB swap, and a lot of storage, and a pretty fast CPU. I've looked this error up and nothing much has come up. Please advise. I've been running and waiting for hours and also tried the Docker container, nothing works.

Thanks!
@clearbluejar
Copy link
Owner

clearbluejar commented Jun 18, 2024
edited
Loading

Yeah that machine looks pretty good. From the log it seems that the error happens during the BSIM correlation. As BSIM is a new feature from Ghidra, perhaps it is running into an issue?

INFO | ghidriff | Starting BSIM correlator
INFO | ghidriff | Match Set 0 - 130832 matches [Correlator=Manual Match]
INFO | ghidriff | Match Set -1 - 0 matches [Correlator=Implied Match]

If you have this analysis already in Ghidra, you could test BSIM (to find out if BSIM is breaking) by doing the following.

  1. Start a VT session.
  2. Load old and new binary.
  3. Run 'Automatic Version Tracking'.
  4. Then run BSIM correlation.

If all that sounds unfamiliar, take a look at my VT tutorial https://cve-north-stars.github.io/docs/Ghidra-Patch-Diffing

BSIM, in this instance looking at the above log, is starting with 130,832 seed matches, used in the code here:

ghidriff/ghidriff/bsim.py

Lines 95 to 113 in 0ce2bbf

# BSIM will seed using accepted matches Ghidra/Features/VersionTrackingBSim/src/main/java/ghidra/feature/vt/api/BSimProgramCorrelatorMatching.java#L558-L595
for match in match_set.getMatches():
match.association.setAccepted()
session.endTransaction(int(transaction), True)
# instantiate bsim and find matches
transaction = session.startTransaction(bsim_factory.name)
# if not AddrSetView is defined, use the entire loaded mem
if p1_addr_set is None:
p1_addr_set = p1.memory.loadedAndInitializedAddressSet
if p2_addr_set is None:
p2_addr_set = p2.memory.loadedAndInitializedAddressSet
bsim_correlator: BSimProgramCorrelator = bsim_factory.createCorrelator(p1, p1_addr_set, p2, p2_addr_set, options)
bsim_correlator.correlate(session, monitor)
session.endTransaction(int(transaction), True)

Maybe it is having trouble? You could verify by running steps 1-4 in version tracking in Ghidra. To help is understand if this is a Ghidra issue or something in ghidriff.

Are you able to provide the binaries you are diffing, or even tell me how large they are?

@clearbluejar
Copy link
Owner

You could also try to run ghidriff with the --no-bsim flag to rule out BSIM as an issue.

This might mean there are issue later in the diffing pipeline, but something to try.

If you can provide the binaries, or other less sensitive binaries that present a similar issue, it would provide the best insight , and help ghidriff better handle larger bins in the future.

@ducphanduyagentp
Copy link
Author

I am trying to diff without bsim to see if that still happens. Nonetheless it would be nice to have bsim results with it :D because it sounds pretty promising.

The binaries are nothing confidential, I was diffing 2 latest Foxit Reader versions. The binaries are about 113 MB each. It's worth noting that I tried analyzing it with IDA Pro, Ghidra and Binary Ninja but all took a very long time so it's already big regarding the initial analysis time. Binary Ninja was the fastest because it took advantages of all cores on my machine

@ducphanduyagentp
Copy link
Author

Unfortunately without BSIM it still happens

INFO | ghidriff | Init Ghidra Diff Engine...
INFO | ghidriff | Engine Console Log: INFO
INFO | ghidriff | Engine File Log:  ghidriffs/ghidriff.log INFO
INFO | ghidriff | Starting Ghidra...
INFO  Using log config file: jar:file:/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Generic/lib/Generic.jar!/generic.log4j.xml (LoggingInitialization)  
INFO  Using log file: /home/user/ghidriffs/ghidriff.log (LoggingInitialization)  
INFO  Loading user preferences: /home/user/.config/ghidra/ghidra_11.1.1_PUBLIC/preferences (Preferences)  
INFO  Searching for classes... (ClassSearcher)  
INFO  Ignoring class 'ghidra.GhidraClassLoader' from '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. Already found at '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. (ClassSearcher)  
INFO  Ignoring class 'generic.jar.GClassLoader' from '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. Already found at '/home/user/Downloads/ghidra_11.1.1_PUBLIC/Ghidra/Framework/Utility/lib/Utility.jar'. (ClassSearcher)  
INFO  Class search complete (471 ms) (ClassSearcher)  
INFO  Initializing SSL Context (SSLContextInitializer)  
INFO  Initializing Random Number Generator... (SecureRandomFactory)  
INFO  Random Number Generator initialization complete: NativePRNGNonBlocking (SecureRandomFactory)  
INFO  Trust manager disabled, cacerts have not been set (ApplicationTrustManagerFactory)  
INFO | ghidriff | GHIDRA_INSTALL_DIR: /home/user/Downloads/ghidra_11.1.1_PUBLIC
INFO | ghidriff | GHIDRA 11.1.1  Build Date: 2024-Jun-14 1025 EDT Release: PUBLIC
INFO | ghidriff | Engine Args:
INFO | ghidriff | 	old:                ['old.exe.gzf']
INFO | ghidriff | 	new:                [['new.exe.gzf']]
INFO | ghidriff | 	engine:             VersionTrackingDiff
INFO | ghidriff | 	output_path:        ghidriffs
INFO | ghidriff | 	summary:            False
INFO | ghidriff | 	project_location:   ghidra_projects
INFO | ghidriff | 	project_name:       ghidriff
INFO | ghidriff | 	symbols_path:       symbols
INFO | ghidriff | 	threaded:           True
INFO | ghidriff | 	force_analysis:     False
INFO | ghidriff | 	force_diff:         True
INFO | ghidriff | 	no_symbols:         True
INFO | ghidriff | 	log_level:          INFO
INFO | ghidriff | 	file_log_level:     INFO
INFO | ghidriff | 	log_path:           ghidriff.log
INFO | ghidriff | 	va:                 False
INFO | ghidriff | 	min_func_len:       10
INFO | ghidriff | 	use_calling_counts: False
INFO | ghidriff | 	gdt:                []
INFO | ghidriff | 	bsim:               False
INFO | ghidriff | 	bsim_full:          False
INFO | ghidriff | 	max_ram_percent:    100
INFO | ghidriff | 	print_flags:        False
INFO | ghidriff | 	jvm_args:           None
INFO | ghidriff | 	side_by_side:       False
INFO | ghidriff | 	max_section_funcs:  200
INFO | ghidriff | 	md_title:           None
INFO | ghidriff | Setting Up Ghidra Project...
INFO  Creating project: /home/user/ghidriffs/ghidra_projects/ghidriff-old.exe.gzf-new.exe.gzf/ghidriff-old.exe.gzf-new.exe.gzf (DefaultProject)  
INFO | ghidriff | Created project: ghidriff-old.exe.gzf-new.exe.gzf
INFO | ghidriff | Project Location: /home/user/ghidriffs/ghidra_projects/ghidriff-old.exe.gzf-new.exe.gzf/
INFO | ghidriff | Importing old.exe.gzf as old.exe.gzf-b7fb88
INFO  Using Loader: GZF Input Format (AutoImporter)  
INFO  Using Language/Compiler: null (AutoImporter)  
INFO | ghidriff | Loaded old.exe - .ProgramDB
INFO | ghidriff | Importing new.exe.gzf as new.exe.gzf-a74d23
INFO  Using Loader: GZF Input Format (AutoImporter)  
INFO  Using Language/Compiler: null (AutoImporter)  
INFO | ghidriff | Loaded new.exe - .ProgramDB
INFO | ghidriff | Project Files:
INFO | ghidriff | ghidriff-old.exe.gzf-new.exe.gzf:/old.exe.gzf-b7fb88
INFO | ghidriff | ghidriff-old.exe.gzf-new.exe.gzf:/new.exe.gzf-a74d23
INFO | ghidriff | Program: old.exe.gzf-b7fb88 imported: True has_pdb: False pdb_loaded: False analyzed True
INFO | ghidriff | Program: new.exe.gzf-a74d23 imported: True has_pdb: False pdb_loaded: False analyzed True
INFO | ghidriff | Starting analysis for 2 binaries
INFO | ghidriff | Analyzing: new.exe - .ProgramDB
Using file gdts: [windows_vs12_32]
INFO | ghidriff | Analyzing: old.exe - .ProgramDB
INFO | ghidriff | Analysis already complete.. skipping new.exe - .ProgramDB!
Using file gdts: [windows_vs12_32]
INFO | ghidriff | Analysis already complete.. skipping old.exe - .ProgramDB!
INFO | ghidriff | Analysis for ghidriff-old.exe.gzf-new.exe.gzf:/new.exe.gzf-a74d23 complete
INFO | ghidriff | Analysis for ghidriff-old.exe.gzf-new.exe.gzf:/old.exe.gzf-b7fb88 complete
INFO | ghidriff | Diffing bins: old.exe.gzf - new.exe.gzf
INFO | ghidriff | Setup 48 decompliers
INFO | ghidriff | Loaded old program: old.exe
INFO | ghidriff | Loaded new program: new.exe
INFO | ghidriff | p1 sym count: reported: 2338147 analyzed: 52645
INFO | ghidriff | p2 sym count: reported: 2300389 analyzed: 52641
INFO | ghidriff | Found unmatched: 1126 matched: 52080 symbols
INFO  Hashing symbols in old.exe (ConsoleTaskMonitor)  
INFO  Hashing symbols in new.exe (ConsoleTaskMonitor)  
INFO  Eliminate non-unique matches (ConsoleTaskMonitor)  
INFO  Finding symbol matches (ConsoleTaskMonitor)  
INFO | ghidriff | Exec time: 0.8740 secs
INFO | ghidriff | Match count 126080
INFO | ghidriff | Counter({('SymbolsHash',): 10196})
INFO | ghidriff | Running correlator: ExactBytesFunctionHasher
INFO | ghidriff | name: ExactBytesFunctionHasher one_to_one: True one_to_many: False
INFO  Hashing functions in old.exe (ConsoleTaskMonitor)  
INFO  Hashing functions in new.exe (ConsoleTaskMonitor)  
INFO  Finding function matches (ConsoleTaskMonitor)  
INFO | ghidriff | Match count: 38299
INFO | ghidriff | ExactBytesFunctionHasher Exec time: 46.4411 secs
INFO | ghidriff | Running correlator: ExactInstructionsFunctionHasher
INFO | ghidriff | name: ExactInstructionsFunctionHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 82287
INFO | ghidriff | ExactInstructionsFunctionHasher Exec time: 42.7090 secs
INFO | ghidriff | Running correlator: StructuralGraphExactHash
INFO | ghidriff | name: StructuralGraphExactHash one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 873
INFO | ghidriff | StructuralGraphExactHash Exec time: 173.6129 secs
INFO | ghidriff | Running correlator: ExactMnemonicsFunctionHasher
INFO | ghidriff | name: ExactMnemonicsFunctionHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 50
INFO | ghidriff | ExactMnemonicsFunctionHasher Exec time: 39.9167 secs
INFO | ghidriff | Running correlator: BSIM
INFO | ghidriff | name: BSIM one_to_one: True one_to_many: False
INFO | ghidriff | Skipping BSIM correlator. BSIM disabled with arg --no-bsim
INFO | ghidriff | BSIM Exec time: 0.0001 secs
INFO | ghidriff | Running correlator: BulkInstructionHash
INFO | ghidriff | name: BulkInstructionHash one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 3
INFO | ghidriff | BulkInstructionHash Exec time: 88.4950 secs
INFO | ghidriff | Running correlator: SigCallingCalledHasher
INFO | ghidriff | name: SigCallingCalledHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 1607
INFO | ghidriff | SigCallingCalledHasher Exec time: 72.1080 secs
INFO | ghidriff | Running correlator: StringsRefsHasher
INFO | ghidriff | name: StringsRefsHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 3790
INFO | ghidriff | StringsRefsHasher Exec time: 94.8933 secs
INFO | ghidriff | Running correlator: StrUniqueFuncRefsHasher
INFO | ghidriff | name: StrUniqueFuncRefsHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 680
INFO | ghidriff | StrUniqueFuncRefsHasher Exec time: 13.6850 secs
INFO | ghidriff | Running correlator: SwitchSigHasher
INFO | ghidriff | name: SwitchSigHasher one_to_one: True one_to_many: False
INFO | ghidriff | Match count: 121
INFO | ghidriff | SwitchSigHasher Exec time: 56.7480 secs
INFO | ghidriff | Running correlator: StructuralGraphHash
INFO | ghidriff | name: StructuralGraphHash one_to_one: True one_to_many: True
#
# A fatal error has been detected by the Java Runtime Environment:
#
#  SIGSEGV (0xb) at pc=0x00007ac0f1c21b3d, pid=502616, tid=502616
#
# JRE version: OpenJDK Runtime Environment (21.0.3+9) (build 21.0.3+9-Ubuntu-1ubuntu122.04.1)
# Java VM: OpenJDK 64-Bit Server VM (21.0.3+9-Ubuntu-1ubuntu122.04.1, mixed mode, tiered, compressed class ptrs, g1 gc, linux-amd64)
# Problematic frame:
# V  [libjvm.so+0x821b3d]  void G1ConcurrentRefineOopClosure::do_oop_work<oopDesc*>(oopDesc**)+0x4d
#
# Core dump will be written. Default location: Core dumps may be processed with "/usr/share/apport/apport -p%p -s%s -c%c -d%d -P%P -u%u -g%g -- %E" (or dumping to /home/user/core.502616)
#
# An error report file with more information is saved as:
# /home/user/hs_err_pid502616.log
[948.357s][warning][os] Loading hsdis library failed
#
# If you would like to submit a bug report, please visit:
#   https://bugs.launchpad.net/ubuntu/+source/openjdk-21
#
[1]    502616 IOT instruction (core dumped)  ghidriff --force-diff --max-ram-percent 100 --no-symbols --no-bsim

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@clearbluejar @ducphanduyagentp