Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Exception while decompiling e000:0000: AddressOutOfBoundsException

See original GitHub issue

When trying to disassemble a function I get that error message in the Decompile window:

Exception while decompiling e000:0000: ghidra.program.model.address.AddressOutOfBoundsException: Offset must be between 0x0 and 0x10ffef, got 0x250236 instead!

The code is 80(1)86 code, so 16 real mode, I don’t clearly understand what cause that error, and especially how to look to know what cause that error. There is no JMP in the function code that would or should cause such an issue, and the error does not say anything on where this happen, and I can’t find any logs that shows more information.

All I can get for now is the full Java stack frame for that exception:

2019-03-21	13:55:07	ERROR	(DecompileProcess) Unexpected Exception: Offset must be between 0x0 and 0x10ffef, got 0x250236 instead! ghidra.program.model.address.AddressOutOfBoundsException: Offset must be between 0x0 and 0x10ffef, got 0x250236 instead!
			at ghidra.program.model.address.AbstractAddressSpace.makeValidOffset(AbstractAddressSpace.java:717)
			at ghidra.program.model.address.GenericAddressSpace.makeValidOffset(GenericAddressSpace.java:21)
			at ghidra.program.model.address.GenericAddress.<init>(GenericAddress.java:55)
			at ghidra.program.model.address.SegmentedAddress.<init>(SegmentedAddress.java:72)
			at ghidra.program.model.address.SegmentedAddressSpace.getAddress(SegmentedAddressSpace.java:289)
			at ghidra.program.model.address.SegmentedAddressSpace.getAddress(SegmentedAddressSpace.java:25)
			at ghidra.program.model.pcode.Varnode.readXMLAddress(Varnode.java:662)
			at ghidra.app.decompiler.DecompileCallback.getMappedSymbolsXML(DecompileCallback.java:605)
			at ghidra.app.decompiler.DecompileProcess.getMappedSymbolsXML(DecompileProcess.java:700)
			at ghidra.app.decompiler.DecompileProcess.readResponse(DecompileProcess.java:315)
			at ghidra.app.decompiler.DecompileProcess.sendCommand1ParamTimeout(DecompileProcess.java:530)
			at ghidra.app.decompiler.DecompInterface.decompileFunction(DecompInterface.java:701)
			at ghidra.app.decompiler.component.Decompiler.decompile(Decompiler.java:57)
			at ghidra.app.decompiler.component.DecompilerManager.decompile(DecompilerManager.java:167)
			at ghidra.app.decompiler.component.DecompileRunnable.monitoredRun(DecompileRunnable.java:108)
			at ghidra.util.task.RunManager$RunnerJob.doExecute(RunManager.java:334)
			at ghidra.util.task.RunManager$RunnerJob.run(RunManager.java:309)
			at ghidra.util.worker.AbstractWorker$JobCallback.process(AbstractWorker.java:133)
			at ghidra.util.worker.AbstractWorker$JobCallback.process(AbstractWorker.java:123)
			at generic.concurrent.ConcurrentQ$CallbackCallable.call(ConcurrentQ.java:655)
			at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
			at generic.concurrent.FutureTaskMonitor.run(FutureTaskMonitor.java:70)
			at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
			at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
			at java.base/java.lang.Thread.run(Thread.java:834)

Where should I look for to try to identify what cause that issue?

Thanks

Issue Analytics

  • State:closed
  • Created 5 years ago
  • Comments:11 (2 by maintainers)

github_iconTop GitHub Comments

1reaction
spheenikcommented, May 3, 2021

I have also stumbled upon this error, and started to dig into it. I can reproduce it with the git version from yesterday, and want to contribute some findings.

I also disassemble a 16bit DOS real mode program. My decompiler input looks like this

https://pastebin.com/2ucbLkm0

The decompiler output is too big for pastebin, but the problem seems to be that some address varnodes are incorrectly generated. I find the following in the decompile output:

<addr space="const" offset="0x3f2b0002" size="4" ref="0x1bf6"/>
<addr space="const" offset="0x3f2b683c" size="4" ref="0x1bfb"/>
<addr space="const" offset="0x3f2b688e" size="4" ref="0x1c00"/>
<addr space="const" offset="0x3f2b689d" size="4" ref="0x1c06"/>
<addr space="const" offset="0x3f2b689f" size="4" ref="0x1c0b"/>
<addr space="const" offset="0x3f2b68af" size="4" ref="0x1c10"/>
<addr space="const" offset="0x3f2b68af" size="4" ref="0x1c15"/>
<addr space="const" offset="0x3f2b68d0" size="4" ref="0x1c1a"/>
<addr space="const" offset="0x3f2b6cf4" size="4" ref="0x1c1f"/>
<addr space="const" offset="0x3f2b6cf4" size="4" ref="0x1c24"/>
<addr space="const" offset="0x3f2b6cf6" size="4" ref="0x1c29"/>
<addr space="const" offset="0x3f2b6df4" size="4" ref="0x1c2e"/>

The data segment in this case is 0x3f2b, so for the segmented memory model, the first address for example should be 0x3f2b2 (0x3f2b << 4 + 0x0002)

If I patch the code to fix this after the fact here:

https://github.com/NationalSecurityAgency/ghidra/blob/master/Ghidra/Framework/SoftwareModeling/src/main/java/ghidra/program/model/address/AbstractAddressSpace.java#L625-L626

where instead of throwing, I do the following:

		long fixed = ((offset & 0xFFFF0000L) >>> 12) + (offset & 0x0000FFFFL);
		return fixed;

the decompilation succeeds.

FWIW:

The failing PcodeOpAST seem to always be of the following format:

(unique, 0x10000616, 4) PTRSUB (const, 0x0, 4) , (const, 0x3f2b2c0e, 4)

where the second parameter contains a GenericAddress (and I would think it should be a SegmentedAddress?)

0reactions
ryanmkurtzcommented, Aug 5, 2021

Fixed by 0e81327c46adbbe12c4d78c470624fc077922124

Read more comments on GitHub >

github_iconTop Results From Across the Web

Ghidra Python - cancel decompilation task
Any ideas on how is it possible to cancel a decompilation task, using any kind of timeout, in Ghidra Python? I know that...
Read more >
JAD decompiling issues - java - Stack Overflow
I tried JAD but it resulted in usual break, goto and return statements which resulted in compilation error in the generated source code...
Read more >
Decompiling Node.js in Ghidra - PT SWARM
Yes, we really did manage to decompile NodeJS in Ghidra, ... visibility fields, exception processors, and context variables.
Read more >
Part 2: Compiling and Decompiling (Ghidra + IDA) - YouTube
An introduction to C compilers and decompilers, how compile order and optimization works, and tricks you can use to speed up reverse ......
Read more >
Decompile while debugging - unable to decompile the module
dll -p -o collapse-ilspycmd -d -r . System.AggregateException: One or more errors occurred. (Could not find file '\\.\PRN'.) ---> System.IO ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

x86: uint32_t keeps changing to 2 bytes in function signature

Next page

Decompiler: Vararg parameters not always handled