Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
ud2 x86 instruction is breaking disassembly process
See original GitHub issueDescribe the bug
When opening a binary on Ghidra which contains the ud2 instruction (undefined instruction), the disassembly doesn’t go further than this instruction. Ghidra just show an incomplete disassembly and the C code from the decompiler is incomplete too. However, the optcodes are good.
To Reproduce Steps to reproduce the behavior:
- Open a binary containing this instruction (I found the bug with the binary from this reverse challenge on HackTheBox (I solved it), the binary is attached below. (I also tested with a custom binary I created, and I encountered the same issue.)
- Open the function
main - See in the disassembly panel, on address
0x001012e6, that Ghidra didn’t disassemble further than theud2instruction. - You can compare with the “real” assembly by using
objdump -d -M intel <binary>orgdbwithdisassemble main(both worked for me).
Expected behavior Ghidra disassemble the binary correctly, displaying all the instructions, and the decompiler is able to read the instructions and give a complete output.
Screenshots
Capture of failed disassembly by Ghidra
Capture of disassembly using objdump, showing the complete disassembly. You can see that the optcodes are good.
Attachments The HackTheBox binary with which I first encountered the issue : binary-ud2-issue.zip
Environment (please complete the following information):
- OS: Linux Archlinux, kernel version 5.16.16-arch1-1 x86_64
- Java Version: 11.0.15
- Ghidra Version: 10.1.2
- Ghidra Origin: Archlinux AUR
Issue Analytics
- State:
- Created a year ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Looking at the screenshot it appears you’re looking at an x86 binary, but you added the instruction to the end of the ARM64 sleigh code. You need to modify the x86 sleigh file instead. In ia.sinc, search for “:ud2” and you can probably just remove the “goto inst_start;” piece and follow the rest of the directions to get it to continue disassembling.
Thank you so much!!! I modified the file
Ghidra/Processors/x86/data/languages/ia.sincfrom:UD2 is vexMode=0 & byte=0xf; byte=0xb { invalidInstructionException(); goto inst_start; }to:UD2 is vexMode=0 & byte=0xf; byte=0xb { invalidInstructionException();}reload ghidra and it worked!!! Thanks a lot!