BitBlaze public release now available

123 views
Skip to first unread message

Stephen McCamant

unread,
Nov 23, 2009, 4:50:55 PM11/23/09
to BitBlaze User Discussion group
The BitBlaze Team is happy to announce the first public release of our
BitBlaze Analysis Platform. This release includes some of the core
components we have developed for dynamic and static analysis of binary
code, dynamic symbolic execution, and whole-system emulation. Though
this release does not include many of the particular applications we
have built using the platform, it includes all the source code you'd
need to build applications of your own; we have plans to release more
software in the future.

The release consists of separate source-code distributions for
versions 1.0 of Vine, our static analysis component based on a
machine-code intermediate language, and TEMU, our dynamic analysis
component based on a whole-system emulator. The code, along with user
manuals and papers describing the systems, is available on our web
site at:

http://bitblaze.cs.berkeley.edu/release/index.html

Though we are not providing formal support for BitBlaze at this time,
we would like to hear if you are making use of it, if you run into any
bugs or problems, or if you have suggestions for feature additions.
See the website for information on how to subscribe to our discussion
and announcement mailing lists, if you haven't already.

simon

unread,
Nov 23, 2009, 9:48:14 PM11/23/09
to BitBlaze User Discussion group
Nice,it is worth waiting for.

simon

unread,
Dec 7, 2009, 8:44:13 PM12/7/09
to BitBlaze User Discussion group
I run a guestos which is Ubuntu Linux 9.04 within vmware workstation
ACE on
Windows XP sp3, and installed qemu and TEMU in guestos ( I didn't
setup the vm network ).
Following the tips like the TEMU installation and user manual saying :
% cd ~/bitblaze/temu
% ./tracecap/temu -snapshot -monitor stdio ~/images/ubuntu904.qcow2
the output is "qemu:could not open disk image /home/lgd/images/
ubuntu904.qcow2"
I didn't find qcow2 file in TEMU diretory , how can I get
ubuntu904.qcow2 ? Should i
install another Ubuntu Linux 9.04 in the guestos of Ubuntu Linux
9.04?

Heng Yin

unread,
Dec 7, 2009, 9:50:51 PM12/7/09
to BitBlaze User Discussion group
TEMU is essentially a virtual machine environment. It is not
recommended to run TEMU inside another virtual machine, such as
vmware. We've seen kqemu cannot accelerate due to the conflict with
VMWare,

So please run TEMU on a REAL linux system. Also, because it is a
virtual machine, you need to create your own disk image. In the
instructions, we assume that you have already created a qcow2 image
with ubuntu installed. You need to check qemu homepage to see how to
create a disk image for qemu/temu.

Heng

simon

unread,
Dec 7, 2009, 9:57:22 PM12/7/09
to BitBlaze User Discussion group
Thanks,I am building a real Linux environment.

simon

unread,
Dec 10, 2009, 2:15:13 AM12/10/09
to BitBlaze User Discussion group
I have installed TEMU,and created a ubuntu904.qcow2 as the TEMU user
manual says, but when use temu to open the ubuntu904.qcow2,I cann't
login into the system,
qemu says:
"Failed to start the X server(your graphical interface).It is likely
that it is not setup correctly.would you like to view the X server
output to diagnose the problem? <Yes> <No>"
and I cann't do any operation in the same time.did anyone encounter
the same problem? and how to solve this problem?

simon

unread,
Dec 10, 2009, 8:45:39 AM12/10/09
to BitBlaze User Discussion group
I tested the Windows-based VMs ,guestos is Windows xp SP2, and TEMU
works well,

simon

unread,
Dec 10, 2009, 8:45:49 AM12/10/09
to BitBlaze User Discussion group
I tested the Windows-based VMs ,guestos is Windows xp SP2, and TEMU
works well,

On 12月10日, 下午3時15分, simon <full...@gmail.com> wrote:

Stephen McCamant

unread,
Dec 11, 2009, 3:33:26 PM12/11/09
to bitblaz...@googlegroups.com
>>>>> "S" == simon <ful...@gmail.com> writes:

S> I have installed TEMU,and created a ubuntu904.qcow2 as the TEMU
S> user manual says, but when use temu to open the ubuntu904.qcow2,I
S> cann't login into the system,
S> qemu says:
S> "Failed to start the X server(your graphical interface).It is
S> likely that it is not setup correctly.would you like to view the X
S> server output to diagnose the problem? <Yes> <No>"
S> and I cann't do any operation in the same time.did anyone encounter
S> the same problem? and how to solve this problem?

That's a somewhat unusual sounding problem. It sounds like something
went wrong in the creation of your Ubuntu virtual machine image, but I
can't tell what. Could you explain in a bit more detail how you
created your "ubuntu904.qcow", so that we can compare notes with the
way we made ours (which seem to work)?

The way I generally make Linux virtual machine images for use with
TEMU is by doing the distribution's standard installation process
inside a vanilla version of QEMU. (It should also work to do
installations under TEMU itself, but you want to be sure you're using
a version that works with KQEMU, or else the process will be painfully
slow.)

For instance, you can make an Ubuntu 9.04 image by:

(1) downloading the installation CD ISO "ubuntu-9.04-desktop-i386.iso"
from Ubuntu's web site.

(2) creating an empty 5GB hard disk image file with:
% qemu-img create ubuntu904.qcow 5G

(3) booting the virtual machine with the virtual CD and HD:
% qemu -net nic -net user,hostname=jaunty32 -no-reboot -m 512 \
-monitor stdio -hda ubuntu904.qcow \
-cdrom ubuntu-9.04-desktop-i386.iso

(4) following all the installation prompts as you would on a real
machine.

Ubuntu's desktop installer is graphical, so if there was a problem
with supporting the VM's graphics it would probably fail right at the
beginning.

The error message you copied I think indicates that the X server
failed to start. As the prompt says, you could look at the detailed
server output to perhaps get a more detailed error message, but I
doubt that the problem is TEMU-specific, since we haven't modified any
of the virtual video device features of QEMU. Does it fail that way
only under TEMU, or does it fail in the same way under QEMU? You might
also want to check that your virtual machine has plenty of RAM (the
"-m 512m" in my command above).

Also, though it of course depends on what you're using TEMU for, you
might consider not running a graphical environment in your virtual
machines. It's not really needed if you're just testing network
servers, for instance, and the VM will be a bit more responsive if it
doesn't have to emulate the whole desktop environment too. I think the
server edition of Ubuntu 9.04 might use a different kernel, so the
easiest way to do this might just be to disable the graphics packages
in your desktop install.

Speaking of disabling X, why is it that you can't use your VM just
from the terminal after X fails to start?

Hope this helps,

-- Stephen

avimatrix

unread,
Dec 14, 2009, 3:21:55 AM12/14/09
to bitblaz...@googlegroups.com
I created  the vm image this way:
% sudo qemu-img create ubuntu904.qcow2 4G
% sudo qemu -localtime -cdrom ubuntu-9.04-desktop-i386.iso -m 512 -boot d ubundu904.qcow2
The ubuntu904.qcow2 works well under qemu, but failed under TEMU just like the problem I referred above.
Then I created a windowsxpsp2.qcow2 image,it works well under TEMU and qemu .There is also a little problem:when I run foo.exe,I cann't use guest_ps to get the foo's Pid or Proname, so I got the Pid of foo in windows taskmgr, then I could do the tasking of tracing .
Fortunately, I could trace the binary completely.
 
Thanks,I will try it again following your advising.

2009/12/12 Stephen McCamant <sm...@cs.berkeley.edu>



--
haha ^_^

Stephen McCamant

unread,
Dec 14, 2009, 7:20:24 PM12/14/09
to bitblaz...@googlegroups.com
>>>>> "AM" == avimatrix <ful...@gmail.com> writes:

AM> I created the vm image this way:
AM> % sudo qemu-img create ubuntu904.qcow2 4G
AM> % sudo qemu -localtime -cdrom ubuntu-9.04-desktop-i386.iso -m 512 -boot d
AM> ubundu904.qcow2
AM> The ubuntu904.qcow2 works well under qemu, but failed under TEMU
AM> just like the problem I referred above.

You're referring to the "Failed to start the X server" message? Have
you been able to view the X server output to see if it has a more
informative error message?

What version of QEMU are you able to use your image successfully with?
You might have the best luck if you create an image using a version
close to the one TEMU is based on (0.9.1), though images created with
0.10 and 0.11 versions have worked fine for me.

AM> Then I created a windowsxpsp2.qcow2 image,it works well under TEMU
AM> and qemu .There is also a little problem:when I run foo.exe,I
AM> cann't use guest_ps to get the foo's Pid or Proname, so I got the
AM> Pid of foo in windows taskmgr, then I could do the tasking of
AM> tracing . Fortunately, I could trace the binary completely.

Hmm, that seems a bit unusual. Generally "guest_ps" and TEMU's tracing
use the same information about what processes exist, so it's strange
that "trace" would work on a process that "guest_ps" can't find. Did
the output of guest_ps look otherwise correct, except that the process
you were looking for didn't appear in it, or did it not work at all?
Was the "guest.log" file successfully created in the directory where
you ran TEMU? Was there anything unusual about the way you created the
"foo.exe" file (was it 16-bit? Cygwin-based? command-line or GUI?)

avimatrix

unread,
Dec 15, 2009, 12:17:42 AM12/15/09
to bitblaz...@googlegroups.com
> You're referring to the "Failed to start the X server" message? Have
> you been able to view the X server output to see if it has a more
> informative error message?
> What version of QEMU are you able to use your image successfully with?
> You might have the best luck if you create an image using a version
> close to the one TEMU is based on (0.9.1), though images created with
> 0.10 and 0.11 versions have worked fine for me.
 
There is no more error message except referred above, because when the error message happened,I cann't do any operation.
QEMU PC emulator version 0.10.0, Copyright (c) 2003-2008 Fabrice Bellard
 
> Hmm, that seems a bit unusual. Generally "guest_ps" and TEMU's tracing
> use the same information about what processes exist, so it's strange
> that "trace" would work on a process that "guest_ps" can't find. Did
> the output of guest_ps look otherwise correct, except that the process
> you were looking for didn't appear in it, or did it not work at all?
> Was the "guest.log" file successfully created in the directory where
> you ran TEMU? Was there anything unusual about the way you created the
> "foo.exe" file (was it 16-bit? Cygwin-based? command-line or GUI?)
 
I test the total tasks again.This time the output of guest_ps looks like this below:
(qemu) guest_ps
0    cr3=0x00000000    <kernel>
220    cr3=0x0afb9000    cmd.exe
372    cr3=0x06713000    smss.exe
424    cr3=0x0ca6b000    ""
428    cr3=0x074ea000    csrss.exe
476    cr3=0x0772f000    winlogon.exe
528    cr3=0x079f8000    services.exe
544    cr3=0x07a42000    lsass.exe
700    cr3=0x07d32000    svchost.exe
800    cr3=0x0831d000    svchost.exe
840    cr3=0x08363000    svchost.exe
980    cr3=0x08a3d000    svchost.exe
1024    cr3=0x08d45000    svchost.exe
1112    cr3=0x0904b000    spoolsv.exe
1504    cr3=0x09406000    explorer.exe
1588    cr3=0x09b8d000    rundll32.exe
1732    cr3=0x09f93000    ctfmon.exe
1884    cr3=0x0a621000    wuauclt.exe
2008    cr3=0x0abd5000    alg.exe
2016    cr3=0x0ac3b000    wscntfy.exe
(qemu)
the Pid 424 is the running process foo.exe,and Procname of foo.exe is empty .(just a little problem.)
I am sure that the testdrv.sys is loaded when system starts and the file guest.log is correct,just look this:
M 0 00039000 "tcpip.sys" f7daa000 00058000
M 0 00039000 "netbt.sys" f7d82000 00028000
M 0 00039000 "afd.sys" f7d60000 00022000
M 0 00039000 "netbios.sys" f8690000 00009000
M 0 00039000 "testdrv.SYS" f8a72000 00002000
M 0 00039000 "ipnat.sys" f7d3f000 00021000

The foo.exe is a 32-bit console application generated under MS visual studio 6.0 sp6.



 
2009/12/15 Stephen McCamant <sm...@cs.berkeley.edu>



--
haha ^_^
Reply all
Reply to author
Forward
0 new messages