The detect command is unable to analyze stripped binaries or complex executables due to a combination of missing symbols and non-standard decompilation output.
The static analysis should be robust enough to fall back to the entry point and clean the code of any non-standard artifacts before passing it to the C parser.
poetry run attack_surface_approximation detect --elf examples/uname_32
$ poetry run attack_surface_approximation detect --elf examples/uname_32
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/attack_surface_approximation/cli.py", line 198, in main
cli(prog_name="attack_surface_approximation")
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/click/core.py", line 1514, in __call__
return self.main(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/click/core.py", line 1435, in main
rv = self.invoke(ctx)
^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/click/core.py", line 1902, in invoke
return _process_result(sub_ctx.command.invoke(sub_ctx))
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/click/core.py", line 1298, in invoke
return ctx.invoke(self.callback, **ctx.params)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/click/core.py", line 853, in invoke
return callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/click/decorators.py", line 34, in new_func
return f(get_current_context(), *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/attack_surface_approximation/cli.py", line 192, in analyze
ctx.invoke(detect, elf=elf)
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/click/core.py", line 853, in invoke
return callback(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/attack_surface_approximation/cli.py", line 81, in detect
streams = detector.detect_all()
^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/attack_surface_approximation/static_input_streams_detection/detector.py", line 148, in detect_all
return list(self.__detect_all())
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/attack_surface_approximation/static_input_streams_detection/detector.py", line 135, in __detect_all
if self.uses_arguments():
^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/attack_surface_approximation/static_input_streams_detection/detector.py", line 124, in uses_arguments
ast = parser.parse(self.__main_decompilation)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/pycparser/c_parser.py", line 147, in parse
return self.cparser.parse(
^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/pycparser/ply/yacc.py", line 331, in parse
return self.parseopt_notrack(input, lexer, debug, tracking, tokenfunc)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/pycparser/ply/yacc.py", line 1199, in parseopt_notrack
tok = call_errorfunc(self.errorfunc, errtoken, self)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/pycparser/ply/yacc.py", line 193, in call_errorfunc
r = errorfunc(token)
^^^^^^^^^^^^^^^^
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/pycparser/c_parser.py", line 1968, in p_error
self._parse_error(
File "/home/krpandrei/andreiOpenCRS/attack_surface_approximation/.venv/lib/python3.12/site-packages/pycparser/plyparser.py", line 67, in _parse_error
raise ParseError("%s: %s" % (coord, msg))
pycparser.plyparser.ParseError: :1:19: before: entr
The detect command is unable to analyze stripped binaries or complex executables due to a combination of missing symbols and non-standard decompilation output.
Currently, the tool encounters two main obstacles:
Missing Symbols: The Ghidra script crashes when the main function is not found, resulting in a Python traceback.pycparserthen attempts to parse this traceback as C code, leading to aParseError(e.g., "before: recent").Decompilation Artifacts: The decompiled code often contains Ghidra-specific keywords and formatting (such as processEntry, PTR_FUN_, or &stack0x...) that are not valid C89 syntax, causing further parsing failures.The static analysis should be robust enough to fall back to the entry point and clean the code of any non-standard artifacts before passing it to the C parser.
Steps to reproduce:
poetry run attack_surface_approximation detect --elf examples/uname_32The result is: