Linux version?

[pedrib]

Hi,

Great work, I love the plugin. I was wondering if you were thinking about support the Linux version of IDA? Since you have remote debugging, I assume this is possible?

[a1ext]

Since IDA for Linux isn't widely spread, it currently is not supported...
Anyway, could you show me the main purposes to add the Linux support?

[pedrib]

As you know, when you buy IDA you need to specify a platform. If you mostly work on Linux, you should get the Linux version, although at times you need to work on Windows binaries.

Consider the case of having IDA on Linux, and debugging a process in a VM using x64dbg. Labeless would be very helpful in coordinating between the two.

[a1ext]

Hmm... It looks reasonable and possible. Stay tuned, I'll try to add "IDA for Linux" support and I'll let you know about the results soon :)

[pedrib]

great 👍 you've got your beta (and alpha) tester here.

[a1ext]

@pedrib What IDA PRO version do you have? 6.9.5?

[pedrib]

@a1ext yes

[a1ext]

@pedrib Could you check, is there lib/x86_libnux_gcc_32/ida.a file in the SDK?
I cannot link the plugin... There are some missing imports...

[a1ext]

@pedrib Don't mind. Could you check this plugin?
labeless_ida_690.plx need to place into plugins directory
libprotobuf.so.9 need to place into IDA PRO home directory (near by idaq)

[pedrib]

@a1ext seems to work pretty well for x32dbg at least! Great job!
The only problem is that the GUI is a bit weird on the IDA side, see screenshot. It looks like it's not scaling properly to the font size.

[pedrib]

Auto sync also works well for function names, but I need to rename a function for the comments to sync (not sure if this is normal behaviour).

[a1ext]

It looks like it's not scaling properly to the font size.

Sure, It'll be fixed in next release, the same issue like #16

Auto sync also works well for function names, but I need to rename a function for the comments to sync (not sure if this is normal behaviour).

Don't understand, could you explain?

[a1ext]

@pedrib Hey, do you have x86_linux_gcc_64 folder in your SDK? I don't have it... So I cannot build plugin for IDA64 :(

[a1ext]

@pedrib Could you check (this build) is the GUI OK or not?

[pedrib]

@a1ext gui is perfect now, thanks!

And yes, I do have the x86_linux_gcc_64 folder on my SDK. Do you want me to send you the SDK, or you want me to build it?

[a1ext]

@pedrib just send that folder, it will be enough. That's strange... maybe the content of idasdk* depends on license type... I have one for Win, and there is no such folder...

[pedrib]

@a1ext strange. Anyway can you please give me your email and I'll send it to you (don't want to post it here for the public to download).

[a1ext]

a13x4nd3r.t@gmail.com

[a1ext]

Here are binaries for Linux, in case if anybody want to test them. Thanks @pedrib for help :)

[pedrib]

@a1ext I'm having a problem with the plugins loaded - it seems that when I try to exit IDA, it hangs just after closing a database. The window just stays there, and I have to kill the process. I'm not sure why this happens, but only happens with your plugins loaded... Maybe something to do with a loose network connection or listening socket?

And you're welcome with the help, thank you very much for your amazing work!

[a1ext]

Could you attach the debugger (like gdb) and take a look where it is hanging by the stack of all threads.
The gdb's command to show backtrace of all the theads is here:
thread apply all bt

Also, please, check is there alive thread, which by the stack gets from labeless plugin.

[pedrib]

Here is the full backtrace:

0xe4304bd9 in __kernel_vsyscall ()
(gdb) thread apply all bt

Thread 4 (Thread 0xd8127b40 (LWP 29266)):
#0  0xe4304bd9 in __kernel_vsyscall ()
#1  0xe2b1c4ec in recvfrom () from /lib/i386-linux-gnu/libpthread.so.0
#2  0x0d19c8a0 in ?? ()
#3  0x0d19ca7f in ?? ()
#4  0xe2b132da in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#5  0xe28508be in clone () from /lib/i386-linux-gnu/libc.so.6

Thread 3 (Thread 0xe04b9b40 (LWP 29253)):
#0  0xe4304bd9 in __kernel_vsyscall ()
#1  0xe28469bf in poll () from /lib/i386-linux-gnu/libc.so.6
#2  0xe2629170 in g_poll () from /lib/i386-linux-gnu/libglib-2.0.so.0
#3  0xe261970c in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#4  0xe2619844 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#5  0xe2e625e0 in QT::QEventDispatcherGlib::processEvents(QT::QFlagsQT::QEventLoop::ProcessEventsFlag) ()
   from /home/pppp/ida/6.95/libQt5Core.so.5
#6  0xe2dea2b7 in QT::QEventLoop::processEvents(QT::QFlagsQT::QEventLoop::ProcessEventsFlag) () from /home/pppp/ida/6.95/libQt5Core.so.5
#7  0xe2dea586 in QT::QEventLoop::exec(QT::QFlagsQT::QEventLoop::ProcessEventsFlag) () from /home/pppp/ida/6.95/libQt5Core.so.5
#8  0xe2c1909f in QT::QThread::exec() () from /home/pppp/ida/6.95/libQt5Core.so.5
#9  0xe1e9a7d7 in ?? () from /home/pppp/ida/6.95/plugins/platforms/../../libQt5DBus.so.5
#10 0xe2c208df in ?? () from /home/pppp/ida/6.95/libQt5Core.so.5
#11 0xe2b132da in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#12 0xe28508be in clone () from /lib/i386-linux-gnu/libc.so.6

Thread 2 (Thread 0xe1e1bb40 (LWP 29252)):
#0  0xe4304bd9 in __kernel_vsyscall ()
#1  0xe28469bf in poll () from /lib/i386-linux-gnu/libc.so.6
#2  0xe23c41dd in ?? () from /usr/lib/i386-linux-gnu/libxcb.so.1
#3  0xe23c6553 in xcb_wait_for_event () from /usr/lib/i386-linux-gnu/libxcb.so.1
#4  0xe20a73df in ?? () from /home/pppp/ida/6.95/plugins/platforms/../../libQt5XcbQpa.so.5
#5  0xe2c208df in ?? () from /home/pppp/ida/6.95/libQt5Core.so.5
#6  0xe2b132da in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#7  0xe28508be in clone () from /lib/i386-linux-gnu/libc.so.6

Thread 1 (Thread 0xe23ae400 (LWP 29251)):
#0  0xe4304bd9 in __kernel_vsyscall ()
#1  0xe2b18c2b in pthread_cond_wait@@GLIBC_2.3.2 () from /lib/i386-linux-gnu/libpthread.so.0
#2  0xe2c21f5f in ?? () from /home/pppp/ida/6.95/libQt5Core.so.5
#3  0xe2c21d44 in QT::QWaitCondition::wait(QT::QMutex_, unsigned long) () from /home/pppp/ida/6.95/libQt5Core.so.5
#4  0xe2c2143c in QT::QThread::wait(unsigned long) () from /home/pppp/ida/6.95/libQt5Core.so.5
#5  0xdf707cb0 in Labeless::terminate (this=0xdf84c4c0 Labeless::instance()::ll) at ../labeless_ida/labeless_ida.cpp:705
#6  0xdf713a73 in Labeless::idp_callback (notification_code=14, va=0xfabac954 "`\237", <incomplete sequence \344>) at ../labeless_ida/labeless_ida.cpp:2225
#7  0xe40bb441 in invoke_callbacks () from /home/pppp/ida/6.95/libida.so
#8  0xdc2cd32e in ?? () from /home/pppp/ida/6.95/procs/pc.ilx
#9  0xe4199f52 in ?? () from /home/pppp/ida/6.95/libida.so
#10 0xe407599f in ?? () from /home/pppp/ida/6.95/libida.so
#11 0x0cf9d58a in ?? ()
---Type <return> to continue, or q <return> to quit---
#12 0x0cfa6374 in ?? ()
#13 0xe39550d6 in QT::QWidget::event(QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#14 0xe3ac852a in QT::QMainWindow::event(QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#15 0x0cfa5888 in ?? ()
#16 0xe390a210 in QT::QApplicationPrivate::notify_helper(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#17 0xe390a055 in QT::QApplication::notify(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#18 0x0cf9c484 in ?? ()
#19 0xe2ded943 in QT::QCoreApplication::notifyInternal2(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Core.so.5
#20 0xe390cfd7 in QT::QCoreApplication::sendSpontaneousEvent(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#21 0xe3953a3f in QT::QWidgetPrivate::close_helper(QT::QWidgetPrivate::CloseMode) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#22 0xe397f86a in ?? () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#23 0xe397d9ea in ?? () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#24 0xe390a210 in QT::QApplicationPrivate::notify_helper(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#25 0xe390771d in QT::QApplication::notify(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#26 0x0cf9c484 in ?? ()
#27 0xe2ded943 in QT::QCoreApplication::notifyInternal2(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Core.so.5
#28 0xe32cebab in QT::QCoreApplication::sendSpontaneousEvent(QT::QObject_, QT::QEvent_) () from /home/pppp/ida/6.95/libQt5Gui.so.5
#29 0xe32c8f70 in QT::QGuiApplicationPrivate::processCloseEvent(QT::QWindowSystemInterfacePrivate::CloseEvent_) ()
   from /home/pppp/ida/6.95/libQt5Gui.so.5
#30 0xe32c712f in QT::QGuiApplicationPrivate::processWindowSystemEvent(QT::QWindowSystemInterfacePrivate::WindowSystemEvent*) ()
   from /home/pppp/ida/6.95/libQt5Gui.so.5
#31 0xe32ac11d in QT::QWindowSystemInterface::sendWindowSystemEvents(QT::QFlagsQT::QEventLoop::ProcessEventsFlag) ()
   from /home/pppp/ida/6.95/libQt5Gui.so.5
#32 0xe2128683 in ?? () from /home/pppp/ida/6.95/plugins/platforms/../../libQt5XcbQpa.so.5
#33 0xe26194d9 in g_main_context_dispatch () from /lib/i386-linux-gnu/libglib-2.0.so.0
#34 0xe2619779 in ?? () from /lib/i386-linux-gnu/libglib-2.0.so.0
#35 0xe2619844 in g_main_context_iteration () from /lib/i386-linux-gnu/libglib-2.0.so.0
#36 0xe2e625e0 in QT::QEventDispatcherGlib::processEvents(QT::QFlagsQT::QEventLoop::ProcessEventsFlag) ()
   from /home/pppp/ida/6.95/libQt5Core.so.5
#37 0xe212888d in ?? () from /home/pppp/ida/6.95/plugins/platforms/../../libQt5XcbQpa.so.5
#38 0xe2dea2b7 in QT::QEventLoop::processEvents(QT::QFlagsQT::QEventLoop::ProcessEventsFlag) () from /home/pppp/ida/6.95/libQt5Core.so.5
#39 0xe2dea586 in QT::QEventLoop::exec(QT::QFlagsQT::QEventLoop::ProcessEventsFlag) () from /home/pppp/ida/6.95/libQt5Core.so.5
#40 0xe2dee0af in QT::QCoreApplication::exec() () from /home/pppp/ida/6.95/libQt5Core.so.5
#41 0xe32c6a1e in QT::QGuiApplication::exec() () from /home/pppp/ida/6.95/libQt5Gui.so.5
#42 0xe3906e81 in QT::QApplication::exec() () from /home/pppp/ida/6.95/libQt5Widgets.so.5
#43 0x0cf9ff44 in ?? ()
#44 0x0cf828e8 in ?? ()
#45 0xe2781276 in __libc_start_main () from /lib/i386-linux-gnu/libc.so.6
#46 0x0cf87bcd in ?? ()

Looks like thread 1 is blocking in Labeless::terminate?

[a1ext]

Hmm... It looks like labeless waits for worker thread and the worker thread is "Thread 4"

Thread 4 (Thread 0xd8127b40 (LWP 29266)):
#0 0xe4304bd9 in __kernel_vsyscall ()
#1 0xe2b1c4ec in recvfrom () from /lib/i386-linux-gnu/libpthread.so.0
#2 0x0d19c8a0 in ?? ()
#3 0x0d19ca7f in ?? ()
#4 0xe2b132da in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#5 0xe28508be in clone () from /lib/i386-linux-gnu/libc.so.6

And that is so weird... There is recvfrom() called (UDP), but labeless uses TCP for the communication with debug backend.

Could you check are these addresses belong to labeless plugin:

0x0d19c8a0
0x0d19ca7f

[a1ext]

@pedrib How to reproduce?

[pedrib]

Looks like the culprit is IDA...
Thread 4 (Thread 0xd8e09b40 (LWP 1229)):

#0  0xe4f48bd9 in __kernel_vsyscall ()
#1  0xe37604ec in recvfrom () from /lib/i386-linux-gnu/libpthread.so.0
**#2  0x0c63f8a0 in ?? ()
#3  0x0c63fa7f in ?? ()**
#4  0xe37572da in start_thread () from /lib/i386-linux-gnu/libpthread.so.0
#5  0xe34948be in clone () from /lib/i386-linux-gnu/libc.so.6

Symbols from "/home/test//ida/6.95/idaq".
Native process:
Using the running image of attached Thread 0xe2ff2400 (LWP 1220).
While running this, GDB does not access memory from...
Local exec file:

    `/home/test/ida/6.95/idaq', file type elf32-i386.
    Entry point: 0xc42ab9c
    0x0c3d0154 - 0x0c3d0167 is .interp
    0x0c3d0168 - 0x0c3d0188 is .note.ABI-tag
    0x0c3d0188 - 0x0c3d01ac is .note.gnu.build-id
    0x0c3d01ac - 0x0c3d0488 is .gnu.hash
    0x0c3d0488 - 0x0c3dbfc8 is .dynsym
    0x0c3dbfc8 - 0x0c3f4023 is .dynstr
    0x0c3f4024 - 0x0c3f578c is .gnu.version
    0x0c3f578c - 0x0c3f594c is .gnu.version_r
    0x0c3f594c - 0x0c41512c is .rel.dyn
    0x0c41512c - 0x0c41a824 is .rel.plt
    0x0c41a824 - 0x0c41a852 is .init
    0x0c41a860 - 0x0c425660 is .plt
    **0x0c425660 - 0x0c6d4648 is .text**

To be honest I have no idea how to reproduce it. Sometimes it works fine, and it seems to only work in some binaries. I have a feeling this has something to do with IDA debugging too, if that makes sense? It seems to happen more on a specific binary where I have used the IDA debugger before (but not currently).

It's a weird bug.

[a1ext]

Anyway, I think that thread with recvfrom() is not a culprit. There is no Labeless' RPC thread running and by unknown reason QThread::wait() doesn't exit... Could you check these binaries?

[pedrib]

Ah, now it still hangs, but exits cleanly after 20 seconds.

[a1ext]

It's not a solution... need to dig deeper...

[a1ext]

@pedrib Please, check this build

[pedrib]

@a1ext great job, seems to solve it!

[a1ext]

@pedrib good, next time, please, create a separate issue :)

[pedrib]

will do! I guess we can close this one?

[a1ext]

Thanks :3