Disassembly window showing x86 code when debugging ARM program

[drsn00ker]

Let me start by asking for your patience, I'm a total NOOB at this.
Running latest version with IAITO in Kali (tried Debian as well) On a Intel core2 duo. Trying to study an ARM:32:EL:v8 program.
Debug shows the incorrect x86 code in Disassembly window (but mostly ARM registers (see picture). Importantly debug does complete the execution successfully! Just wish I could see what it's doing in the code.

I will also add that the emulator even shows the X86 registers and tries to (and fails) to run the code as x86, even though it is ARM. Lastly, I hope you will add the option of command line parameters for the emulator!

P.S. I've gotten to the point that I can actually run the program using qemu-arm in one terminal and gdb-multiarch in another to step through the code. But really need to get a better view of the stack (no symbol table, nor headers), so was hoping IAITO was the answer.

Thanks for all the great work!

[trufae]

i dont think qemu-arm supports ptrace at all and the process that runs transparently arm binaries in linux is using jit compilation to execute onlny intel code. so i guess that what you are seeing i an attempt to do something that is not possible. if you want to debug an arm binary on x86 i would recommend you to run a whole operating system in arm in qemu or so (you can check GNOME Boxes for example i think it have ready to use images for this), or just use an rpi to run the code natively and then from iaito/r2 you can use the gdb remote to attach and debug it.

But if you run the whole operating system in arm, i would suggest you to just run iaito or r2 natively on arm, so you dont need gdb remote at all.

[drsn00ker]

Great minds think alike! I spend the whole weekend (chewing glass) in order to get a graphical qemu-system-arm going. (and then at least 12 hours for the iaito compile). So good so far, right? Nope the maximum screen resolution of qemu is 800x600 so I cannot hit the okay button!
Delete:(I'm so close, but again stuck. Any ideas? )
update: hitting the x to close the splash finally allows me the beauty of iaito! Changing the font size of 9 helps a lot too.
All that said, it still does not explain why the emulator is using x86 on an arm program and why debug executes ARM fine, just the display is messed up.
2nd point is that I also want to look at a MIPSEL program, but haven't found a graphical install for MIPS in QEMU at all. The answer cannot be, well just buy native hardware for each program you want to look at LOL Perhaps TCP is the answer. Will look at that next.

[trufae]

haha wow :) good screenshot, you can also export the X DISPLAY to your host system via tcp and get the app rendering as a window in your native linux machine instead of the slow qemu framebuffer too :)

you can also use r2 from the shell and it will be easier to setup :D but if you want iaito thats how you rule :) never tried iaito on arm64/linux, so let me know how the adventure goes

[drsn00ker]

I'm getting a corrupted shared object error, trying to run the program in raspbian (under qemu-system-arm). So back to Kali.
I can start the program using qemu-arm -g 1234 program parameters, then in a 2nd terminal with iaito, instead of just debug, I can connect to remote debugger GDB at 127.0.0.1 : 1234

In this case the disassembly is correct YAY but the registers and stack (which is what I really need) is empty.
Again, I can step through the code and it gives the correct output, but without registers nor stack, it's impossible to figure out what's going on.

Somebody must have tried this and been successful examining non-native code on an x86 computer?