Jump to content
Tuts 4 You
Sign in to follow this  
sstrato

When closing X - DBG with the window dump

Recommended Posts

sstrato

When closing X - DBG with the window dump for example in text mode., the rerun and select Hex dump window is not displayed correctly.2016-06-05_235500.png

Edited by sstrato (see edit history)

Share this post


Link to post
Share on other sites
mrexodia

@sstrato I cannot reproduce your issue, could you make a screen recording showing how you got this to happen?

Share this post


Link to post
Share on other sites
sstrato

continuous error in the last snapshot.
There is no solution?:P

The error occurs from changes snapshot 517.

step over step into is very slow. Especially within the DLL

Edited by sstrato (see edit history)

Share this post


Link to post
Share on other sites
mrexodia

@sstrato There are a lot of issues and it's really hard to keep track of everything, especially with many contributions. For now I disabled column saving on the CPUDump it should fix your issues.

I'm aware of the step performance issue, but it's really hard to pinpoint the performance bottlenecks. I fixed various but the drawing stays bottlenecked and that needs reworking.

Share this post


Link to post
Share on other sites
sstrato
11 hours ago, Mr. eXoDia said:

@sstrato There are a lot of issues and it's really hard to keep track of everything, especially with many contributions. For now I disabled column saving on the CPUDump it should fix your issues.

I'm aware of the step performance issue, but it's really hard to pinpoint the performance bottlenecks. I fixed various but the drawing stays bottlenecked and that needs reworking.

The problem continues.

Share this post


Link to post
Share on other sites
sstrato

When you run any program on XP hangs.error.png

Share this post


Link to post
Share on other sites
mrexodia

Appears to work fine here:

vfDxBea.png

Your issue with the dump window should also be fixed now.

Edited by Mr. eXoDia (see edit history)

Share this post


Link to post
Share on other sites
sstrato

X32 Windows XP to load any program crashes.

Share this post


Link to post
Share on other sites
kao

@sstrato: at least show *where* it crashes.. ;) "Haga clic aqui" and copy-paste the exception information. 

Share this post


Link to post
Share on other sites
kao

Did you even read my previous post? Here, I made a pretty picture for you:

Spoiler

yGdhIK9.png

1) Click on the "haga clic aqui", and copy-paste the entire information about the crash from the window that will open. It will look like this:

3KVIJlL.png

If you click "click here" one more time, it will look like this:

dVBLvJU.png

If you don't do that, nobody can guess what's happening on your computer, as apparently it works fine for Mr. eXoDia.

 

2) Also, your status bar says that ScyllaHide can't load properly on your machine. Try disabling ScyllaHide and see if that fixes the problems.

Share this post


Link to post
Share on other sites
sstrato

Clean boot without plugins.
files generated error.

error.rar

Windows 7 seems to work well.

Edited by sstrato (see edit history)

Share this post


Link to post
Share on other sites
kao

It looks like bug in calling devicenameresolver (its source is not distributed with x32dbg, but a separate project at https://bitbucket.org/mrexodia/devicenameresolver/):

__declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDevicePath, size_t nSize)
{
    NativeWinApi::initialize();
    ULONG ReturnLength;
    bool bRet=false;
    if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, 0, 0, &ReturnLength)==STATUS_INFO_LENGTH_MISMATCH)
    {
        ReturnLength+=0x2000; //on Windows XP SP3 ReturnLength will not be set just add some buffer space to fix this
        POBJECT_NAME_INFORMATION NameInformation=(POBJECT_NAME_INFORMATION)GlobalAlloc(0, ReturnLength);
        if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, NameInformation, ReturnLength, 0)==STATUS_SUCCESS)
        {
            NameInformation->Name.Buffer[NameInformation->Name.Length/2]=L'\0'; //null-terminate the UNICODE_STRING
            if(wcslen(NameInformation->Name.Buffer)<nSize)  <--- compare length in chars vs. length in bytes?
            {
                wcscpy_s(szDevicePath, nSize/sizeof(wchar_t), NameInformation->Name.Buffer);   <---- calls wcscpy_s with wrong size and overflows buffer?
                bRet=true;
            }
        }
        GlobalFree(NameInformation);
    }

It only happens when you have some weird devices in your system, as I can't reproduce it in my VMWare.. :) 

In either case, it's something Mr.eXodia should look at and fix.

 

EDIT: I quickly made a binary patch for devicenameresolver.dll - could you please try it and see if that helps? I'm not 100% sure it's a correct patch, but worth a try.

DeviceNameResolver.zip

Edited by kao (see edit history)

Share this post


Link to post
Share on other sites
sstrato
1 hour ago, kao said:

It looks like bug in calling devicenameresolver (its source is not distributed with x32dbg, but a separate project at https://bitbucket.org/mrexodia/devicenameresolver/):


__declspec(dllexport) bool DevicePathFromFileHandleW(HANDLE hFile, wchar_t* szDevicePath, size_t nSize)
{
    NativeWinApi::initialize();
    ULONG ReturnLength;
    bool bRet=false;
    if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, 0, 0, &ReturnLength)==STATUS_INFO_LENGTH_MISMATCH)
    {
        ReturnLength+=0x2000; //on Windows XP SP3 ReturnLength will not be set just add some buffer space to fix this
        POBJECT_NAME_INFORMATION NameInformation=(POBJECT_NAME_INFORMATION)GlobalAlloc(0, ReturnLength);
        if(NativeWinApi::NtQueryObject(hFile, ObjectNameInformation, NameInformation, ReturnLength, 0)==STATUS_SUCCESS)
        {
            NameInformation->Name.Buffer[NameInformation->Name.Length/2]=L'\0'; //null-terminate the UNICODE_STRING
            if(wcslen(NameInformation->Name.Buffer)<nSize)  <--- compare length in chars vs. length in bytes?
            {
                wcscpy_s(szDevicePath, nSize/sizeof(wchar_t), NameInformation->Name.Buffer);   <---- calls wcscpy_s with wrong size and overflows buffer?
                bRet=true;
            }
        }
        GlobalFree(NameInformation);
    }

It only happens when you have some weird devices in your system, as I can't reproduce it in my VMWare.. :) 

In either case, it's something Mr.eXodia should look at and fix.

 

EDIT: I quickly made a binary patch for devicenameresolver.dll - could you please try it and see if that helps? I'm not 100% sure it's a correct patch, but worth a try.

DeviceNameResolver.zip

It works perfectly, thanks.

 

 

Share this post


Link to post
Share on other sites
mrexodia

@kao Did you patch the buffer size or something? I'm notoriously bad with UNICODE_STRING (causes of most BSODs in TitanHide) so maybe something goes wrong there too..

Share this post


Link to post
Share on other sites
kao

I changed it to:

if(wcslen(NameInformation->Name.Buffer)<nSize)
{
   wcscpy_s(szDevicePath, nSize, NameInformation->Name.Buffer);
   bRet=true;
}

I'm still not sure if that's entirely correct - you should take a look at all those calls and buffer sizes, probably under debugger.

As for me, I prefer to name variables like nSizeInChars or nSizeInBytes. That way I know what exactly I'm expected to pass to that API. ;) 

Share this post


Link to post
Share on other sites
mrexodia

Yeah that's quite the mess. The entire code is completely screwed up. I will do a 'rewrite' and post an updated version here.

EDIT: damn, I forgot how fast VS2010 was...

EDIT2: should be fixed now, available on http://releases.x64dbg.com when http://jenkins.x64dbg.com/job/vs13/587/console is finished.

Edited by Mr. eXoDia (see edit history)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...