x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity

DBG: Fix a few out-of-bounds bugs

This commit is contained in:
Nukem 2015-12-18 15:30:13 -05:00
parent 8e34d10712
commit 8e7690d00a
3 changed files with 32 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/dbg/LinearPass.cpp
View File

@ -154,7 +154,7 @@ void LinearPass::AnalysisWorker(duint Start, duint End, BBlockArray* Blocks)
for(duint i = Start; i < End;)
{
if(!disasm.Disassemble(i, TranslateAddress(i)))
if(!disasm.Disassemble(i, TranslateAddress(i), End - i))
{
// Skip instructions that can't be determined
i++;

3
src/dbg/memory.cpp
View File

@ -497,6 +497,9 @@ bool MemPageRightsToString(DWORD Protect, char* Rights)
case PAGE_EXECUTE_WRITECOPY:
strcpy_s(Rights, RIGHTS_STRING_SIZE, "ERWC");
break;
default:
memset(Rights, 0, RIGHTS_STRING_SIZE);
break;
}
strcat_s(Rights, RIGHTS_STRING_SIZE, ((Protect & PAGE_GUARD) == PAGE_GUARD) ? "G" : "-");

42
src/dbg/symbolinfo.cpp
View File

@ -320,10 +320,9 @@ bool SymGetSourceLine(duint Cip, char* FileName, int* Line)
void SymClearMemoryCache()
{
SYMBOLINFOMAP::iterator it = modulesCacheList.begin();
for (; it != modulesCacheList.end(); it++)
for (auto& itr : modulesCacheList)
{
SYMBOLINFOVECTOR* pModuleVector = &((*it).second);
SYMBOLINFOVECTOR* pModuleVector = &itr.second;
// Free up previously allocated memory
for (duint i = 0; i < pModuleVector->size(); i++)
@ -376,7 +375,7 @@ bool SymGetSymbolInfo(PSYMBOL_INFO SymInfo, SYMBOLINFO* curSymbol, bool isImport
void SymEnumImports(duint Base, SYMBOLCBDATA* pSymbolCbData)
{
char buf[MAX_IMPORT_SIZE];
char modImportString[MAX_IMPORT_SIZE];
char buffer[sizeof(SYMBOL_INFO) + MAX_SYM_NAME]; // Reserve enough space for symbol name, see msdn for this
SYMBOLINFO curSymbol;
PSYMBOL_INFO pSymInfo;
@ -408,37 +407,52 @@ void SymEnumImports(duint Base, SYMBOLCBDATA* pSymbolCbData)
{
for (duint i = 0; i < imports.size(); i++)
{
// Can we get symbol for the import address
// Can we get symbol for the import address?
if (SafeSymFromAddr(fdProcessInfo->hProcess, (duint)imports[i].addr, 0, pSymInfo))
{
// Does the symbol point to the module base?
if (!SymGetSymbolInfo(pSymInfo, &curSymbol, true))
continue;
}
// Otherwise just use import info from module itself
else
{
// Otherwise just use import info from module itself
curSymbol.addr = imports[i].addr;
curSymbol.isImported = true;
curSymbol.undecoratedSymbol = nullptr;
curSymbol.decoratedSymbol = imports[i].name;
}
// Format so that we get : moduleName.importSymbol
duint lenWithoutExt = strlen(imports[i].moduleName) - 3; // Remove extension
strncpy_s(buf, lenWithoutExt, imports[i].moduleName, _TRUNCATE);
strcat_s(buf , ".");
// Format so that we get: moduleName.importSymbol
strcpy_s(modImportString, imports[i].moduleName);
// Trim the extension if present
char *modExt = strrchr(modImportString, '.');
if (modExt)
*modExt = '\0';
// Buffers to hold the decorated and undecorated strings. Must be declared
// outside of the if() scope.
char undecBuf[MAX_IMPORT_SIZE];
char decBuf[MAX_IMPORT_SIZE];
if (curSymbol.undecoratedSymbol)
{
strcat(buf, curSymbol.undecoratedSymbol);
curSymbol.undecoratedSymbol = buf;
// module.undecorated
strcpy_s(undecBuf, modImportString);
strncpy_s(undecBuf, curSymbol.undecoratedSymbol, _TRUNCATE);
curSymbol.undecoratedSymbol = undecBuf;
}
if (curSymbol.decoratedSymbol)
{
strcat(buf, curSymbol.decoratedSymbol);
curSymbol.decoratedSymbol = buf;
// module.decorated
strcpy_s(decBuf, modImportString);
strncpy_s(decBuf, curSymbol.decoratedSymbol, _TRUNCATE);
curSymbol.decoratedSymbol = decBuf;
}
// Callback