x64dbg/x64dbg
x64dbg
/
x64dbg
1
0
Fork 0
Code Releases 2 Activity

DBG: correctly handle executables with entry points inside the MZ header 

closes #1994
This commit is contained in:
Duncan Ogilvie 2019-01-10 23:44:07 +01:00
parent f1fbfd98b3
commit cc15cdec9f
No known key found for this signature in database
GPG Key ID: FC89E0AAA0C1AAD8
1 changed files with 12 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/dbg/debugger.cpp
View File

@ -42,6 +42,7 @@ static PROCESS_INFORMATION g_pi = {0, 0, 0, 0};
static char szBaseFileName[MAX_PATH] = "";
static TraceState traceState;
static bool bFileIsDll = false;
static bool bEntryIsInMzHeader = false;
static duint pDebuggedBase = 0;
static duint pCreateProcessBase = 0;
static duint pDebuggedEntry = 0;
@ -1382,7 +1383,7 @@ static void cbCreateProcess(CREATE_PROCESS_DEBUG_INFO* CreateProcessInfo)
dprintf(QT_TRANSLATE_NOOP("DBG", "%d invalid TLS callback addresses...\n"), invalidCount);
}
if(settingboolget("Events", "EntryBreakpoint"))
if(settingboolget("Events", "EntryBreakpoint") && !bEntryIsInMzHeader)
{
sprintf_s(command, "bp %p,\"%s\",ss", pDebuggedBase + pDebuggedEntry, GuiTranslateText(QT_TRANSLATE_NOOP("DBG", "entry breakpoint")));
cmddirectexec(command);
@ -1597,7 +1598,13 @@ static void cbSystemBreakpoint(void* ExceptionData) // TODO: System breakpoint e
plugincbcall(CB_SYSTEMBREAKPOINT, &callbackInfo);
lock(WAITID_RUN); // Allow the user to run a script file now
if(bIsAttached ? settingboolget("Events", "AttachBreakpoint") : settingboolget("Events", "SystemBreakpoint"))
bool systemBreakpoint = settingboolget("Events", "SystemBreakpoint");
if(!systemBreakpoint && bEntryIsInMzHeader)
{
dputs(QT_TRANSLATE_NOOP("DBG", "It has been detected that the debuggee entry point is in the MZ header of the executable. This will cause strange behavior, so the system breakpoint has been enabled regardless of your setting. Be careful!"));
systemBreakpoint = true;
}
if(bIsAttached ? settingboolget("Events", "AttachBreakpoint") : systemBreakpoint)
{
//lock
GuiSetDebugStateAsync(paused);
@ -2548,10 +2555,12 @@ static void debugLoopFunction(void* lpParameter, bool attach)
{
init = (INIT_STRUCT*)lpParameter;
gInitExe = StringUtils::Utf8ToUtf16(init->exe);
pDebuggedEntry = GetPE32DataW(gInitExe.c_str(), 0, UE_OEP);
strcpy_s(szFileName, init->exe);
}
pDebuggedEntry = GetPE32DataW(gInitExe.c_str(), 0, UE_OEP);
bEntryIsInMzHeader = pDebuggedEntry == 0 || pDebuggedEntry == 1;
bFileIsDll = IsFileDLLW(StringUtils::Utf8ToUtf16(szFileName).c_str(), 0);
DbSetPath(nullptr, szFileName);