search

DGA-MI-SSI / YaCo

YaCo is an Hex-Rays IDA plugin. When enabled, multiple users can work simultaneously on the same binary. Any modification done by any user is synchronized through git version control.
GNU General Public License v3.0
313 stars 36 forks source link

Crash when attaching to binary #14

Open metal-crow opened 7 years ago

metal-crow commented 7 years ago

After setting up a YaCo in the same folder, attempting to attach to a running binary (via debugger->attach to process) causes IDA 6.8 to crash. Verified this is a Yaco specific bug, not an IDA one, since using the non-local database can attach successfully, and renaming the _local database to anything else causes YaCo to alert that "the database doesn't match a YaCo project. YaCo is disabled" after which the database can successfully attach to the process.

I can upload the IDA dmp file if you believe that may be of use, but unfortunately there appear to be no other logs IDA uses to keep information about the crash. Is there some means of debugging YaCo I can use?

Windows 10, IDA 6.8.150423 32 bit with Hexrays, YaCo v1.5-6 (using distributed binaries)

goulou commented 7 years ago

Yaco tracks every modification made to the base either by the user or by IDA itself. Unfortunately, attaching to a debugger means that IDA will rebase the whole binary and add several segments, which is a huge modification to propagate to other users... I would not expect YaCo to crash in this scenario, but I would not expect it to work either... We can eventually fix the crash, but I don't see how YaCo can support debugging in any way. As a workaround, I would advise to copy the_local file and use it for debugging.

metal-crow commented 7 years ago

ah, that's unfortunate, but understandable. So for editing while in debug mode, the workaround would be: rename the _local database, debug and comment, detach, rename back to _local, commit changes?

goulou commented 7 years ago

That won't work either, because YaCo won't be notified of the changes. The easy way is to document the YaCo base while debugging with another ida instance. The correct way would be to improve YaCo so that it is automatically disabled during debugging, but still receives the notifications and remaps the addresses in the "normal address space" by taking into account the rebase that occurred when attaching to the debugger. But that is a lot of work!

metal-crow commented 7 years ago

Oh, alright. That would be a very desirable addition, since I like to use IDA as a dynamic analysis tool. But i understand that is a large amount of work. Thank you.

bamiaux commented 5 years ago

It will be slow, like very slow, but it should not crash anymore