CRASH (4.2.0 with bbcount on win7 ie10 + Flash32_14_0_0_125.ocx)

[derekbruening]

From loves...@gmail.com on July 23, 2014 03:35:13

For the Summary, please follow the guidelines at https://code.google.com/p/dynamorio/wiki/BugReporting and use one of the CRASH What version of DynamoRIO are you using? 4.2.0 build3 Does the latest build from http://build.chromium.org/p/client.dynamorio/builds/ solve the problem? not test What operating system version are you running on? windows7 What application are you running? IE10 Is your application 32-bit or 64-bit? 32-bit How are you running the application under DynamoRIO? C:\DynamoRIO\bin32>drrun.exe -32 -ops "-stack_size 800 -msgbox_mask 15" -client C:\DynamoRIO\samples\bin32\bbcount.dll 0 "" "C:\Program Files\Internet Explorer\iexplore.exe" What happens when you run without any client? not crash

What happens when you run with debug build ("-debug" flag to drrun/drconfig/drinject)? not test What steps will reproduce the problem? 1.open iexplore.exe 2.load url: http://www.hao123.com/ 3.crash What is the expected output? What do you see instead? Is this an application crash, a DynamoRIO crash, a DynamoRIO assert, or a hang (see https://code.google.com/p/dynamorio/wiki/BugReporting and set the title appropriately)? see the attach image Please provide any additional information below. (167c.1438): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=00000000 ecx=00000000 edx=1c238c98 esi=22e4c350 edi=1d94ebc0 eip=6dc9d025 esp=1f348f00 ebp=00000000 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206 6dc9d025 8b7b18 mov edi,dword ptr [ebx+18h] ds:0023:00000018=????????

0:032> lm start end module name 00f90000 0104c000 iexplore (deferred)
02920000 0294a000 SafeExplorer (deferred)
517e0000 52929000 Flash32_14_0_0_125 (export symbols) C:\Windows\system32\Macromed\Flash\Flash32_14_0_0_125.ocx 52930000 536e9000 MSHTML (deferred)
62640000 627db000 chsbrkr (deferred)
632b0000 6330c000 StructuredQuery (deferred)
63310000 6339c000 uiautomationcore (deferred)
63440000 634b9000 mscms (deferred)
65d40000 65dde000 ieapfltr (deferred)
65de0000 660a1000 jscript9 (pdb symbols) c:\symbols\jscript9.pdb\8B192961304A4F6BB2DDFB61DD81A46E2\jscript9.pdb 660b0000 663f7000 d2d1 (deferred)
67730000 6775e000 mlang (deferred)
68370000 683b2000 ieproxy (deferred)
6b6b0000 6b6ec000 oleacc (deferred)
6c690000 6c702000 DSOUND (deferred)
6cc80000 6d99e000 IEFRAME (deferred)
6ddc0000 6def5000 DWrite (deferred)
6dfe0000 6e010000 DINPUT8 (deferred)
6e0e0000 6e143000 IEUI (deferred)
6e150000 6e18f000 IEShims (deferred)
6ed70000 6ed9b000 msls31 (deferred)
6edd0000 6ee07000 windowscodecsext (deferred)
6f940000 6fa98000 msxml6 (deferred)
6fe70000 6ff5b000 dbghelp (deferred)
6ffb0000 6ffb4000 api_ms_win_downlevel_advapi32_l2_1_0 (deferred)
70080000 7011b000 D3D10Level9 (deferred)
70120000 70150000 vm3dum (deferred)
70320000 7048f000 explorerframe (deferred)
70490000 70605000 d3d11 (deferred)
70610000 7065c000 dxgi (deferred)
70a60000 70a6b000 msimtf (deferred)
70e90000 70e94000 api_ms_win_downlevel_shell32_l1_1_0 (deferred)
70ea0000 70ea4000 api_ms_win_downlevel_shlwapi_l2_1_0 (deferred)
718f0000 71a6c000 tquery (deferred)
71cf0000 71cf5000 MSIMG32 (deferred)
71d00000 71d0c000 mssprxy (deferred)
71e10000 71e18000 npmproxy (deferred)
72630000 7268a000 netprofm (deferred)
72bd0000 72bd6000 rasadhlp (deferred)
72ee0000 72f12000 WINMM (deferred)
73660000 73698000 fwpuclnt (deferred)
736a0000 736b2000 dhcpcsvc (deferred)
736f0000 736fd000 dhcpcsvc6 (deferred)
73790000 73797000 WINNSI (deferred)
737a0000 737bc000 IPHLPAPI (deferred)
73b00000 73b10000 nlaapi (deferred)
73c40000 73c61000 ntmarta (deferred)
73f80000 740b0000 windowscodecs (deferred)
741b0000 741d5000 POWRPROF (deferred)
741e0000 7420f000 xmllite (deferred)
74210000 74223000 dwmapi (deferred)
742c0000 74372000 DUI70 (deferred)
74510000 74550000 uxtheme (deferred)
74550000 7457f000 DUser (deferred)
74580000 74675000 PROPSYS (deferred)
746c0000 7485e000 comctl32 (deferred)
74cb0000 74cb5000 wshtcpip (deferred)
74d60000 74d69000 version (deferred)
75090000 750cb000 rsaenh (deferred)
75170000 751b4000 DNSAPI (deferred)
752a0000 752a6000 wship6 (deferred)
752b0000 752ec000 mswsock (deferred)
752f0000 75306000 CRYPTSP (deferred)
75600000 75608000 Secur32 (deferred)
75720000 7573b000 SSPICLI (deferred)
75770000 757bc000 apphelp (deferred)
757f0000 7584f000 SXS (deferred)
75850000 7585c000 CRYPTBASE (deferred)
75860000 7586e000 RpcRtRemote (deferred)
758d0000 758dc000 MSASN1 (deferred)
758e0000 758eb000 profapi (deferred)
75980000 75983000 api_ms_win_downlevel_normaliz_l1_1_0 (deferred)
75990000 759db000 KERNELBASE (pdb symbols) c:\symbols\kernelbase.pdb\50BDA388D7F24A4E9A97B21308C687662\kernelbase.pdb 759e0000 759e4000 api_ms_win_downlevel_version_l1_1_0 (deferred)
759f0000 75a17000 CFGMGR32 (deferred)
75a20000 75a25000 api_ms_win_downlevel_advapi32_l1_1_0 (deferred)
75a30000 75b4d000 CRYPT32 (deferred)
75b50000 75b67000 USERENV (deferred)
75b70000 75b82000 DEVOBJ (deferred)
75b90000 75b94000 api_ms_win_downlevel_user32_l1_1_0 (deferred)
75ba0000 75ba4000 api_ms_win_downlevel_ole32_l1_1_0 (deferred)
75bb0000 75bdd000 WINTRUST (deferred)
75be0000 75be4000 api_ms_win_downlevel_shlwapi_l1_1_0 (deferred)
75bf0000 75bf6000 NSI (deferred)
75c00000 75cc9000 user32 (deferred)
75cd0000 75e87000 WININET (deferred)
75e90000 75f0b000 comdlg32 (deferred)
75f10000 7606c000 ole32 (deferred)
76070000 76269000 iertutil (deferred)
76270000 7640d000 SETUPAPI (deferred)
76410000 76445000 WS2_32 (deferred)
76450000 764df000 OLEAUT32 (deferred)
764e0000 76601000 urlmon (deferred)
76610000 76667000 shlwapi (deferred)
76670000 766f3000 CLBCatQ (deferred)
76700000 76745000 WLDAP32 (deferred)
76750000 7681c000 MSCTF (deferred)
76820000 768c1000 RPCRT4 (deferred)
768d0000 7697c000 msvcrt (pdb symbols) c:\symbols\msvcrt.pdb\6EC79267530C45188F2A816AD59DBBF92\msvcrt.pdb 76980000 775ca000 shell32 (deferred)
775d0000 77670000 advapi32 (deferred)
776d0000 7776d000 USP10 (deferred)
77770000 77844000 kernel32 (deferred)
77850000 7798c000 ntdll (pdb symbols) c:\symbols\ntdll.pdb\120028FA453F4CD5A6A404EC37396A582\ntdll.pdb 77990000 779af000 IMM32 (deferred)
779b0000 779b5000 PSAPI (deferred)
779c0000 779d9000 sechost (deferred)
779e0000 779ea000 LPK (deferred)
77a20000 77a23000 normaliz (deferred)
77a30000 77a7e000 GDI32 (deferred)

Unloaded modules: 70ad0000 70ae1000 DRPREI~1.DLL 66e80000 66eb8000 sqmapi.dll 730a0000 730f8000 winhttp.dll 73050000 7309f000 webio.dll 76270000 7640d000 setupapi.dll 75b70000 75b82000 DEVOBJ.dll 759f0000 75a17000 CFGMGR32.dll 6ee10000 6ee3e000 TabHelper32.dll 6f5b0000 6f634000 COMCTL32.dll 741b0000 741d5000 POWRPROF.DLL

Attachment: IE10.png Image.png

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1481

[derekbruening]

From bruen...@google.com on July 23, 2014 07:45:59

Summary: CRASH (4.2.0 with bbcount on win7 ie10 + Flash32_14_0_0_125.ocx) (was: windows7 + ie10 + Flash32_14_0_0_125.ocx crash)
Labels: -Priority-Medium Priority-High Bug-DRCrash