search

HyperDbg / gui

HyperDbg's Graphical User Interface (GUI)
Apache License 2.0
63 stars 10 forks source link

32bit app oep disassembly error #170

Closed ddkwork closed 1 month ago

ddkwork commented 1 month ago

Currently it's 32 bit debug target error

ddkwork commented 1 month ago

https://github.com/HyperDbg/gui/blob/main/ux%2Fcpu.go#L1060-L1107

SinaKarvandi commented 1 month ago

Does it work on x64 apps? Is it a problem with Zydis? Could you please provide more information regarding the error?

它可以在 x64 应用程序上运行吗?这是 Zydis 的问题吗?您能否提供有关该错误的更多信息?

ddkwork commented 1 month ago

Does it work on x64 apps? Is it a problem with Zydis? Could you please provide more information regarding the error?

它可以在 x64 应用程序上运行吗?这是 Zydis 的问题吗?您能否提供有关该错误的更多信息?

The x64 parsing oep and disassembling oep buffer were executed correctly, and the x64 parsing process was just below the bitmap x86. The bug comes from the fact that some 32-bit programs have oeps that are not in the .text section, which results in oep lookup failures. However, there are still a lot of apps that are 32-bit

SinaKarvandi commented 1 month ago

Interesting, I didn't know that OEP might be outside '.text' section. Do you have any examples? I'm gonna test to see if our '.start' command could correctly find OEP in these apps or not.

有趣的是,我不知道 OEP 可能在 '.text' 部分之外。您有任何示例吗?我要测试一下我们的 '.start' 命令是否能在这些应用程序中正确找到 OEP。

ddkwork commented 1 month ago

Wait me make a gif.

---Original--- From: "Sina @.> Date: Wed, Jul 10, 2024 15:01 PM To: @.>; Cc: @.**@.>; Subject: Re: [HyperDbg/gui] 32bit app oep disassembly error (Issue #170)

Interesting, I didn't know that OEP might be outside '.text' section. Do you have any examples? I'm gonna test to see if our '.start' command could correctly find OEP in these apps or not.

有趣的是,我不知道 OEP 可能在 '.text' 部分之外。您有任何示例吗?我要测试一下我们的 '.start' 命令是否能在这些应用程序中正确找到 OEP。

— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>

ddkwork commented 1 month ago

Interesting, I didn't know that OEP might be outside '.text' section. Do you have any examples? I'm gonna test to see if our '.start' command could correctly find OEP in these apps or not.

有趣的是,我不知道 OEP 可能在 '.text' 部分之外。您有任何示例吗?我要测试一下我们的 '.start' 命令是否能在这些应用程序中正确找到 OEP。

screenshots

ddkwork commented 1 month ago

screenshots

SinaKarvandi commented 1 month ago

Could you send this tutorial1.exe to me? (email)

I want to check its headers.

您能将这个 tutorial1.exe 发送给我吗?(电子邮件)

我想检查它的标题。

ddkwork commented 1 month ago

Could you send this tutorial1.exe to me? (email)

I want to check its headers.

您能将这个 tutorial1.exe 发送给我吗?(电子邮件)

我想检查它的标题。

https://github.com/HyperDbg/gui/tree/main/32bit_oep_bug

SinaKarvandi commented 1 month ago

Thanks