search

Jinmo / ifred

IDA command palette & more (Ctrl+Shift+P, Ctrl+P)
141 stars 14 forks source link

IDA 7.7 Crashes Sometimes When Using ifred #21

Closed matthewfarrellex closed 2 years ago

matthewfarrellex commented 2 years ago

Hello @Jinmo,

I really like ifred and using it all day during my reversing sessions. So thank you very much for making this great plugin!

But, for the IDA 7.7 it crashes sometimes. I guess you know that crashing IDA when reversing a application which is hundereds of megabytes is really annoying...

Here is a handful information for you:

ida_palette64 base address: 0x00007ffb212a0000

Stack:

Qt5Core!QT::QCoreApplicationPrivate::qmljsDebugArgumentsString+0x98
Qt5Core!QT::QMessageLogger::fatal+0x6d
Qt5Core!QT::QThread::~QThread+0xde
ida_palette64!PyInit___palette__+0x53231
ida_palette64!PyInit___palette__+0x5ff86
Qt5Core!QT::QObjectPrivate::deleteChildren+0x8b
Qt5Widgets!QT::QWidget::~QWidget+0x670
ida_palette64!PyInit___palette__+0x4ff56
Qt5Core!QT::QObjectPrivate::deleteChildren+0x8b
Qt5Widgets!QT::QWidget::~QWidget+0x670
ida_palette64!PyInit___palette__+0x4feb3
Qt5Core!QT::QObject::event+0xbb
Qt5Widgets!QT::QWidget::event+0xdf5
Qt5Widgets!QT::QApplicationPrivate::notify_helper+0x111
Qt5Widgets!QT::QApplication::notify+0x18b3
ida64_exe+0x11d449
ida64_exe+0x1bb6f0
Qt5Core!QT::QCoreApplication::notifyInternal2+0xbb
Qt5Core!QT::QCoreApplicationPrivate::sendPostedEvents+0x215
qwindows!qt_plugin_query_metadata+0x1fbf
Qt5Core!QT::QEventDispatcherWin32::processEvents+0x6a
qwindows!qt_plugin_query_metadata+0x1f99
Qt5Core!QT::QEventLoop::exec+0x1bf
Qt5Core!QT::QCoreApplication::exec+0x155
ida64_exe+0x1201f3
ida64_exe+0x12021c
ida64_exe+0x121169
ida64_exe+0x121226
ida64_exe+0x231efa

I'll be very happy if you can look into it. By the way, it does not always crashes the IDA. This stack trace is from ntoskrnl.exe. I guess it crashes when application has a lot of functions etc...

Thank you in advance!

Jinmo commented 2 years ago

Ahh.... yes, I don't know why it happens, and currently I don't have IDA SDK 7.7 in my hand. Will fix it promptly after detecting the root cause. Thanks for the reporting! (I think it'll take 2~3 days at most)

matthewfarrellex commented 2 years ago

I've debugged IDA with IDA when reversing ntoskrnl.exe. It print out this error in console: Debugged application message: QThread: Destroyed while thread is still running.

I guess you can reproduce bug by opening ntoskrnl.exe in IDA and trying to jump a function with ifred.

Jinmo commented 2 years ago

If you have access to SDK and build ifred, you can temporarily set the SAME_THREAD_THRESHOLD to INT32_MAX (0x7FFFFFFF). I'm suspect these as the root cause; Qt version mismatch (7.7 use Qt 5.12 but 7.6 use 5.6) and some changes to QThread semantics. Still I don't have access to the SDK, but I think you can use the temporary solution mentioned above...

matthewfarrellex commented 2 years ago

I've access to SDK but can't manage to build ifred unfortunately. SDK for 7.7 is already on the internet. You can find it.

Jinmo commented 2 years ago

Just pushed a fix; Can you try it?

matthewfarrellex commented 2 years ago

Looks like fixed the bug :) Thank you!

Jinmo commented 2 years ago

Cool, thanks for the reporting! :smiley: