search

SkyLined / BugId

Detect, analyze and uniquely identify crashes in Windows applications
https://bugid.skylined.nl
Other
500 stars 90 forks source link

BugId gets stuck when a sub process terminate #105

Closed Yu3H0 closed 1 year ago

Yu3H0 commented 2 years ago

I use 

git clone --recurse-submodules https://github.com/SkyLined/BugId.git

to get the newest BugId

But when I use command line like this:

"C:\Python310\python.exe" "C:\Fuzzing\BugId\BugId.py" -v "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "--sReportFolderPath=\"C:\\Fuzzing\\Report\"" --isa=x86 --n0ApplicationMaxRunTimeInSeconds=60 -- "C:\Fuzzing\fuzz-326c894b85092e6e8e12b10d66ddc18f.pdf"

BugId gets stuck when one sub process 4544/0x11C0 (RdrCEF.exe, x86, IL:1): Terminated

The log is too long, so I only intercepted the latter part

<stdin<
stdout>3:060>
log>Main loop #683
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: <no event>
stdout>  debugger time: Fri Mar 11 00:46:15.034 2022 (UTC - 8:00)
stdout>}☻]☺>
stdout>3:060>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ r @$tpid; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get current process id
stdout><☺[☻{
stdout>$tpid=000011e8
stdout>}☻]☺>
stdout>3:060>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ r @$tid; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get current thread id
stdout><☺[☻{
stdout>$tid=000016cc
stdout>}☻]☺>
stdout>3:060>
► Sub process 4584/0x11E8 (RdrCEF.exe, x86, IL:1): debug Thread 5836 releasing Proxy object acquired for read.
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Fri Mar 11 00:46:15.162 2022 (UTC - 8:00)
stdout>System Uptime: 0 days 15:40:55.207
stdout>Process Uptime: 0 days 0:02:20.949
stdout>  Kernel time: 0 days 0:00:07.859
stdout>  User time: 0 days 0:00:05.656
stdout>}☻]☺>
stdout>3:060>
<stdin<gh;
log>helper thread started (Thread: Thread #5124 [cdb.exe interrupt on timeout thread] <bound method cCdbWrapper_fCdbInterruptOnTimeoutHelperThread of <mBugId.cCdbWrapper.cCdbWrapper.cCdbWrapper object at 0x0000022A8775FFA0>>()) stdout>Proxy object acquired for read  by thread 5836.
log>StdOut output (Line: b'Proxy object acquired for read  by thread 5836.')
stdout>
stdout>3:060>
log>helper thread terminated (Thread: Thread #5124 [cdb.exe interrupt on timeout thread] <bound method cCdbWrapper_fCdbInterruptOnTimeoutHelperThread of <mBugId.cCdbWrapper.cCdbWrapper.cCdbWrapper object at 0x0000022A8775FFA0>>())
<stdin<
stdout>3:060>
log>Main loop #684
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: <no event>
stdout>  debugger time: Fri Mar 11 00:46:15.205 2022 (UTC - 8:00)
stdout>}☻]☺>
stdout>3:060>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ r @$tpid; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get current process id
stdout><☺[☻{
stdout>$tpid=000011e8
stdout>}☻]☺>
stdout>3:060>
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ r @$tid; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get current thread id
stdout><☺[☻{
stdout>$tid=000016cc
stdout>}☻]☺>
stdout>3:060>
► Sub process 4584/0x11E8 (RdrCEF.exe, x86, IL:1): debug Proxy object acquired for read  by thread 5836.
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Fri Mar 11 00:46:15.343 2022 (UTC - 8:00)
stdout>System Uptime: 0 days 15:40:55.388
stdout>Process Uptime: 0 days 0:02:21.130
stdout>  Kernel time: 0 days 0:00:07.875
stdout>  User time: 0 days 0:00:05.656
stdout>}☻]☺>
stdout>3:060>
<stdin<gh;
log>helper thread started (Thread: Thread #4624 [cdb.exe interrupt on timeout thread] <bound method cCdbWrapper_fCdbInterruptOnTimeoutHelperThread of <mBugId.cCdbWrapper.cCdbWrapper.cCdbWrapper object at 0x0000022A8775FFA0>>()) stdout>(e4c.188): C++ EH exception - code e06d7363 (first chance)
stdout>(e4c.188): C++ EH exception - code e06d7363 (first chance)
stdout>(e4c.188): C++ EH exception - code e06d7363 (first chance)
stdout>(e4c.188): C++ EH exception - code e06d7363 (first chance)
stdout>(e4c.188): C++ EH exception - code e06d7363 (first chance)
stdout>(e4c.188): C++ EH exception - code e06d7363 (first chance)
stdout>(e4c.188): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>(2d4.1be8): C++ EH exception - code e06d7363 (first chance)
stdout>
stdout>11:176>
log>helper thread terminated (Thread: Thread #4624 [cdb.exe interrupt on timeout thread] <bound method cCdbWrapper_fCdbInterruptOnTimeoutHelperThread of <mBugId.cCdbWrapper.cCdbWrapper.cCdbWrapper object at 0x0000022A8775FFA0>>())
<stdin<
stdout>11:176>
log>Main loop #685
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .lastevent; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get information about last event
stdout><☺[☻{
stdout>Last event: 11c0.16d4: Exit process 11:11c0, code 0
stdout>  debugger time: Fri Mar 11 00:46:15.577 2022 (UTC - 8:00)
stdout>}☻]☺>
stdout>11:176>
- Sub process 4544/0x11C0 (RdrCEF.exe, x86, IL:1): Terminated.
log>Terminated application process (Process id: 4544, Is main process: no)
<stdin<.printf "%c%c%c%c%c\r\n", 0x3C, 0x1, 0x5B, 0x2, 0x7B; .block{ .time; }; .printf "%c%c%c%c%c\r\n", 0x7D, 0x2, 0x5D, 0x1, 0x3E; $$ Get debugger time
stdout><☺[☻{
stdout>Debug session time: Fri Mar 11 00:46:16.133 2022 (UTC - 8:00)
stdout>System Uptime: 0 days 15:40:56.178
stdout>Process Uptime: 0 days 0:00:18.032
stdout>  Kernel time: 0 days 0:00:00.218
stdout>  User time: 0 days 0:00:00.187
stdout>}☻]☺>
stdout>11:176>

the adobe reader is the newest, and the pdf file is here: fuzz-326c894b85092e6e8e12b10d66ddc18f.pdf Looking forward to your solution.

SkyLined commented 1 year ago

Apologies for the slow response. It appears I am not receiving emails for every bug, which is how I missed this one. Can you still reproduce with the latest version?

SkyLined commented 1 year ago

I am assuming this no longer reproduces and closing this bug. If you can still reproduce, please re-open.