search

SkyLined / BugId

Detect, analyze and uniquely identify crashes in Windows applications
https://bugid.skylined.nl
Other
501 stars 90 forks source link

32-bit version of BugId uses 64-bit version of cmd.exe as utility process. #50

Closed soiax closed 6 years ago

soiax commented 6 years ago

With the latest.... it needs 64 bit python now?

AssertionError('Accessing a virtual allocation in a 64-bit process from 32-bit Python process is not implemented',) Stack: 3 foGetForProcessIdAndAddress (H:\secprogs\bugidlatest\modules\mWindowsAPI\cVirtualAllocation.py/29)

"Accessing a virtual allocation in a 64-bit process from 32-bit Python process is not implemented"; 2 foCreateVirtualAllocationInProcessForId (H:\secprogs\bugidlatest\modules\mWindowsAPI\foCreateVirtualAllocationInProcessForId.py/40) return cVirtualAllocation.foGetForProcessIdAndAddress(uProcessId, uBaseAddress); 1 cCdbWrapper_fCdbStdInOutThread (H:\secprogs\bugidlatest\modules\cBugId\cCdbWrapper_fCdbStdInOutThread.py/255) uSize = dxConfig["uReservedMemory"], 0 __fThreadWrapper (H:\secprogs\bugidlatest\modules\cBugId\cCdbWrapper.py/261) fActivity(oCdbWrapper);

Windows version: Windows 10 Pro release 1607, build 14393 BugId version: 2017-11-22 22:57 cBugId version: 2017-11-22 22:56 mFileSystem version: 2017-11-11 10:13 mWindowsAPI version: 2017-11-21 12:32 oConsole version: 2017-11-21 15:58

SkyLined commented 6 years ago

Yes: to debug 64-bit application, you will need a 64-bit version of Python going forward. To debug a 32-bit application, a 32-bit version of Python should suffice.

(background: there are a number of problems when using cdb.exe that I have to work around. I am slowly moving away from doing everything through cdb.exe in favor of making direct Windows API calls. Unfortunately, you cannot get information about memory allocated in a 64-bit process, from a 32-bit process, so 64-bit Python is required in this situation).

soiax commented 6 years ago

Oh sorry.. i meant, it IS a 32bit application... i get this error from 32 bit python trying to run a 32bit application.

SkyLined commented 6 years ago

Ah, yes that is another issue I am trying to fix at the moment. I am now starting a "dummy" utility process, so I can trigger breakpoints at any time in cdb.exe and know which breakpoints were triggered by me, and which were triggered by the target application. I had assumed that using %ComSpec% would give me the 32bit version of cmd.exe on 64-bit Windows. Obviously it does not, so BugId ends up attempting to debug a 64-bit version of cmd.exe and fails...

soiax commented 6 years ago

Maybe you should make a DEV branch, and use the master branch for a stable version? :stuck_out_tongue_closed_eyes:

SkyLined commented 6 years ago

Yes, agreed. I normally let any changes run for a bit in my fuzzing framework before I push them up to github, but obviously I haven't done that and have been trying to get the current master branch stable for a few days now, which is not ideal.

SkyLined commented 6 years ago

This should now be fixed

soiax commented 6 years ago

This still happens ... acrobatdc with keyword is ok, but with full path: Same with all keywords vs full path.

SkyLined commented 6 years ago

Alright, I will investigate. Thanks for the report as usual!

SkyLined commented 6 years ago

Please try the latest version of BugId. I believe this issue should now be resolved. Let me know if this is not the case and I will reopen the bug.