search

Vector35 / debugger

Binary Ninja debugger
Other
201 stars 14 forks source link

Cannot debug x86 .exe #150

Closed xusheng6 closed 2 years ago

xusheng6 commented 2 years ago

This is a typical Debugger Console output one gets when trying to debug a x86 .exe on Windows 11.

No .natvis files found at C:\Windows\SYSTEM32\Visualizers.
No .natvis files found at C:\Users\xushe\AppData\Local\Dbg\Visualizers.

Microsoft (R) Windows Debugger Version 10.0.22000.593 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.

CommandLine: C:\Users\xushe\Downloads\6248a30433c5d42a191a5aaf\crackme-2-loader.exe
Unable to add extension DLL: ntsdexts
Unable to add extension DLL: uext
Unable to add extension DLL: exts
SECURE: File not allowed to be loaded - C:\Windows\SYSTEM32\dbghelp.dll
Error code: Win32 error 0n5
The call to LoadLibrary(ext) failed, Win32 error 0n2
    "The system cannot find the specified file"
Please check your debugger configuration and/or network access.
Unable to add extension DLL: wow64exts

************* Path validation summary **************
Response                         Time (ms)     Location
Deferred                                       srv*
Symbol search path is: srv*
Executable search path is: 
ModLoad: 00000000`004d0000 00000000`004db000   crackme-2-loader.exe
ModLoad: 00007fff`fc0e0000 00007fff`fc2e9000   ntdll.dll
ModLoad: 00000000`77240000 00000000`773e9000   ntdll32.dll
ModLoad: 00007fff`fa2d0000 00007fff`fa327000   C:\Windows\System32\wow64.dll
ModLoad: 00007fff`fc090000 00007fff`fc098000   C:\Windows\System32\wow64base.dll
ModLoad: 00007fff`fa880000 00007fff`fa90a000   C:\Windows\System32\wow64win.dll
ModLoad: 00007fff`fae90000 00007fff`faea6000   C:\Windows\System32\wow64con.dll
(3f60.13a8): Break instruction exception - code 80000003 (first chance)
ModLoad: 00000000`77230000 00000000`77239000   C:\Windows\System32\wow64cpu.dll
ModLoad: 00000000`76660000 00000000`76750000   C:\Windows\SysWOW64\KERNEL32.DLL
ModLoad: 00000000`75eb0000 00000000`76102000   C:\Windows\SysWOW64\KERNELBASE.dll
ModLoad: 00000000`76480000 00000000`76592000   C:\Windows\SysWOW64\ucrtbase.dll
ModLoad: 00000000`74bc0000 00000000`74bd5000   C:\Windows\SysWOW64\VCRUNTIME140.dll
ModLoad: 00000000`74be0000 00000000`74c4d000   C:\Windows\SysWOW64\MSVCP140.dll
(3f60.13a8): WOW64 breakpoint - code 4000001f (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
SetContext failed, 0x80004005
MachineInfo::SetContext failed - Thread: 00000000174FD600  Handle: 628  Id: 13a8 - Error == 0x80004005
Breakpoint 0 hit
*** WARNING: Unable to verify checksum for crackme-2-loader.exe
SetContext failed, 0x80004005
MachineInfo::SetContext failed - Thread: 00000000174FD600  Handle: 628  Id: 13a8 - Error == 0x80004005

Among them, the most important thing is that

Unable to add extension DLL: wow64exts

So the dbgeng will wrongly treat the process as a x64 one, and everything then screws up.

I need to test whether this affects Windows 10 in the same way, or this is due to something new on Windows 11.

Also @yrp reproted that he cannot run !peb properly, and that might be related to the other missing extensions:

Unable to add extension DLL: ntsdexts
Unable to add extension DLL: uext
Unable to add extension DLL: exts
xusheng6 commented 2 years ago

Windows 10 is affected in the same way, i.e., the wow64exts also fails to load. However, it manages to debug the target just fine. This also explains why our unit tests passes.

xusheng6 commented 2 years ago

related to #125

xusheng6 commented 2 years ago

Fixed in BN 3.1.3529-dev