Step return lets x86 target run freely if the first instruction after the return is `jmp`

Vector35 / debugger

Binary Ninja debugger

Other

201 stars 14 forks source link

Step return lets x86 target run freely if the first instruction after the return is `jmp` #421

Open xusheng6 opened 1 year ago

xusheng6 commented 1 year ago

For the following code,

_start:
004012d5  call    ___security_init_cookie
004012da  jmp     sub_401153

If I step into the function ___security_init_cookie, and then hit step return, the target will run freely, as if I send a Go command. There are several requirements for this issue:

It must be an x86 binary
The first instruction on the return address is an jmp

Note, this is actually a windbg bug -- that I can reproduce it directly in windbg.

xusheng6 commented 1 year ago

Tracked in https://github.com/microsoftfeedback/WinDbg-Feedback/issues/86