search

Vector35 / deprecated-binaryninja-python

Deprecated Binary Ninja prototype written in Python
GNU General Public License v2.0
521 stars 128 forks source link

Crash when opening CFF Explorer.exe #7

Open MCKSysArgentina opened 9 years ago

MCKSysArgentina commented 9 years ago

The app crashes when opening "CFF Explorer.exe" or any other executable from NTCore's Explorer Suite.

The error:

Exception in thread Thread-1: Traceback (most recent call last): File "D:\Python27\lib\threading.py", line 810, in *bootstrap_inner self.run() File "D:\Python27\lib\threading.py", line 763, in run self.__target(_self.__args, _self.kwargs) File "D:\Temp\binaryninja-python-master\DisassemblerView.py", line 175, in ana lysis_thread_proc self.analysis.analyze() File "D:\Temp\binaryninja-python-master\Analysis.py", line 962, in analyze self.start.findBasicBlocks() File "D:\Temp\binaryninja-python-master\Analysis.py", line 865, in findBasicBl ocks block.populate(known_instrs) File "D:\Temp\binaryninja-python-master\Analysis.py", line 807, in populate instr.format_text(self, self.analysis.options) File "D:\Temp\binaryninja-python-master\Analysis.py", line 142, in format_text elif (instr.operands[j].size == self.addr_size) and (value >= block.exe.star t()) and (value < block.exe.end()) and (not self.isLocalJump()): File "D:\Temp\binaryninja-python-master\BinaryData.py", line 148, in end return self.start() + len(self) TypeError: len**() should return an int

I attach an image of the crash binjaerror :

psifertex commented 9 years ago

Thanks for the heads up, I'll take a look at soon. We admittedly have done less testing of the PE parsing, so appreciate the find.

psifertex commented 9 years ago

I just tried the latest version from their website using binary ninja on both OS X and Windows (using the latest binary ninja from the repository) and it wouldn't reproduce for me? At least, I opened up the executable and it looked fine, I didn't click around much.

Just to confirm, here's the hash of the exe I tested:

MD5 (CFF_Explorer/CFF Explorer.exe) = b8c8428e5ebe6f60433089c391a0063a

Can you confirm what executable version you used?

MCKSysArgentina commented 9 years ago

The executable I have has MD5 = FFC218143D392023ED4A0A025E95E1D0. It has version n°: 7.9.0.0 and modified 03-Dec-2010 15:36

Now I realize that it's not the last version of CFF Explorer (sorry about that).

Also, I have the "Explorer Suite" .exe installer, which has SHA1 = AA980E00564DBF47CD67EC170DB24F815B5C93C0. And it's also old.

I'll download the last version of the Suite and check again, but if you want the installer I have, I can upload it to Mega for you.

That's, if you want to check, why this executable is crashing binary ninja.

Cheers!

psifertex commented 9 years ago

Yeah, if you can post a mega link that'd be handy. If you'd rather send it to me, my email is <my first name> at <this repository's owning organization> dot com

MCKSysArgentina commented 9 years ago

Here's the download link: https://mega.co.nz/#!sw53kQzB!NQ0SQfv25EQNc_oZ28PGkf5Og_fDsAn0HcGTjwAuin4

I hope it helps!

psifertex commented 9 years ago

Strange -- it loaded just fine for me. When does it crash? Can you double check the install process and make sure you don't have multiple copies of one of the pre-requisites installed?

MCKSysArgentina commented 9 years ago

I leave you a video of the crash event: https://mega.co.nz/#!tl5zVKCT!be3ofx_cQdwqb1gzHtAjOHebbHa4RQgg4Wt1_QdVHMU And this exe is the last version of CFF Explorer (8.0.0 - MD5: 293334EC617895258C789CE1FD3D3C39 - SHA1: 0BB93B2A8A9B677578CB1CAC47E39678D9F6B67E). This is weird. Also, notice the error message in the cmd box, when pass over the button and clicks it. Maybe it's a problem due to and old version of PySide? (I have version 1.2.1 for python 2.7 i386). Or the python interpreter? I have ActivePython 2.7.8.10. The python interpreter says:

ActivePython 2.7.8.10 (ActiveState Software Inc.) based on Python 2.7.8 (default, Jul 2 2014, 19:50:44) [MSC v.1500 32 bit (Intel)] on win 32 Type "help", "copyright", "credits" or "license" for more information.

It's bed time around here, but this weekend I'll spend some time trying to figure out what's going on here.

Cheers!

psifertex commented 9 years ago

Can you re-try it using the python.org windows installer and see if that fixes it?

MCKSysArgentina commented 9 years ago

No, the same crash happens. Using python 2.7.9 x86.

I'll try reinstalling all packages again.

'''EDIT''': Tested reinstalling all from scratch. The same error happens!!!

The binja package I have it's "binaryninja-python-master.zip" MD5: 9B5EEF0FAAB6D040963C06FEE257AE60 SHA1: 30DB1C3E9DA96DC569E05DA04890F998D03C881E

Is this the correct package?