Labeless is a multipurpose IDA Pro plugin system for labels/comments synchronization with a debugger backend, with complex memory dumping and interactive Python scripting capabilities.
example, look at C.sizeof(mbi), gave a 32 bits int 0x30, but should be a SIZE_T in prototype which is 64 bits on x64,
or, ctypes will finally call on VirtualQueryEx with a undefined high 32bits value like 0x????????00000030,
after changing to C.c_size_t(C.sizeof(mbi)) and C.c_size_t(GRANULARITY) , IDADump works perfectly.
IDADump issue
Environment
labeless v1.1.4.0, 64 bit x64dbg, python2,
IDA-side information
in PyOlly stderr logs, sometimes, VirtualQueryEx failed with error 998, however the memory regoin was surely accessable on x64dbg.
Problem Description
Describe the problem/bug as clearly as possible.
Steps to Reproduce
1.try IDAdump by regions, then check out stderr log , then compare the dumped result in IDA hex view to the x64dbg memory view.
Possible Solutions
I think the problem could be a bug in python2 ctypes (python3 seems no such issues), however we could handle it carefully. I found two APIs were referred, VirtualProtectEx and VirtualQueryEx, both there are SIZE_T in prototype. see https://github.com/a1ext/labeless/blob/2f6c867deba6c414b8ed83d911c7b86dc9dd2d73/deploy/labeless/backend/x64dbg/utils.py#L208 and https://github.com/a1ext/labeless/blob/2f6c867deba6c414b8ed83d911c7b86dc9dd2d73/deploy/labeless/backend/x64dbg/utils.py#L213
example, look at C.sizeof(mbi), gave a 32 bits int 0x30, but should be a SIZE_T in prototype which is 64 bits on x64,
or, ctypes will finally call on VirtualQueryEx with a undefined high 32bits value like 0x????????00000030, after changing to C.c_size_t(C.sizeof(mbi)) and C.c_size_t(GRANULARITY) , IDADump works perfectly.