bb33bb / corkami

Automatically exported from code.google.com/p/corkami
0 stars 0 forks source link

tinyW7_3264.asm doesn't seem to work anymore #6

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
Just to let you know, tinyW7_3264.asm crashes on my Win7 machine.

OS: Windows 7 x64 SP1 (6.1.7601), all updates installed as of 2014-09-06

Crash message:

Unhandled exception at 0x77660c7b (ntdll.dll) in tinyW7_3264.exe: 0xC0000005: 
Access violation reading location 0x57682042.

Stack trace:

>   ntdll.dll!_LdrpCheckForSecuROMImage@4()  + 0x76 bytes   
    ntdll.dll!_LdrpInitializeProcess@8()  + 0x3320e bytes   
    ntdll.dll!__LdrpInitialize@8()  + 0xb4c9 bytes  
    ntdll.dll!_LdrInitializeThunk@8()  + 0x10 bytes 

Maybe LdrpCheckForSecuROMImage is some new compatibility shim? Or am I doing 
something wrong?

My ntdll.dll is 6.1.7601.18247, md5sum: a2b0924d50f4435fd389499047ce553a

Original issue reported on code.google.com by thecybershadow on 6 Sep 2014 at 12:08

GoogleCodeExporter commented 9 years ago
Forgot to mention, tinyW7x64.asm works fine.

Original comment by thecybershadow on 6 Sep 2014 at 12:12

GoogleCodeExporter commented 9 years ago
Here's a fixed version.

Changes:

1. LdrpCheckForSecuROMImage is looking through IMAGE_DIRECTORY_ENTRY_DEBUG. The 
directory entry fell square in the middle of the text message, which caused 
that ASCII-looking invalid pointer dereference (0x57682042 is 'B hW', minus 
0x00400010 that's '2 (W', the fragment from "PE32 (W7"). I resolved this simply 
by moving the message after the IMAGE_IMPORT_DESCRIPTOR entries, that way the 
debug directory entry overlaps with the nul bytes in the second 
IMAGE_IMPORT_DESCRIPTOR.

2. LdrpCheckForSafeDiscImage was doing a strncmp with an address calculated 
using IMAGE_OPTIONAL_HEADER.SizeOfHeaders. I filled that in (and adjusted 
SizeOfImage, which can't be smaller than SizeOfHeaders apparently).

Original comment by thecybershadow on 6 Sep 2014 at 6:24