'%' can make IDA crash - Githubissues

gaasedelen / patching

An Interactive Binary Patching Plugin for IDA Pro

MIT License

872 stars 113 forks source link

'%' can make IDA crash #17

Closed cnitlrt closed 2 days ago

cnitlrt commented 1 year ago

env

python 3.9.9
IDA: 7.6

IDA Pro crashes when I type the '%' character in the Assemble window

rohitab commented 11 months ago

This also happens when the line starts with a \ character. From what I see, it's stuck in an infinite loop inside keystone.dll. You can fix the issue by patching plugins\patching\keystone\keystone.dll with the following change, using any Hex Editor.

File Offset	Original Bytes	Patched Bytes
`3604C`	`0F 84 83`	`E9 84 00`

Verify the MD5 hash of keystone.dll before and after the patch, to ensure that the patch is applied correctly.

MD5 Before Patch	MD5 After Patch
`f8960c53f18607ceeaeb167bd6fc29f7`	`d89230f4bda17a63b51591c2a6d06af1`

It's not the ideal fix, but it does resolve the issue.

NOTE: This patch is only for v0.1.2 for Windows.

gaasedelen commented 3 months ago

Thanks for the report 😰

Yes.. there's a few sketchy characters that keystone blows up on that were not caught during development.

I can probably bodge some basic filtering of these characters into the python pre-processing the plugin does prior to passing it off to keystone. Honestly I'd rather move this plugin away from keystone and onto https://github.com/emproof-com/nyxstone if anything.

Keystone isn't really actively maintained and has several sharp edges. Back when I wrote this plugin, I had to fix several bugs in keystone just to get it into a semi-usable state just for the purpose of this plugin and it was pretty time consuming.

gaasedelen commented 2 days ago

I believe I have fixed this via a patch to keystone @ gaasedelen/keystone@9ddb5e85b9507a98de3919ae24c18b02f8541442

It will be included in the v0.2.0 release, probably in the coming days.