search

gaasedelen / patching

An Interactive Binary Patching Plugin for IDA Pro
MIT License
848 stars 105 forks source link

'%' can make IDA crash #17

Open cnitlrt opened 1 year ago

cnitlrt commented 1 year ago

env

python 3.9.9
IDA: 7.6

IDA Pro crashes when I type the '%' character in the Assemble window image

rohitab commented 10 months ago

This also happens when the line starts with a \ character. From what I see, it's stuck in an infinite loop inside keystone.dll. You can fix the issue by patching plugins\patching\keystone\keystone.dll with the following change, using any Hex Editor.

File Offset Original Bytes Patched Bytes
3604C 0F 84 83 E9 84 00

Verify the MD5 hash of keystone.dll before and after the patch, to ensure that the patch is applied correctly.

MD5 Before Patch MD5 After Patch
f8960c53f18607ceeaeb167bd6fc29f7 d89230f4bda17a63b51591c2a6d06af1

It's not the ideal fix, but it does resolve the issue.

NOTE: This patch is only for v0.1.2 for Windows.

gaasedelen commented 2 months ago

Thanks for the report 😰

Yes.. there's a few sketchy characters that keystone blows up on that were not caught during development.

I can probably bodge some basic filtering of these characters into the python pre-processing the plugin does prior to passing it off to keystone. Honestly I'd rather move this plugin away from keystone and onto https://github.com/emproof-com/nyxstone if anything.

Keystone isn't really actively maintained and has several sharp edges. Back when I wrote this plugin, I had to fix several bugs in keystone just to get it into a semi-usable state just for the purpose of this plugin and it was pretty time consuming.