search

google / syzygy

Syzygy Transformation Toolchain
Apache License 2.0
355 stars 59 forks source link

Unable to read SEH handler table. #59

Open symeonp opened 6 years ago

symeonp commented 6 years ago

Hello! Quick question, while I am trying to instrument my binary am getting the following output:

C:\>instrument.exe --mode=afl --input-image=target.exe --output-image=target.instr.exe --force-decompose --multithread --cookie-check-hook
[0305/223120:INFO:application_impl.h(46)] Syzygy Instrumenter Version 0.8.32.0 (190dbfe).
[0305/223120:INFO:application_impl.h(48)] Copyright (c) Google Inc. All rights reserved.
[0305/223120:INFO:afl_instrumenter.cc(116)] Force decomposition mode enabled.
[0305/223120:INFO:afl_instrumenter.cc(122)] Thread-safe instrumentation mode enabled.
[0305/223120:INFO:afl_instrumenter.cc(128)] Cookie check hook mode enabled.
[0305/223120:INFO:pe_relinker_util.cc(336)] Input PDB not specified, searching for it.
[0305/223120:INFO:pe_relinker_util.cc(362)] Using default output PDB path: C:\target.instr.exe.pdb
[0305/223120:INFO:pe_relinker.cc(138)] Input module : C:\target.exe
[0305/223120:INFO:pe_relinker.cc(139)] Input PDB    : C:\target.pdb
[0305/223120:INFO:pe_relinker.cc(140)] Output module: C:\target.instr.exe
[0305/223120:INFO:pe_relinker.cc(141)] Output PDB   : C:\target.instr.exe.pdb
[0305/223120:INFO:pe_relinker.cc(57)] Decomposing module: C:\target.exe
[0305/223120:ERROR:pe_file_parser.cc(1216)] Unable to read SEH handler table.
[0305/223120:ERROR:pe_file_parser.cc(381)] Failed to parse data directory load config.
[0305/223120:ERROR:decomposer.cc(1084)] Unable to parse PE image.
[0305/223120:ERROR:pe_relinker.cc(66)] Unable to decompose module: C:\target.exe
[0305/223120:ERROR:instrumenter_with_relinker.cc(124)] Failed to initialize relinker.

Has anyone experienced this error before? Also am pretty sure that I have compiled the binary with SEH Exceptions handling, can anyone perhaps give me a hint? Thank you!

nevilad commented 6 years ago

Look at the value of SEHandlerCount field of the IMAGE_LOAD_CONFIG_DIRECTORY of the instrumented file. If the value is zero, then your executable doesn't have safe exception handlers.

symeonp commented 6 years ago

Hey nevilad, brilliant will have a look, thank you!

nevilad commented 6 years ago

There is a bug in pe_file_parser.cc, PEFileParser::ParseLoadConfigDir. Before using load_config->SEHandlerTable, the code must check load_config->SEHandlerCount field. If it is zero, there are no safe SEH handlers and the attempt to read them (imagefile.Translate and seh_handlers.Read) must be skipped.