search

hakaioffsec / coffee

A COFF loader made in Rust
https://labs.hakaioffsec.com/coffee-a-coff-loader-made-in-rust/
GNU General Public License v3.0
222 stars 38 forks source link

better error handling during a segfault #6

Open drishal opened 4 months ago

drishal commented 4 months ago

Would it be possible to add better error handling in case of segfaults? So that if say I'm using an agent it does not crash it completely and safely exits

(Edit: I somehow accidently pressed enter while creating the issue title, whoops)

drishal commented 4 months ago

Also @chvancooten, I did try your suggestion of microseh which seems to fit my usecase but sadly I was not able to get it compiled on a windows target, even after creating on a new blank crate. However I can confirm it compiles fine if I keep it on Linux target 🤔

chvancooten commented 4 months ago

Hi @drishal, regarding your last point, MicroSEH should work on Windows (and only on Windows) with the MSVC build chain only. Check the readme for details

drishal commented 4 months ago

Hi @drishal, regarding your last point, MicroSEH should work on Windows (and only on Windows) with the MSVC build chain only. Check the readme for details

is there any other alternative for the windows gnu target though ?

chvancooten commented 4 months ago

Not for SEH afaik. The README of MicroSEH also explains why.

drishal commented 4 months ago

Not for SEH afaik. The README of MicroSEH also explains why.

is there any other alternative to seh or maybe some other logic to safely exit on a segfault ? or even better, is there a way to handle this without transmute? (since I need to build on the gnu target though)

drishal commented 4 months ago

ok so apparently after digging around a bit more and building without --release, I noticed that there is an issue of thread has overflowed its stack, if the bof crashes, which is what causes a segfault as well. Now not sure how to handle that correctly

drishal commented 4 months ago

@chvancooten apologies for pinging you, but do you have any other ideas of preventing the stack overflow error if the bof fails to execute or run ?

chvancooten commented 4 months ago

Sorry - beyond SEH I'm not sure how I would tackle this.

drishal commented 4 months ago

@chvancooten so it turns out if it reaches std::ptr::null here, then the program crashes or causes a segfault (https://github.com/chvancooten/coffee/blob/main/src/loader/beacon_api.rs#L315) is there a better way to exit out of there instead of it leading to a segfault or stack overflow?

b1scoito commented 3 months ago

@chvancooten so it turns out if it reaches std::ptr::null here, then the program crashes or causes a segfault (https://github.com/chvancooten/coffee/blob/main/src/loader/beacon_api.rs#L315) is there a better way to exit out of there instead of it leading to a segfault or stack overflow?

In this case you're passing invalid data to the BOFs arguments?