search

horsicq / PDBRipper

PDBRipper is a utility for extract an information from PDB-files.
MIT License
802 stars 87 forks source link

bugs #2

Closed MovAX0xDEAD closed 3 years ago

MovAX0xDEAD commented 3 years ago

Hi horsicq !

1) wrong size=8 integer type fix, not all "int/long" combinations covered if(pHandleOptions->bFixTypes) { if((result.nBaseType==7) &&(result.nSize!=4)) // "unsigned int" { switch(result.nSize) { case 1: result.sTypeName="unsigned char"; break; case 2: result.sTypeName="unsigned short"; break; case 4: result.sTypeName="unsigned int"; break; case 8: result.sTypeName="unsigned long"; break; } }

supposed to be : if(pHandleOptions->bFixTypes) { if((result.nBaseType==7 || result.nBaseType==14) &&(result.nSize!=4)) // "unsigned int" { switch(result.nSize) { case 1: result.sTypeName="unsigned char"; break; case 2: result.sTypeName="unsigned short"; break; case 4: result.sTypeName="unsigned int"; break; case 8: result.sTypeName="unsigned long long"; break; // or __int64 } } if((result.nBaseType==6 || result.nBaseType==13) &&(result.nSize!=4)) // "int" { switch(result.nSize) { case 1: result.sTypeName="char"; break; case 2: result.sTypeName="short"; break; case 4: result.sTypeName="int"; break; case 8: result.sTypeName="long long"; break; } } }

2) in void QWinPDB::_appendElem() _dwSize+= pListChildren->at(j).dwSize; to: if (pListChildren->at(j).dwBitOffset) { _dwSize+= 0; } else { _dwSize+= pListChildren->at(j).dwSize; }

this need for unions with child bitsized fields to avoid increment total size example: struct _EX_PUSH_LOCK// Size=0x4 { union // Size=0xc { struct // Size=[b]0xc[/b] - wrong, next fields after this internal struct will be assume at offset 0xc { unsigned long Waiting:1;// Offset=0x0 Size=0x4 BitOffset=0x0 BitSize=0x1 unsigned long Exclusive:1;// Offset=0x0 Size=0x4 BitOffset=0x1 BitSize=0x1 unsigned long Shared:30;// Offset=0x0 Size=0x4 BitOffset=0x2 BitSize=0x1e }; unsigned long Value;// Offset=0x0 Size=0x4 void *Ptr;// Offset=0x0 Size=0x4 }; };

3) union/fields "fix engine" still has bugs: unsigned long GrantedAccess;// Offset=0x23c Size=0x4 union // Size=0x4 { unsigned long CrossThreadFlags;// Offset=0x240 Size=0x4 unsigned long Terminated:1;// Offset=0x240 Size=0x4 BitOffset=0x0 BitSize=0x1 }; unsigned long DeadThread:1;// Offset=0x240 Size=0x4 BitOffset=0x1 BitSize=0x1 - outside of union unsigned long HideFromDebugger:1;// Offset=0x240 Size=0x4 BitOffset=0x2 BitSize=0x1 unsigned long ActiveImpersonationInfo:1;// Offset=0x240 Size=0x4 BitOffset=0x3 BitSize=0x1 unsigned long SystemThread:1;// Offset=0x240 Size=0x4 BitOffset=0x4 BitSize=0x1 unsigned long HardErrorsAreDisabled:1;// Offset=0x240 Size=0x4 BitOffset=0x5 BitSize=0x1 unsigned long BreakOnTermination:1;// Offset=0x240 Size=0x4 BitOffset=0x6 BitSize=0x1 unsigned long SkipCreationMsg:1;// Offset=0x240 Size=0x4 BitOffset=0x7 BitSize=0x1 unsigned long SkipTerminationMsg:1;// Offset=0x240 Size=0x4 BitOffset=0x8 BitSize=0x1

horsicq commented 3 years ago

Thanks a lot for the bugreport! I will take a look and fix it.

horsicq commented 3 years ago

Fixed: https://github.com/horsicq/PDBRipper/commit/75a994e1fe0197692112c37f7369ef4fa3cff2dd I will create a beta version later

horsicq commented 3 years ago

https://github.com/horsicq/PDBRipper/releases/tag/2.01b