Plugin doesn't work after a HeapAlloc

illera88 / Ponce

IDA 2016 plugin contest winner! Symbolic Execution just one-click away!

https://docs.idaponce.com

Other

1.48k stars 72 forks source link

Plugin doesn't work after a HeapAlloc #27

Closed 0ca closed 8 years ago

0ca commented 8 years ago

Probably is related with a incorrectly disassembled instruction.

illera88 commented 8 years ago

@0ca What exactly happens? Does it crash?

0ca commented 8 years ago

It doesn't crash. I need to take a deeper look.

0ca commented 8 years ago

There was a problem switching from 32 bits to 64 bits in the dll syswow64.dll. It is a tricky things, so I identify the magic insturction is doing the switch and I am doing step over that call to skip the switching:

                if (last_triton_instruction->getDisassembly().find("call dword ptr fs:[0xc0]") != -1)
                {
                    msg("wow64 switching! request_step_over();\n");
                    request_step_over();
                }

If I got a best solution from the IDA forum I will use it: https://forum.hex-rays.com/viewtopic.php?f=8&t=4070