search

jrfonseca / drmingw

Postmortem debugging tools for MinGW.
GNU Lesser General Public License v2.1
273 stars 53 forks source link

Two different crashes #24

Closed strixcode closed 8 years ago

strixcode commented 8 years ago

I found 2 bugs in 0.7.6 code that cause crash when generating the report for my executable.

First is in dwarf_pe.c in function pe_get_section_info() line 69:

return_section->name = (const char *)pSection->Name;
if (return_section->name[0] == '/') {
    // Crashes here if atoi() returns value bigger then 1
    return_section->name = &pe_obj->pStringTable[atoi(&return_section->name[1])];

Second one is mgwhelp.c in function pe_find_symbol():

DWORD i;
for (i = 0; i < pNtHeaders->FileHeader.NumberOfSymbols; ++i) {
    // pSymbol has a vary large address and seems to point to garbage
    PIMAGE_SYMBOL pSymbol = &pSymbolTable[i];

I will send the executable by private email message so you can reproduce.

jrfonseca commented 8 years ago

jose dot r dot fonseca at gmail dot com

jrfonseca commented 8 years ago

For the record, @strixcode 's executable was truncated. It would load but any attempt to read symbol information would fail because the symbol and string table were incomplete/gone. Not even MinGW's gdb/objdump could do anything with it without crashing.

According to @strixcode the truncated executable was the doing of Microsoft MT tool, when trying to attach a manifest.

I couldn't find on the web reports of Microsoft MT corrupting MinGW's executables, but there are several resources explaining how to embedded a manifest using MinGW's windres resource compiler.