The shellcode_hash_search plugin crashes during execution due to an apparently 64 bit integer size problem with the underlying SQLite DB.
---------------------------------------------------------------------------------------------
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:53:40) [MSC v.1500 64 bit (AMD64)]
IDAPython 64-bit v7.3.0 final (serial 0) (c) The IDAPython Team <idapython@googlegroups.com>
---------------------------------------------------------------------------------------------
shellcode_hash: Starting up
shellcode_hash: Processing current segment only: 0x00000000 - 0x00000207
shellcode_hash: 0x000000a3: ror13AddHash32Dll:0xe553a458 kernel32.dll!VirtualAlloc
shellcode_hash: 0x000000bd: ror13AddHash32Dll:0x0726774c kernel32.dll!LoadLibraryA
shellcode_hash: 0x0000012f: ror13AddHash32Dll:0xc99cc96a dnsapi.dll!DnsQuery_A
shellcode_hash: 0x00000198: ror13AddHash32Dll:0x56a2b5f0 kernel32.dll!ExitProcess
shellcode_hash: 0x000001a4: ror13AddHash32Dll:0xe035f044 kernel32.dll!Sleep
shellcode_hash: 0x000001e4: ror13AddHash32Dll:0xcc8e00f4 kernel32.dll!lstrlenA
shellcode_hash: Exception: Python int too large to convert to SQLite INTEGER
Traceback (most recent call last):
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 342, in lookForOpArgs
hits = self.dbstore.getSymbolByTypeHash(h.hashType, opval)
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 192, in getSymbolByTypeHash
cur = self.conn.execute(sql_lookup_hash_type_value, (hashVal, hashType))
OverflowError: Python int too large to convert to SQLite INTEGER
shellcode_hash: 0x000000bc: ror13AddHash32Dll:0x0726774c kernel32.dll!LoadLibraryA
shellcode_hash: Exception: Python int too large to convert to SQLite INTEGER
Traceback (most recent call last):
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 342, in lookForOpArgs
hits = self.dbstore.getSymbolByTypeHash(h.hashType, opval)
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 192, in getSymbolByTypeHash
cur = self.conn.execute(sql_lookup_hash_type_value, (hashVal, hashType))
OverflowError: Python int too large to convert to SQLite INTEGER
shellcode_hash: 0x00000197: ror13AddHash32Dll:0x56a2b5f0 kernel32.dll!ExitProcess
shellcode_hash: Exception: Python int too large to convert to SQLite INTEGER
Traceback (most recent call last):
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 342, in lookForOpArgs
hits = self.dbstore.getSymbolByTypeHash(h.hashType, opval)
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 192, in getSymbolByTypeHash
cur = self.conn.execute(sql_lookup_hash_type_value, (hashVal, hashType))
OverflowError: Python int too large to convert to SQLite INTEGER
shellcode_hash: Exception: Python int too large to convert to SQLite INTEGER
Traceback (most recent call last):
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 342, in lookForOpArgs
hits = self.dbstore.getSymbolByTypeHash(h.hashType, opval)
File "C:\D\flare-ida\python\flare\shellcode_hash_search.py", line 192, in getSymbolByTypeHash
cur = self.conn.execute(sql_lookup_hash_type_value, (hashVal, hashType))
OverflowError: Python int too large to convert to SQLite INTEGER
shellcode_hash: Done
Apparently the problem arises due to the storing of the hashes as INT in the SQLite not as string?
The shellcode_hash_search plugin crashes during execution due to an apparently 64 bit integer size problem with the underlying SQLite DB.
Apparently the problem arises due to the storing of the hashes as INT in the SQLite not as string?
Please ref: https://www.google.com/search?q=64+bit+"Python+int+too+large+to+convert+to+SQLite+INTEGER"