search

notpidgey / EagleVM

Native code virtualizer for x64 binaries
GNU General Public License v3.0
393 stars 47 forks source link

Possible invalid RIP relative translations #7

Closed Smellon69 closed 7 months ago

Smellon69 commented 8 months ago

there's no cmake list for either of them.

Smellon69 commented 8 months ago

oh also my program refuses to run when I use the virtualization 0 clue why. sometimes it works sometimes it doesn't

Smellon69 commented 8 months ago

virtualizing a function like:

    if (key == "1337") {
        printf("Good job!");
    }

will crash

notpidgey commented 8 months ago

Please stop inconclusively spam opening issues on this repository. If you have an problem, please create an issue and make an effort to provide some context to what the problem is. If you solved the problem, please make an effort to explain the resolution in the issue and close it yourself. Its a difficult for me as a maintainer to do guess work and figure out if something is a problem on my end, or you gave up/solve it yourself.

"add the cmake for zydis and zycore!!!!!!!!!!!!! there's no cmake list for either of them." Does not help me help you in any kind of way and is just overly obnoxious. When you clone a git repository that has dependencies in the form of submodules. You need to initialize those submodules. This is why you are getting an issue where Zydis has no CMakeLists. To fix this you can clone the repository with "--recurse-submodules" or manually initialize submodules via CLI or whatever Git GUI you are using.

"oh also my program refuses to run when I use the virtualization 0 clue why. sometimes it works sometimes it doesn't" I don't know what virtualization 0 means.

This is actually something I fixed last night.

if (key == "1337") { printf("Good job!"); }

Ill merge something to main tonight when I know its stable and tag the issue. This problem is caused by missing virtualization of relative call instructions but that should be figured out relatively soon as I said before.

Smellon69 commented 8 months ago

Please stop inconclusively spam opening issues on this repository. If you have an problem, please create an issue and make an effort to provide some context to what the problem is. If you solved the problem, please make an effort to explain the resolution in the issue and close it yourself. Its a difficult for me as a maintainer to do guess work and figure out if something is a problem on my end, or you gave up/solve it yourself.

"add the cmake for zydis and zycore!!!!!!!!!!!!! there's no cmake list for either of them." Does not help me help you in any kind of way and is just overly obnoxious. When you clone a git repository that has dependencies in the form of submodules. You need to initialize those submodules. This is why you are getting an issue where Zydis has no CMakeLists. To fix this you can clone the repository with "--recurse-submodules" or manually initialize submodules via CLI or whatever Git GUI you are using.

"oh also my program refuses to run when I use the virtualization 0 clue why. sometimes it works sometimes it doesn't" I don't know what virtualization 0 means.

This is actually something I fixed last night.

if (key == "1337") { printf("Good job!"); }

Ill merge something to main tonight when I know its stable and tag the issue. This problem is caused by missing virtualization of relative call instructions but that should be figured out relatively soon as I said before.

sorry for spam opening issues. I had to clone zydis into the deps folder and then I had to do some weird stuff and it was working. about the "virtualization 0", I meant "virtualization, 0 clue", was a misinterpretation on your end and a lack of a brain on my end.

notpidgey commented 8 months ago

Ok so what program refuses to run when you use the virtualization? Is it the example that is provided in EagleVMSandbox? Is it your own program that you put into the sandbox? What do you mean by "refuses to run"? Does it crash? Does it produce an invalid PE?

Or are you talking about the code snippet that you posted below that comment which I addressed?

Smellon69 commented 8 months ago

Ok so what program refuses to run when you use the virtualization? Is it the example that is provided in EagleVMSandbox? Is it your own program that you put into the sandbox? What do you mean by "refuses to run"? Does it crash? Does it produce an invalid PE?

Or are you talking about the code snippet that you posted below that comment which I addressed?

It crashed from my code snippet and many other things, including printing to console, and doing basic if statements. I might try to work on some bugs as I find them if you don't fix them before I do, also I'll see what I can fix after you make the commit fixing that issue because I can't do much without it.

notpidgey commented 8 months ago

Fixed for that specific code snippet. You are free to merge and give it a go. I have noticed some problems with other calls that I see but I will solve that later.

Smellon69 commented 8 months ago

Fixed for that specific code snippet. You are free to merge and give it a go. I have noticed some problems with other calls that I see but I will solve that later.

I found another crash I don't know if you've found, something to do with defining a boolean inside of the vm I think?

int main(int argc, char* argv[])
{
    std::string key;
    std::cout << "license key: ";
    std::getline(std::cin, key);

    if (key.size() < 20)
    {
        printf("invalid key :(\n");
        //return 0;
    }

    char* key_buf = key.data();

    fnEagleVMBegin();

    // appears to crash here
    bool authed = false;

    if (key == "1337") {
        authed = true;
    }

    if (authed == true) {
        printf("correct key\n");
    }

    int odd_sum = 0;
    int even_sum = 0;
    for (int i = 0; i < 20; i++)
    {
        int ia = key_buf[i] - '0';
        if (i % 2)
        {
            even_sum += ia;
        }
        else
        {
            odd_sum += ia;
        }
    }

    if (odd_sum == 25 && even_sum == 60)
    {
        printf("congradulations, you earned a cookie!\n");
    }
    else
    {
        printf("almost...\n");
    }

    fnEagleVMEnd();

    return 0;
}
Smellon69 commented 8 months ago

I just realized, it crashes from \n and I'm not even doing that printf inside the virtualized code... 😭

std::cin also crashes

making booleans inside virtualized code also crashes.

notpidgey commented 7 months ago

Please see my comment on #8

I investigated this bug and it seems to be caused by RIP relative instruction translation. Will look into it after tests are finished being built.

notpidgey commented 7 months ago

This bug was caused by a wrong implementation of MOVSX.

    std::string key;
    std::cout << "license key: ";
    std::getline(std::cin, key);

    if (key.size() < 20)
    {
        printf("invalid key :(\n");
        //return 0;
    }

    char* key_buf = key.data();

    fnEagleVMBegin();

    // appears to crash here
    bool authed = false;

    if (key == "1337") {
        authed = true;
    }

    if (authed == true) {
        printf("correct key\n");
    }

    int odd_sum = 0;
    int even_sum = 0;
    for (int i = 0; i < 20; i++)
    {
        int ia = key_buf[i] - '0';
        if (i % 2)
        {
            even_sum += ia;
        }
        else
        {
            odd_sum += ia;
        }
    }

    if (odd_sum == 25 && even_sum == 60)
    {
        printf("congradulations, you earned a cookie!\n");
    }
    else
    {
        printf("almost...\n");
    }

    fnEagleVMEnd();

Works for me now. Please confirm on your end by merging the new changes