search

silverf0x / RpcView

RpcView is a free tool to explore and decompile Microsoft RPC interfaces
GNU General Public License v3.0
901 stars 246 forks source link

Bugreport #17

Closed hfiref0x closed 5 years ago

hfiref0x commented 5 years ago

Hello,

thanks for this useful tool. Compiled it with Visual Studio 2017. So there is my bugreport and maybe a suggestion also.

Compilation note from readme doesn't explicitly state that you need to put your exact path to the qt runtime. This was my first confusion when I tried to build project files with cmake. set CMAKE_PREFIX_PATH=C:\Qt\Qt5.9.1\5.9.1\msvc2015_64 My Qt installed in C:\Qt\5.9.1... So perhaps sort of clarification is needed.

Next readme doesn't state you need to create Build\x64 or Build\x86 directories in RpcView.

This is really small issues, but solving them can save some time if someone trying to build your tool and following your instructions step-by-step.

RpcCommon\Misc.c

memcpy(pLocationInfo->Location, pUnloadEventTrace->ImageName, sizeof(pLocationInfo->Location));

where destination = pLocationInfo->Location is WCHAR Location[MAX_PATH]; source = pUnloadEventTrace->ImageName is WCHAR ImageName[32]; num = sizeof(pLocationInfo->Location) is 520 bytes.

If string is zero terminated this code will work okay. However 520 bytes copied from source may lead to crash if memory beyound this array is not available.

So perhaps you mean memcpy(pLocationInfo->Location, pUnloadEventTrace->ImageName, sizeof(pUnloadEventTrace->ImageName));

instead?

I'm looking further (I want to get it actually work on my Windows 10 LTSB ) so if found anything else will report.

internalComplexTypesArrays.cpp

UINT __fastcall getArrayMemorySize(
    _In_    VOID* pContext,
    _In_    RVA_T pType)

There is a twice assigned value in the switch. See arraySize. Perhaps you missed break? If it intended, then I don't understand this code tbh.

       case FC_LGFARRAY:
    case FC_LGVARRAY:

        RPC_GET_PROCESS_DATA(pType, &longArray, sizeof(LGFixedSizedArrayHeader_t));
        arraySize = longArray.totalSize;

    default:
        arraySize = POINTER_SIZE;
        break;

Thanks.

silverf0x commented 5 years ago

Thanks for your feedback. Could you split your bug report into 3 (README.md, RpcCommon\Misc.c and internalComplexTypesArrays.cpp) so that I can commit each fix separately?

hfiref0x commented 5 years ago

I've split this issue on 3. Closing this one.