Closed enginelesscc closed 1 year ago
If that call is invalid then the process itself would crash on execution anyways?
Can you please inform me of situations where code like this exists and why we should guard against it?
For a 32bit process its quite likely someone chooses to use absolute addressing and lazy-map some pages on fault. In my case polyhook is used before the actual process has executed the entrypoint so none of that is ready there.
But either way polyhook already provides a return value on failure and I'd certainly prefer if it did so in such cases. (Here it could keep that call as-is and just copy it without trying to deref its ptr..) .. otherwise i'll have to use SEH around polyhook calls as alternative.
I wouldn't say that's so common unless your maybe hooking a jit but I see your point. The fix is easy enough, we have safe memory read apis in the library, I'll just switch to those
Here it just blindly dereferences an arbitrary pointer assuming its valid, causing a crash on invalid ptr
https://github.com/stevemk14ebr/PolyHook_2_0/blob/245a9c06fc24865e46b6bee388c58d3bf02c289c/polyhook2/Instruction.hpp#L71 https://github.com/stevemk14ebr/PolyHook_2_0/blob/245a9c06fc24865e46b6bee388c58d3bf02c289c/polyhook2/Instruction.hpp#L73
repro:
backtrace: