search

x64dbg / x64dbgpy

Automating x64dbg using Python, Snapshots:
https://ci.appveyor.com/project/mrexodia/x64dbg-python/build/artifacts
MIT License
1.47k stars 70 forks source link

Callbacks are not thread safe #52

Open owerosu opened 4 years ago

owerosu commented 4 years ago

Hello, Callbacks registered there https://github.com/x64dbg/x64dbgpy/blob/v25/py.cpp#L810 are not thread safe and will produce random memory corruptions if an user script is running at the same time. We can't run python from two different threads at the exact same time.

Trigger the random corruption: Dummy program to debug: int crash(int a,int b) { int sum = 0; for (int i = 0; i < 0xFFFFFF; i++) sum += a + b; return sum; }

Dummy script:

`import x64dbgpy

def loop(): print("inside loop") x64dbgpy.pluginsdk.Run()

def outloop(): print("loop finished") x64dbgpy.pluginsdk.Run()

x64dbgpy.Breakpoint.add(0x140001036,loop) x64dbgpy.Breakpoint.add(0x140001048,outloop) x64dbgpy.pluginsdk.Run()`

corruption

Then enjoy random memory corruptions, you may need to run several times to crash or reload binary etc ...

So we need to use GIL lock related functions or maybe use async functions like PyThreadState_SetAsyncExc/Py_AddPendingCall.

mrexodia commented 4 years ago

Yeah, the current codebase is not great. The https://github.com/x64dbg/x64dbgpy/tree/v25/scriptapi project uses pybind11, which can work around these threading issues but it's currently not in development. Please join the x64dbg chat to discuss if you would like to collaborate on it.