uc_mem_map crashes at unicorn!ram_block_add+0xf3 ?
#2179
Comments
|
The crash seems weird, your uc ptr is null or invalid? |
|
|
|
What's the values of |
|
then I debugged and found that the second time he did the |
|
Your uc pointer is corrupted and not our fault. Please debug your program =) |
|
I think I got it, I forgot to
|
|
If you do not return true in unmapped hooks, you should get errors from uc_emu_start, no? |
|
As far as I know it doesn't seem to be the case, it crashes before I call bool hook_mem_unmapped(
uc_engine * uc,
uc_mem_type type,
uint64_t address,
int size,
int64_t value,
void * user_data
) {
return false;
}
struct SegmentSelector {
union {
struct {
uint16_t rpl : 2;
uint16_t table: 1;
uint16_t index: 13;
};
uint64_t desc;
};
};
struct SegmentDescriptor {
union {
struct {
uint16_t limit0;
uint16_t base0;
uint8_t base1;
uint8_t type : 4;
uint8_t system : 1;
uint8_t dpl : 2;
uint8_t present : 1;
uint8_t limit1 : 4;
uint8_t avail : 1;
uint8_t is_64_code : 1;
uint8_t db : 1;
uint8_t granularity: 1;
uint8_t base2;
};
uint64_t desc;
};
};
int main() {
uc_engine *uc_ = nullptr;
uc_open(UC_ARCH_X86, UC_MODE_64, &uc_);
uc_hook passUnMapped;
auto err = uc_hook_add(uc_, &passUnMapped, UC_HOOK_MEM_UNMAPPED, hook_mem_unmapped, nullptr, 1, 0);
uc_x86_mmr gdtr;
const uint64_t m_gdt_address = 0xc000000000000000;
SegmentDescriptor *gdt = (struct SegmentDescriptor *) malloc(31 * sizeof(struct SegmentDescriptor));
SegmentSelector r_gs = {};
r_gs.desc = 0x2B;
gdtr.base = m_gdt_address;
gdtr.limit = 31 * sizeof(struct SegmentDescriptor) - 1;
err = uc_reg_write(uc_, UC_X86_REG_GDTR, &gdtr);
// call the UC_HOOK_MEM_UNMAPPED hook, and return false
err = uc_reg_write(uc_, UC_X86_REG_GS, &r_gs);
free(gdt);
// both UC_ERR_NOMEM, but sometimes crash the program
err = uc_mem_map(uc_, 0x00007ffe0e250000, 0x0000000000001000, 1);
err = uc_mem_map(uc_, 0x00007ffe0e251000, 0x000000000011b000, 5);
err = uc_mem_map(uc_, 0x000000927fcfc000, 0x0000000000004000, 3);
err = uc_mem_map(uc_, 0x00007ffe0e250000, 0x0000000000001000, 1);
}It may crash in the following two places, the |
|
I can't reproduce your bug. Note I modified your case to C: are you on dev branch? |
|
2025-05-08.16-05-55.mp4 |
|
This reminds of turning to ASAN: Cool, looks like indeed a bug happening. |
|
I belive I know what happen: the second memory mappings fails (probably because of not not enough memory) this sets can you try this patch: I'm not sure if this is the correct place, but it should work. |
|
I confirmed the patch fixes the issue. Thanks for @PhilippTakacs |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I made an x64dbg plugin and ran it in x64dbg, but unfortunately it crashes!
I put any program like vcpkg.exe into the debugger and then right click on any function of that plugin and it crashes!
I have minidump and the following stack information
Here is the address of my plugin, I am using the latest x64dbg, snapshot_2025-03-15_15-57
https://github.com/YuHuanTin/CmakeVMHelp
To be honest, I can't really figure out why, so I came to ask :(
dump-05052025_2302210172.dmp
The text was updated successfully, but these errors were encountered: