-
Notifications
You must be signed in to change notification settings - Fork 31
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory Leak, and never ending disassembe. #24
Comments
Hello. That's interesting that it enters an endless loop. Some questions to help me out:
|
So, I reproduced your example on a .NET Core X64 application and I confirm the bug. The internal disassemble loop never terminates starting with offset 98 in the buffer. What's weird is the internal call to Capstone's I don't have a Python environment handy. Is it possible for your to attach a text file with the output produced from the equivalent Python example? Just 1 instruction per line that prints the address, mnemonic, and operand string should be enough to help me out. Thanks! |
Thank you for the fast reply. I am getting the issue also with a .NET Core X64 application. To execute the same with Python I executed the following commands:
Then I ran the Python code that I included in the first post of the thread. This is the output I get with Python which works fine:
Thank you! |
Thanks. I'll hopefully have an update for you soon. |
OK. I found the source of the bug. The P/Invoke function signature for After looking at the binary code, it became clear that there is no valid instruction to disassemble at offset 98 (the offset I noted earlier where it started looping forever). At first I thought it was a bug in Capstone itself since Upon further debugging, I realized that it was the .NET Marshaller itself that was incorrectly marshalling the return value of I'll push a fix and publish an updated NuGet package shortly. I'll close this ticket once I do that. Thank you for your report and patience. |
Thank you for the great job! Looking forward to the updated NuGet package :) |
Y try to disassemble 64 bit version of notepad.exe. Depending the length of the buffer being disassembled, it never ends disassembling, and the memory consumed doesn't stop growing:
If I change the line:
var binaryCode = pe.Buff.Skip((int)offset).Take(100).ToArray();
To:
var binaryCode = pe.Buff.Skip((int)offset).Take(99).ToArray();
Or even 104 bytes
.Take(104)
it works perfectly.The equivalent example in python works perfectly:
The text was updated successfully, but these errors were encountered: