Skip to content
This repository has been archived by the owner on Aug 23, 2022. It is now read-only.

Not recognizing no-return windows syscall #322

Open
pgoodman opened this issue Nov 10, 2017 · 1 comment
Open

Not recognizing no-return windows syscall #322

pgoodman opened this issue Nov 10, 2017 · 1 comment
Assignees
@pgoodman @artemdinaburg
Labels
binary parsing bug good first issue windows x86
Projects
SEEL

Comments

@pgoodman
Copy link
Collaborator

mcsema-disass does not recognize this call to RtlFailFast as a no-return instruction, and so the following innocuous errors pop up:

E1109 19:37:00.836913 12635 Function.cpp:437] Block 140005e0b has no terminator, and instruction at 140005e10 is not a local no-return function call.

image
@pgoodman pgoodman added enhancement and removed bug labels Nov 10, 2017
@mike-myers-tob mike-myers-tob added this to To-Do in SEEL Dec 4, 2017
@artemdinaburg
Copy link
Contributor

We could (and maybe should?) treat all two-byte interrupts (opcode CD xx versus CC) as noreturn? I know technically CD 03 is still an INT3, but no sane compiler would emit it, and we officially do not support obfuscated code.

For this specific case it obviously makes more sense to call the high level handler of RtlFailFast. Maybe we could have a Windows-specific CFG recovery fix here? Or, alternatively, a Windows-specific int 0x29 handler?

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@pgoodman pgoodman

@artemdinaburg artemdinaburg

Labels
binary parsing bug good first issue windows x86
Projects
No open projects
SEEL
  
To-Do
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pgoodman @artemdinaburg