Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v3.0.5772.1245 - PH crash have AV than file send to hybrid-analysis.com using menu Tools - Online Checks in to ./phlib/ref.c::171 #231

Closed
VictorVG opened this issue Jan 27, 2018 · 2 comments
Closed

v3.0.5772.1245 - PH crash have AV than file send to hybrid-analysis.com using menu Tools - Online Checks in to ./phlib/ref.c::171 #231

VictorVG opened this issue Jan 27, 2018 · 2 comments

Comments

@VictorVG
Copy link

If try send file ti virus check using menu Tools - Online Checks - hybrid-analysis.com Process Hacker crash then have Access Violation (AV) in to _InterlockedIncrement(&objectHeader->RefCount) on ./phlib/ref.c::171 . Debugger show listing:

--- \phlib\ref.c -----------------
   167:     PPH_OBJECT_HEADER objectHeader;
   168:
   169:     objectHeader = PhObjectToObjectHeader(Object);
   170:     // Increment the reference count.
--->   171:     _InterlockedIncrement(&objectHeader->RefCount);
000000013FAC4A40 F0 FF 41 F8          lock inc    dword ptr [rcx-8]
   172:
   173:     return Object;
000000013FAC4A44 48 8B C1             mov         rax,rcx
   174: }
000000013FAC4A47 C3                   ret
--- not source code --------------------------------------------------------
000000013FAC4A48 CC                   int         3
000000013FAC4A49 CC                   int         3
000000013FAC4A4A CC                   int         3
000000013FAC4A4B CC                   int         3
000000013FAC4A4C CC                   int         3
000000013FAC4A4D CC                   int         3
000000013FAC4A4E CC                   int         3
000000013FAC4A4F CC                   int         3
--- \phlib\ref.c -----------------
   189:     PPH_OBJECT_HEADER objectHeader;
   190:     LONG oldRefCount;
   191:
   192:     assert(!(RefCount < 0));
   193:
   194:     objectHeader = PhObjectToObjectHeader(Object);
   195:     // Increase the reference count.
   196:     oldRefCount = _InterlockedExchangeAdd(&objectHeader->RefCount, RefCount);
000000013FAC4A50 F0 0F C1 51 F8       lock xadd   dword ptr [rcx-8],edx
   197:
   198:     return Object;
000000013FAC4A55 48 8B C1             mov         rax,rcx
   199: }
000000013FAC4A58 C3                   ret
--- not source code --------------------------------------------------------

Possible problem source in to (?????):

--- plugins/OnlineChecks/main.c    Thu Jan 25 15:58:49 2018
+++ plugins/OnlineChecks/main.c    Fri Jan 26 15:03:21 2018
@@ -291,7 +291,7 @@
     sendToMenu = PhPluginCreateEMenuItem(PluginInstance, 0, 0, L"Sen&d to", NULL);
     PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_HYBRIDANALYSIS_UPLOAD, L"&hybrid-analysis.com", FileName), -1);
     PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_VIRUSTOTAL_UPLOAD, L"&virustotal.com", FileName), -1);
-    PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_JOTTI_UPLOAD, L"virusscan.&jotti.org", FileName), -1);
+//    PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_JOTTI_UPLOAD, L"virusscan.&jotti.org", FileName), -1);
 
     if (ProcessesMenu && (menuItem = PhFindEMenuItem(Parent, PH_EMENU_FIND_STARTSWITH, L"Search online", 0)))
     {
@@ -370,7 +370,7 @@
     sendToMenu = PhPluginCreateEMenuItem(PluginInstance, 0, 0, L"Sen&d to", NULL);
     PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_HYBRIDANALYSIS_UPLOAD_SERVICE, L"&hybrid-analysis.com", serviceItem ? serviceItem : NULL), -1);
     PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_VIRUSTOTAL_UPLOAD_SERVICE, L"&virustotal.com", serviceItem ? serviceItem : NULL), -1);
-    PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_JOTTI_UPLOAD_SERVICE, L"virusscan.&jotti.org", serviceItem ? serviceItem : NULL), -1);
+//    PhInsertEMenuItem(sendToMenu, PhPluginCreateEMenuItem(PluginInstance, 0, MENUITEM_JOTTI_UPLOAD_SERVICE, L"virusscan.&jotti.org", serviceItem ? serviceItem : NULL), -1);
     PhInsertEMenuItem(menuInfo->Menu, PhCreateEMenuSeparator(), -1);
     PhInsertEMenuItem(menuInfo->Menu, sendToMenu, -1);
 
--- plugins/OnlineChecks/upload.c    Thu Jan 25 15:58:49 2018
+++ plugins/OnlineChecks/upload.c    Fri Jan 26 15:01:30 2018
@@ -30,8 +30,8 @@
     { MENUITEM_HYBRIDANALYSIS_UPLOAD_SERVICE, L"www.hybrid-analysis.com", L"/api/submit", L"file" },
     { MENUITEM_VIRUSTOTAL_UPLOAD, L"www.virustotal.com", L"???", L"file" },
     { MENUITEM_VIRUSTOTAL_UPLOAD_SERVICE, L"www.virustotal.com", L"???", L"file" },
-    { MENUITEM_JOTTI_UPLOAD, L"virusscan.jotti.org", L"/en-US/submit-file?isAjax=true", L"sample-file[]" },
-    { MENUITEM_JOTTI_UPLOAD_SERVICE, L"virusscan.jotti.org", L"/en-US/submit-file?isAjax=true", L"sample-file[]" },
+//    { MENUITEM_JOTTI_UPLOAD, L"virusscan.jotti.org", L"/en-US/submit-file?isAjax=true", L"sample-file[]" },
+//    { MENUITEM_JOTTI_UPLOAD_SERVICE, L"virusscan.jotti.org", L"/en-US/submit-file?isAjax=true", L"sample-file[]" },
 };
 
 VOID RaiseUploadError(

but plug-in OnlineChecks send any files to virusscan.jotti.org success and also this service work success - I send file to check and after little time can see callback report in to browser.

Also, other user messages about errors are associated with this menu, but I'm checking them for now because I'm not sure that there is no random error in the user's local settings.
@VictorVG
Copy link
Author

Also, other user messages about errors are associated with this menu, but I'm checking them for now because I'm not sure that there is no random error in the user's local settings.

The second message (I spoke about him yesterday) by ItsJustMe on forum.ru-board.com:

By the way, I'll add another interesting bug to the collection: select the second item from there (Upload file to VirusTotal ...) and click Cancel in the file selection dialog (if you really try to download something, it will be even worse, so we will not download anything , just click Cancel.) Admire the multiplication of ProcessHackers'

not confirmed. The phenomenon could not be reproduced on thirty independent machines.

dmex added a commit that referenced this issue Jan 28, 2018
@dmex
OnlineChecks: Fix crash #231
593e938
@VictorVG
Copy link
Author

I build and test Git 593e938 - work success, but hybrid-analysis.com service on the one hand is funny, on the other extremely drowsy - waiting for less than 2.5 hours, I have not seen them, and only accepts PE32 / PE64 files for any other answers with a blunder saying we got it wrong. :)

screen-2018-01-28_20-51-06

His colleagues at least first think, and after they swear, and these first swear, and then look at whose address the volley was given. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@VictorVG