Error while dumping #34
Comments
|
Can you share the sample? |
|
No
чт, 3 окт. 2019 г., 13:00 Samuel Hopstock <notifications@github.com>:
… Can you share the sample?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#34?email_source=notifications&email_token=AEDYZMIFKWZNSCUYWKO45HTQMW7FBA5CNFSM4I5A56UKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOEAHVV2A#issuecomment-537877224>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEDYZMLEFRW424MC4BJT53DQMW7FBANCNFSM4I5A56UA>
.
|
|
First trace callback was after log-message And after that all hooks were failed (besides already existed) |
|
We'll look into this |
|
Error (UC_ERR_READ_UNMAPPED) was while fixing imports in ASPacked file |
|
So the error in the import rebuilding process seems to indicate that we are not able to find the import address table inside your sample. You could change the The second thing when the crash occured in apicalls.add_hook seems like your sample calls GetProcAddress so often that we did not reserve enough space in our hook region. This is something that we can fix. The last thing about an unimplemented API call could be added, but heap handling is currently not supported, as we only saw it in an armadillo sample. But as I said in another issue, unpacking armadillo works in a completely different way, so we didn't look into heap stuff any more. It's not something that packers usually do. |
I have the same problem unpacking this file (gziped to reduce size): |
I have error while dumping UPX-file.
image_dump.py (line 208, fix_imports_by_rebuilding->line 170, find_iat): IndexError in lx = possible_ptrs[-1].
Before dumping I had some errors like raiseUcError(status) Invalid memory write (UC_ERR_WRITE_UNMAPPED) after message GetProcAddress:..... accept
Unfortunately I cannot place trace log here.
The text was updated successfully, but these errors were encountered: