New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

32dbg crash upon restarting target #1722

Closed
reverser69 opened this Issue Sep 16, 2017 · 7 comments

Comments

Projects
None yet
3 participants
@reverser69

reverser69 commented Sep 16, 2017

hi
i traced the target a little and put some bp/comment.now when restarting that target, 32dbg crashes but target continues to be executed.
tried cleaning db folder but continues to crash.where else 32dbg saves its data base?
changed target's folder, traced again and placed some bp/label/comment, crash again.
even attaching 32dbg to that process causes it to crash


Unhandled exception at 0x73B796C2 (KernelBase.dll) in x32dbg.exe: 0x0EEDFADE (parameters: 0x09F49944, 0x0A111220, 0x09F49944, 0x09F4A718, 0x5C503BA0, 0x0A7DF8B4, 0x0A7DF8A8).


dump file (via vs2015):
http://www.mediafire.com/file/9y5751ltugvdv98/x32dbg.7z

@mrexodia

This comment has been minimized.

Show comment
Hide comment
@mrexodia

mrexodia Sep 17, 2017

Member

which snapshot?

Member

mrexodia commented Sep 17, 2017

which snapshot?

@reverser69

This comment has been minimized.

Show comment
Hide comment
@reverser69

reverser69 Sep 18, 2017

what do you mean?
btw, i think its the bp causing the crash

reverser69 commented Sep 18, 2017

what do you mean?
btw, i think its the bp causing the crash

@mrexodia

This comment has been minimized.

Show comment
Hide comment
@mrexodia

mrexodia Sep 18, 2017

Member

Which x64dbg version (snapshot) was the crash on? Also, do you have a different interface language?

Member

mrexodia commented Sep 18, 2017

Which x64dbg version (snapshot) was the crash on? Also, do you have a different interface language?

@reverser69

This comment has been minimized.

Show comment
Hide comment
@reverser69

reverser69 Sep 19, 2017

aug 11 2017
and no interface

reverser69 commented Sep 19, 2017

aug 11 2017
and no interface

@Mattiwatti

This comment has been minimized.

Show comment
Hide comment
@Mattiwatti

Mattiwatti Oct 4, 2017

Contributor

Looking at the dump file, the crash is pretty clearly caused by a plugin and not x32dbg:

 # ChildEBP RetAddr  Args to Child              
00 0a7df874 09f49944 0eedfade 00000001 00000007 KERNELBASE!RaiseException+0x62
WARNING: Stack unwind information not available. Following frames may be wrong.
01 0a7df8b4 09f49944 0a7df8e4 09f499dd 0a7df8dc BreakModule!TMethodImplementationIntercept+0x202e50
02 0a7df8dc 09f49f80 0a7df918 09f49f9b 0a7df900 BreakModule!TMethodImplementationIntercept+0x202e50
03 0a7df900 09ce2c19 5c503ba0 0a7dfab0 0a7df9d8 BreakModule!TMethodImplementationIntercept+0x20348c
04 0a7df9c0 09ce407c 00000000 042f43c4 042f4430 BreakModule+0x2c19
05 0a7dfa48 09ce65c4 0a7dfab0 0a7dfa90 5c48b549 BreakModule+0x407c
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for x32dbg.dll - 
06 0a7dfa54 5c48b549 00000000 0a7dfab0 0c5e5904 BreakModule!CBINITDEBUG+0xc
07 0a7dfa90 5c469787 00000000 0a7dfab0 5c504340 x32dbg!DllMain+0xcb19
08 0a7dfb24 5c46a3ad 5c502f20 00000000 0a7dfb48 x32dbg+0x49787
09 0a7dfb34 748662c4 5c502f20 748662a0 fa8eaf56 x32dbg+0x4a3ad
0a 0a7dfb48 76fa0609 5c502f20 02d9aae6 00000000 kernel32!BaseThreadInitThunk+0x24
0b 0a7dfb90 76fa05d4 ffffffff 76fc2514 00000000 ntdll!__RtlUserThreadStart+0x2f
0c 0a7dfba0 00000000 5c46a3a0 5c502f20 00000000 ntdll!_RtlUserThreadStart+0x1b

Since I haven't got debug symbols for either this version of x32dbg or the plugin, the symbol names aren't overly helpful... but I think it's pretty clear which DLL is the guilty one here. x32dbg isn't doing anything interesting other than calling each plugin that has a CBINITDEBUG callback registered.

Contributor

Mattiwatti commented Oct 4, 2017

Looking at the dump file, the crash is pretty clearly caused by a plugin and not x32dbg:

 # ChildEBP RetAddr  Args to Child              
00 0a7df874 09f49944 0eedfade 00000001 00000007 KERNELBASE!RaiseException+0x62
WARNING: Stack unwind information not available. Following frames may be wrong.
01 0a7df8b4 09f49944 0a7df8e4 09f499dd 0a7df8dc BreakModule!TMethodImplementationIntercept+0x202e50
02 0a7df8dc 09f49f80 0a7df918 09f49f9b 0a7df900 BreakModule!TMethodImplementationIntercept+0x202e50
03 0a7df900 09ce2c19 5c503ba0 0a7dfab0 0a7df9d8 BreakModule!TMethodImplementationIntercept+0x20348c
04 0a7df9c0 09ce407c 00000000 042f43c4 042f4430 BreakModule+0x2c19
05 0a7dfa48 09ce65c4 0a7dfab0 0a7dfa90 5c48b549 BreakModule+0x407c
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for x32dbg.dll - 
06 0a7dfa54 5c48b549 00000000 0a7dfab0 0c5e5904 BreakModule!CBINITDEBUG+0xc
07 0a7dfa90 5c469787 00000000 0a7dfab0 5c504340 x32dbg!DllMain+0xcb19
08 0a7dfb24 5c46a3ad 5c502f20 00000000 0a7dfb48 x32dbg+0x49787
09 0a7dfb34 748662c4 5c502f20 748662a0 fa8eaf56 x32dbg+0x4a3ad
0a 0a7dfb48 76fa0609 5c502f20 02d9aae6 00000000 kernel32!BaseThreadInitThunk+0x24
0b 0a7dfb90 76fa05d4 ffffffff 76fc2514 00000000 ntdll!__RtlUserThreadStart+0x2f
0c 0a7dfba0 00000000 5c46a3a0 5c502f20 00000000 ntdll!_RtlUserThreadStart+0x1b

Since I haven't got debug symbols for either this version of x32dbg or the plugin, the symbol names aren't overly helpful... but I think it's pretty clear which DLL is the guilty one here. x32dbg isn't doing anything interesting other than calling each plugin that has a CBINITDEBUG callback registered.

@mrexodia

This comment has been minimized.

Show comment
Hide comment
@mrexodia

mrexodia Oct 4, 2017

Member

Also the BreakModule plugin is built into x64dbg...

Member

mrexodia commented Oct 4, 2017

Also the BreakModule plugin is built into x64dbg...

@reverser69

This comment has been minimized.

Show comment
Hide comment
@reverser69

reverser69 Oct 6, 2017

deleted BreakModule
no crash by now but ill let you know if any shows up

reverser69 commented Oct 6, 2017

deleted BreakModule
no crash by now but ill let you know if any shows up

@mrexodia mrexodia closed this Nov 6, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment