Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unhandled C++ exception: x8664Cpu::setConcreteRegisterValue() #138

Open
TERESH1 opened this issue Jun 15, 2023 · 1 comment
Open

Unhandled C++ exception: x8664Cpu::setConcreteRegisterValue() #138

TERESH1 opened this issue Jun 15, 2023 · 1 comment

Comments

@TERESH1
Copy link

TERESH1 commented Jun 15, 2023

Ponce v0.3.7

IDA 7.7

Windbg(x64) debugger

Analyzed executable: https://crackmes.one/crackme/62c5da5d33c5d44a934e9684 (The password for the files is "crackmes.one")

After symbolizing password memory and deepening into the strcmp function, I get an exception on the instructions msvcrt:75F096A8 test edx, 3:

Unhandled C++ exception: x8664Cpu::setConcreteRegisterValue(): You cannot set this concrete value (too big) to this register.

image

Log:

[+] Symbolizing memory from 0x61feb6 to 0x61febe. Total: 8 bytes
[+] Triton asking IDA for not syncronized memory address: 0x61feb6 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feb7 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feb8 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feb9 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61feba Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61febb Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61febc Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for not syncronized memory address: 0x61febd Size: 1. Value: 0x0 
[+] Triton asking IDA for already syncronized memory address: 0x61feb6 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feb7 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feb8 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feb9 Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61feba Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61febb Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61febc Size: 1. Value: 0x61 (a)
[+] Triton asking IDA for already syncronized memory address: 0x61febd Size: 1. Value: 0x0 
[+] Triton asking IDA for not syncronized register: rsp. IDA returns value: 0x61fea0 
[+] Triton at 0x401493 : call 0x403b38 (Thread id: 8168)
warning: bad size for register 43 from the debugger.warning: bad size for register 44 from the debugger.warning: bad size for register 45 from the debugger.warning: bad size for register 46 from the debugger.warning: bad size for register 47 from the debugger.warning: bad size for register 48 from the debugger.warning: bad size for register 49 from the debugger.warning: bad size for register 50 from the debugger.warning: bad size for register 68 from the debugger.warning: bad size for register 69 from the debugger.warning: bad size for register 70 from the debugger.warning: bad size for register 71 from the debugger.warning: bad size for register 72 from the debugger.warning: bad size for register 73 from the debugger.warning: bad size for register 74 from the debugger.warning: bad size for register 75 from the debugger.Snapshot Taken
[+] Triton asking IDA for not syncronized memory address: 0x80bd32 Size: 8. Value: 0xd61000000000007e (~)
[+] Triton asking IDA for already syncronized register: rip. IDA returns value: 0x403b38 (8)
[+] Triton at 0x403b38 : jmp qword ptr [rip + 0x4081f4] (Thread id: 8168)
[+] Triton asking IDA for not syncronized register: rsp. IDA returns value: 0x61fe9c 
[+] Triton asking IDA for not syncronized memory address: 0x61fea0 Size: 4. Value: 0x61feb6 
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c 
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c 
[+] Triton at 0x75f096a0 : mov edx, dword ptr [rsp + 4] (Thread id: 8168)
PDBSRC: loading symbols for 'C:\WINDOWS\SysWOW64\msvcrt.dll'...
PDB: using PDBIDA provider
PDB: loading C:\Users\S6E22~1.TER\AppData\Local\Temp\ida\msvcrt.pdb\675427DAB9959F5DC0C0DCEF99DD36CE1\msvcrt.pdb
PDB: There is no type information
PDB: There is no IPI stream
Expected data back.
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c 
[+] Triton asking IDA for not syncronized memory address: 0x61fea4 Size: 4. Value: 0x407070 (p)
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c 
[+] Triton asking IDA for already syncronized register: rsp. IDA returns value: 0x61fe9c 
[+] Triton at 0x75f096a4 : mov ecx, dword ptr [rsp + 8] (Thread id: 8168)

But for Ponce v0.3.3 it just prints to the "Output": Instruction at 0x75f096a8 not supported by Triton: test edx, 3 (Thread id: ####)
@illera88
Copy link
Owner

Thanks for the report.

Unfortunately I won't be able to take a look at it until early september. @0ca can you check this out? Otherwise I will in Sept.

Cheer

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@illera88 @TERESH1