I has found and fix the bug under win64 platform

delphi package - automated exception handling

I has found and fix the bug under win64 platform

Postby q675318 » Tue Dec 04, 2018 1:50 pm

In madTools.pas fix "function MethodToProcedure" under win64;


var s1arr:array[0..79] of byte=($48,$81,$ec,$00,$00,$00,$00,
$48,$89,$84,$24,$00,$00,$00,$00,
$48,$8b,$84,$24,$00,$00,$00,$00,
$48,$89,$44,$24,$08,
$48,$8b,$84,$24,$00,$00,$00,$00,
$48,$89,$44,$24,$10,
$48,$8b,$84,$24,$00,$00,$00,$00,
$48,$89,$44,$24,$18,
$4c,$89,$4c,$24,$20,
$4d,$89,$c1,
$49,$89,$d0,
$48,$89,$ca,
$66,$0f,$6f,$da,
$66,$0f,$6f,$d1,
$66,$0f,$6f,$c8);
var s2arr:array[0..15] of byte=($48,$8b,$84,$24,0,0,0,0,
$48,$89,$84,$24,0,0,0,0);
var s22arr:array[0..54] of byte=($48,$8b,$84,$24,0,0,0,0,
$48,$b9,0,0,0,0,0,0,0,0,
$48,$89,$8c,$24,0,0,0,0,
$48,$b9,0,0,0,0,0,0,0,0,
$48,$89,$0c,$24,
$ff,$94,$24,0,0,0,0,
$48,$81,$c4,0,0,0,0,
$c3);

setlength(s1,80);
copymemory(Pansichar(s1),@s1arr[0],80);
.......

setlength(s2,16);
copymemory(Pansichar(s2),@s2arr[0],16);
.......
setlength(s2,55);
copymemory(Pansichar(s2),@s22arr[0],55);


then It's Work Ok!
q675318
 
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

Re: I has found and fix the bug under win64 platform

Postby madshi » Sat Dec 08, 2018 10:37 am

Hmmmm... It seems you just replaced the string constant with a byte array, is that correct? What was wrong with the string constant? Did you get a crash? Or did it not compile? Do you know why it was not working for you?

Thank you!
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Re: I has found and fix the bug under win64 platform

Postby madshi » Sat Dec 08, 2018 11:17 am

P.S: So this fixes the problem you reported in this thread:

viewtopic.php?f=4&t=28641

Is that correct?

I wonder if it might have something to do with string locales. Could you compare the contents of "s1" and "s2" and "s2", using your "byte array" vs my "string constant"? There must be a difference in the resulting "s1" and "s2" variables, I think? Maybe because you're in a different country, Delphi somehow tries to "translate" the string constant in my code somehow, but it doesn't do that on my PC? That would explain why it seems to work for me, but fail for you.

If you check the "s2" variable, when using my original code, I think probably some of the chars/bytes will be damaged by Delphi somehow on your PC (but not on mine).
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Re: I has found and fix the bug under win64 platform

Postby q675318 » Sat Dec 08, 2018 4:14 pm

在 10.3中,字符串中间如果有#0这样的字符,可能会被编译器优化截断,导致了您在64位下的shellcode可能不准确!
In 10.3, if there is a character like #0 in the middle of the string, it may be optimally truncated by the compiler, resulting in your shellcode under 64 bits may not be accurate!
q675318
 
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

Re: I has found and fix the bug under win64 platform

Postby madshi » Sat Dec 08, 2018 4:16 pm

But then why does the madTools.dcu that I've compiled work? Is it different compiler settings, maybe?
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm

Re: I has found and fix the bug under win64 platform

Postby q675318 » Sat Dec 08, 2018 4:19 pm

madshi wrote:Hmmmm... It seems you just replaced the string constant with a byte array, is that correct? What was wrong with the string constant? Did you get a crash? Or did it not compile? Do you know why it was not working for you?

Thank you!


我用调试工具反汇编编译好的64位程序,发现MethodToProcedure 函数里的shellcode 有时候编译出来并不准确,感觉s1 这个字符串被优化掉了,换成字节模式后,多次测试是准确的!
I used debugging tools to disassemble the compiled 64-bit program, found that the methodtoprocedure function of the shellcode sometimes compiled is not accurate, feel S1 this string was optimized, replaced by byte mode, multiple tests are accurate! ...
q675318
 
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

Re: I has found and fix the bug under win64 platform

Postby q675318 » Sat Dec 08, 2018 4:20 pm

madshi wrote:But then why does the madTools.dcu that I've compiled work? Is it different compiler settings, maybe?

具体原因我也不清楚,我另外一台机器编译就正常,有两台编译不正常,但是用字节模式,所有机器全部正常!
The specific reason I do not know, my other machine compilation is normal, there are two of the compilation is not normal, but in byte mode, all machines are normal!
q675318
 
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

Re: I has found and fix the bug under win64 platform

Postby madshi » Sat Dec 08, 2018 4:24 pm

Ok, I'll change the code in the next build, thanks. I just wish I could reproduce the problem... :sorry:
madshi
Site Admin
 
Posts: 9880
Joined: Sun Mar 21, 2004 5:25 pm


Return to madExcept

Who is online

Users browsing this forum: No registered users and 3 guests