I has found and fix the bug under win64 platform

delphi package - automated exception handling
Post Reply
q675318
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

I has found and fix the bug under win64 platform

Post by q675318 »

In madTools.pas fix "function MethodToProcedure" under win64;


var s1arr:array[0..79] of byte=($48,$81,$ec,$00,$00,$00,$00,
$48,$89,$84,$24,$00,$00,$00,$00,
$48,$8b,$84,$24,$00,$00,$00,$00,
$48,$89,$44,$24,$08,
$48,$8b,$84,$24,$00,$00,$00,$00,
$48,$89,$44,$24,$10,
$48,$8b,$84,$24,$00,$00,$00,$00,
$48,$89,$44,$24,$18,
$4c,$89,$4c,$24,$20,
$4d,$89,$c1,
$49,$89,$d0,
$48,$89,$ca,
$66,$0f,$6f,$da,
$66,$0f,$6f,$d1,
$66,$0f,$6f,$c8);
var s2arr:array[0..15] of byte=($48,$8b,$84,$24,0,0,0,0,
$48,$89,$84,$24,0,0,0,0);
var s22arr:array[0..54] of byte=($48,$8b,$84,$24,0,0,0,0,
$48,$b9,0,0,0,0,0,0,0,0,
$48,$89,$8c,$24,0,0,0,0,
$48,$b9,0,0,0,0,0,0,0,0,
$48,$89,$0c,$24,
$ff,$94,$24,0,0,0,0,
$48,$81,$c4,0,0,0,0,
$c3);

setlength(s1,80);
copymemory(Pansichar(s1),@s1arr[0],80);
.......

setlength(s2,16);
copymemory(Pansichar(s2),@s2arr[0],16);
.......
setlength(s2,55);
copymemory(Pansichar(s2),@s22arr[0],55);


then It's Work Ok!
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: I has found and fix the bug under win64 platform

Post by madshi »

Hmmmm... It seems you just replaced the string constant with a byte array, is that correct? What was wrong with the string constant? Did you get a crash? Or did it not compile? Do you know why it was not working for you?

Thank you!
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: I has found and fix the bug under win64 platform

Post by madshi »

P.S: So this fixes the problem you reported in this thread:

viewtopic.php?f=4&t=28641

Is that correct?

I wonder if it might have something to do with string locales. Could you compare the contents of "s1" and "s2" and "s2", using your "byte array" vs my "string constant"? There must be a difference in the resulting "s1" and "s2" variables, I think? Maybe because you're in a different country, Delphi somehow tries to "translate" the string constant in my code somehow, but it doesn't do that on my PC? That would explain why it seems to work for me, but fail for you.

If you check the "s2" variable, when using my original code, I think probably some of the chars/bytes will be damaged by Delphi somehow on your PC (but not on mine).
q675318
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

Re: I has found and fix the bug under win64 platform

Post by q675318 »

在 10.3中,字符串中间如果有#0这样的字符,可能会被编译器优化截断,导致了您在64位下的shellcode可能不准确!
In 10.3, if there is a character like #0 in the middle of the string, it may be optimally truncated by the compiler, resulting in your shellcode under 64 bits may not be accurate!
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: I has found and fix the bug under win64 platform

Post by madshi »

But then why does the madTools.dcu that I've compiled work? Is it different compiler settings, maybe?
q675318
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

Re: I has found and fix the bug under win64 platform

Post by q675318 »

madshi wrote:Hmmmm... It seems you just replaced the string constant with a byte array, is that correct? What was wrong with the string constant? Did you get a crash? Or did it not compile? Do you know why it was not working for you?

Thank you!
我用调试工具反汇编编译好的64位程序,发现MethodToProcedure 函数里的shellcode 有时候编译出来并不准确,感觉s1 这个字符串被优化掉了,换成字节模式后,多次测试是准确的!
I used debugging tools to disassemble the compiled 64-bit program, found that the methodtoprocedure function of the shellcode sometimes compiled is not accurate, feel S1 this string was optimized, replaced by byte mode, multiple tests are accurate! ...
q675318
Posts: 16
Joined: Sun Dec 02, 2018 9:29 pm

Re: I has found and fix the bug under win64 platform

Post by q675318 »

madshi wrote:But then why does the madTools.dcu that I've compiled work? Is it different compiler settings, maybe?
具体原因我也不清楚,我另外一台机器编译就正常,有两台编译不正常,但是用字节模式,所有机器全部正常!
The specific reason I do not know, my other machine compilation is normal, there are two of the compilation is not normal, but in byte mode, all machines are normal!
madshi
Site Admin
Posts: 10754
Joined: Sun Mar 21, 2004 5:25 pm

Re: I has found and fix the bug under win64 platform

Post by madshi »

Ok, I'll change the code in the next build, thanks. I just wish I could reproduce the problem... :sorry:
Post Reply