APP CRASH (telock99-hostname.exe) single step execution
Created by: Simorfo
With version 6.2.0-2 of DynamoRio The latest build does not solve the problem
On Windows 7, with a 32 bit application, telock99-hostname.exe the classic hostname software packed with telco
I run it with (no client) C:\rio\bin32\drrun.exe -- antiRE.exe
The expected output is a line with the hostname. Instead we get an application end.
The problem seems to come from a single step execution
TAG 0x01005d44
+0 L3 9c pushf %esp -> %esp 0xfffffffc(%esp)[4byte]
+1 L3 81 0c 24 00 01 00 00 or $0x00000100 (%esp)[4byte] -> (%esp)[4byte]
+8 L3 75 02 jnz $0x01005d50
END 0x01005d44TAG 0x01005d50
+0 L3 9d popf %esp (%esp)[4byte] -> %esp
+1 L3 eb 01 jmp $0x01005d54
END 0x01005d50The trap flag is set with pop instruction. We get an exception with ExceptionCode = 0x80000004 (EXCEPTION_SINGLE_STEP) The problem is that ExceptionAddress is the EIP after the execution instruction , so it is the jump target So the following condition is true in check_internal_exception in callback.c
if (is_dynamo_address((app_pc)pExcptRec->ExceptionAddress) &&
!in_fcache(pExcptRec->ExceptionAddress) ) {because the jump target is not yet in fcache.
I guess that this condition should be modified, adding something like && pExcptRec->ExceptionCode != EXCEPTION_SINGLE_STEP