APP CRASH (acprotect-hostname.exe) sandboxing addr16 push %fs:0x00[4byte]
Created by: Simorfo
With version 6.2.0-2 of DynamoRio The latest build does not solve the problem
On Windows 7, with a 32 bit application, acprotect-hostname.exe the classic hostname software packed with acprotect
I run it with (no client) C:\rio\bin32\drrun.exe -- acrotect-hostname.exe
The expected output is a line with the hostname. Instead we get a crash with message
SYSLOG_ERROR: Usage error: encode error: invalid 16-bit base+index (encode.c, line 1622)
The problem is sandboxing following instruction
64 67 ff 36 00 00 addr16 push %fs:0x00[4byte] %sp -> %sp 0xfffffffc(%sp)[4byte]
I think that the second destination operand should be 0xfffffffc(%esp)[4byte]
(32 bit esp instead of 16 bit esp)
With sandboxing, we try to insert lea 0xfffffffc(%sp) -> %ebx
but we cannot encode 0xfffffffc(%sp)
as an argument for lea.
I will submit a pull request with a simple test shortly