Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash when analyzing XAP file #3379

Closed
1 of 3 tasks
mirh opened this issue Oct 2, 2024 · 3 comments · Fixed by #3380
Closed
1 of 3 tasks

Crash when analyzing XAP file #3379

mirh opened this issue Oct 2, 2024 · 3 comments · Fixed by #3380
Labels
rizin Needs changes into rizin codebase.

Comments

@mirh
Copy link

mirh commented Oct 2, 2024

Environment information

  • Operating System: W10 22H2
  • Cutter version: 2.3.4
  • Obtained from:
    • Built from source
    • Downloaded release from Cutter website or GitHub
    • Distribution repository
  • File format: XAP

To Reproduce

Steps to reproduce the behavior:

  1. Open this file
  2. Set architecture to xap
  3. Do any sort of analysis

Additional context

Critical error detected c0000374
cutter.exe caused an Unknown [0xC0000374] Exception at location 00007FFBCF68F349 in module ntdll.dll.

AddrPC           Params
00007FFBCF68F349 00007FFB8D35E9E0 0000008A1B6FB940 00007FFBCF6CE450  ntdll.dll!RtlReportFatalFailure+0x9
00007FFBCF68F313 0000000000000000 00007FFBCF6F97F0 0000000000000003  ntdll.dll!RtlReportCriticalFailure+0x97
00007FFBCF698092 0000000000000003 0000000000000000 000001B1EBAF0000  ntdll.dll!RtlpHeapHandleError+0x12
00007FFBCF69837A 000001B1EBAF0000 000001B1EBAF0000 0000000000000010  ntdll.dll!RtlpHpHeapHandleError+0x7a
00007FFBCF69E001 0000000000000000 0000000000000010 0000000000000003  ntdll.dll!RtlpLogHeapFailure+0x45
00007FFBCF637442 000001B1F437D280 000001B1EBAF0000 000001B1F3B57901  ntdll.dll!RtlpFreeHeapInternal+0x81d32
00007FFBCF5B47B1 000001B1F3AE8B70 0000000000000000 0000000000000000  ntdll.dll!RtlFreeHeap+0x51
00007FFBCD44F05B 0000008A1B6F9EB0 00007FFB00000000 000001B1F3B57980  ucrtbase.dll!_free_base+0x1b
00007FFBA6E7360B 000001B1F3553C80 0000000000000000 000001B1F3553C80  rz_debug-0.7.dll!rz_debug_set_arch+0xab
00007FFB7F1D9C50 000001B1F4E45640 0000000000000000 000001B1F3A34D30  rz_core-0.7.dll!rz_core_sym_name_init+0x2b70
00007FFBC3BD2239 000001B1FC961010 0000000000000012 000001B1F3553C80  rz_config-0.7.dll!rz_config_set_i+0x1a9
00007FFB7F20C0EC 000001B1F3553C80 000001B1FC961010 0000000000000012  rz_core-0.7.dll!rz_core_syscall_as_string+0x196c
00007FFB7F219A23 000001B1FC678310 0000000000000020 0000008A1B6FA2B0  rz_core-0.7.dll!rz_core_print_disasm+0xab3
00007FF688B319B4 000001B1F42FE1A0 00007FFB6C460020 000001B100000005  cutter.exe!CutterJson::last+0xbe64
00007FF688B3312A 000001B1FE0F8750 000001B1FA62FF10 000001B1FE0F8750  cutter.exe!CutterJson::last+0xd5da
00007FF688B32A71 000001B1FE0F8750 0000000000000000 0000008A1B6FA619  cutter.exe!CutterJson::last+0xcf21
00007FFB6C35C1E0 000001B1F3ACAE01 000001B1FD8587A0 0000000000000000  Qt5Core.dll!QObject::qt_static_metacall+0x1330
00007FFB8D044FC3 000001B1FD8587A0 000001B1FE0FA801 0000000000000000  Qt5Widgets.dll!QDockWidget::visibilityChanged+0x33
00007FFB8D0465C3 00000014000000F8 000001B1F3ACA8C0 000001B1F3ACAE60  Qt5Widgets.dll!QDockWidgetLayout::wmSupportsNativeWindowDeco+0x1583
00007FFB8D074279 000001B1F3ACA8C0 000001B1FE181380 0000000000000000  Qt5Widgets.dll!QStatusBar::tr+0x659
00007FFB6C35C21D 0000000000000001 0000000000000002 0000000000000001  Qt5Core.dll!QObject::qt_static_metacall+0x136d
00007FFB8D0D0A20 0000000000000002 000001B1FD8587A0 0000008A1B6FB200  Qt5Widgets.dll!QTabBar::setCurrentIndex+0x180
00007FFB8D050DE2 000001B1F340C800 000001B1F3ACA8C0 000001B1F39C2B18  Qt5Widgets.dll!QDockWidgetLayout::wmSupportsNativeWindowDeco+0xbda2
00007FFB8D041928 000001B1EBB1B100 000001B1EBB1BEB0 000001B1FD8587A0  Qt5Widgets.dll!QDockWidget::event+0x228
00007FFB8CF4797A 00007FFB8CF30000 0000008A1B6FAB30 0000008A1B6FB200  Qt5Widgets.dll!QApplicationPrivate::notify_helper+0x13a
00007FFB8CF469D7 000000000000007C 0000008A1B6FB200 000001B1FE1BA340  Qt5Widgets.dll!QApplication::notify+0x1ae7
00007FFB6C33C669 000000000000007C 0000000000000098 000000000000007C  Qt5Core.dll!QCoreApplication::notifyInternal2+0xb9
00007FFB8CF75111 000001B1FE1BA340 000001B1FD8587A0 0000008A1B6FB340  Qt5Widgets.dll!QWidget::raise+0x1d1
00007FF688B5B633 0000000000000000 000001B1FC0B1880 0000000000000000  cutter.exe!MainWindow::setViewLayout+0x743
00007FF688B4F318 000001B100000002 000001B1F431C590 000001B1EBB47F70  cutter.exe!MainWindow::finalizeOpen+0x2e8
00007FFB6C365844 000001B1F340C800 000001B1FA74C780 0000000000000000  Qt5Core.dll!QMetaCallEvent::placeMetaCall+0x34
00007FFB6C363F93 0000000000000000 0000000000000000 0000C48F00000000  Qt5Core.dll!QObject::event+0x183
00007FFB8CF6D43F 000001B1EBB1B100 000001B1F340C800 000001B1F340C800  Qt5Widgets.dll!QWidget::event+0xf1f
00007FFB8CF4797A 00007FFB8CF30000 0000008A1B6FBA40 000001B1F49339F0  Qt5Widgets.dll!QApplicationPrivate::notify_helper+0x13a
00007FFB8CF469D7 000001B1F49339F0 000001B1F49339F0 FFFFFFFFFFFFFFFE  Qt5Widgets.dll!QApplication::notify+0x1ae7
00007FFB6C33C669 000001B1F4933970 0000000000000000 000001B1F49339F0  Qt5Core.dll!QCoreApplication::notifyInternal2+0xb9
00007FFB6C33E39E 000001B1F49339F0 0000000000000000 000001B1EBB786D0  Qt5Core.dll!QCoreApplicationPrivate::sendPostedEvents+0x22e
00007FFB98526D8F 0000000000000000 0000000000000000 000001B1EBB17F78  qwindows.dll!qt_plugin_query_metadata+0x20af
00007FFB6C387830 000001B1EBB786D0 0000000000000000 000001B1EBB1B100  Qt5Core.dll!QEventDispatcherWin32::processEvents+0x70
00007FFB98526D69 0000000000000000 0000000000000014 000001B1FC1C0310  qwindows.dll!qt_plugin_query_metadata+0x2089
00007FFB6C33861B 000001B1EBB26B78 0000000000000000 00007FF688CA8E20  Qt5Core.dll!QEventLoop::exec+0x1db
00007FFB6C33B5DB 00007FF688CA8E20 000001B1EBB1B600 00007FFB00000004  Qt5Core.dll!QCoreApplication::exec+0x14b
00007FF688B01B2A 0000000000000001 0000000000000000 000001B1EBB45720  cutter.exe!AddressableItemContextMenu::xrefsTriggered+0x41a
00007FF688C801D7 0000000000000000 0000000000000000 0000000000000000  cutter.exe!PyInit_CutterBindings+0x2b0d7
00007FF688C7F7A2 0000000000000000 0000000000000000 0000000000000000  cutter.exe!PyInit_CutterBindings+0x2a6a2
00007FFBCDC17344 0000000000000000 0000000000000000 0000000000000000  KERNEL32.DLL!BaseThreadInitThunk+0x14
00007FFBCF5E26B1 0000000000000000 0000000000000000 0000000000000000  ntdll.dll!RtlUserThreadStart+0x21
@wargio
Copy link
Member

wargio commented Oct 2, 2024
edited
Loading

we do not even support it as format.
Edit: i just noticed that is an arch, not a format.

@XVilka
Copy link
Member

XVilka commented Oct 2, 2024
edited
Loading

We support XAP architecture.
I opened it directly with the Rizin and it's indeed quite broken, though doesnt crash:

[0x00000a20]> pdf
     ╎╎╎╎   ; CALL XREF from fcn.00000a20 @ +0x20
╭ fcn.00000a20();
│    ╎╎╎╎   0x00000a20      1400           ld
│    ╎╎╎╎   0x00000a22      35e0           add
│    ╎╎╎╎   0x00000a24      846a           cmp
│    ╎╎╎╎   0x00000a26      0002
│   ╭─────< 0x00000a28      f858           bcc
│   │╎╎╎╎   0x00000a2a      19e1           ld
│   │╎╎╎╎   0x00000a2c      0076
│   │╎╎╎╎   0x00000a2e      1a47           ld
│   │╎╎╎╎   0x00000a30      09fe           brx
..
    │ ╎╎╎   ; CALL XREF from fcn.000009f2 @ 0x9fe
    │ ╎╎╎   ; CALL XREF from fcn.000009f2 @ 0xa18
    │ ╎╎╎   ; CALL XREF from fcn.000009ac @ 0x9d2
│  │ │ ╎╎   ; CALL XREF from fcn.00000a4e @ 0xa5a
    │ │╎╎   ; CALL XREF from fcn.000009f2 @ 0xa0e
│   ╰─────> 0x00000a82      b5e0           or
│     ││╎   0x00000a84      0005
│     ││╎   0x00000a86      2539           st
│     ││╎   ; CALL XREF from fcn.00000a20 @ 0xa90
│     ││╎   0x00000a88      0005
│     ││╎   0x00000a8a      140f           ld
│     ││╎   0x00000a8c      0001
│     ││╎   0x00000a8e      0039
│     ││╎   0x00000a90      9cf6           bsr
│     ││╎   0x00000a92      0002
│     ││╭─< 0x00000a94      e022           bra
..
│     │││   ; CODE XREF from fcn.00000a4e @ 0xa62
│      ││   ; CODE XREF from fcn.00000a6c @ 0xa70
│      ││   ; CODE XREF from fcn.00000a20 @ 0xa94
│      │╰─> 0x00000abc      007a
│      │    0x00000abe      9c48           bsr                         ; fcn.00000b08
│      │    0x00000ac0      1318           ld
╰      ╰──> 0x00000ac2      3002           add
[0x00000a20]>

@XVilka XVilka added the rizin Needs changes into rizin codebase. label Oct 2, 2024
@XVilka XVilka mentioned this issue Oct 3, 2024
Merged
3 tasks
@XVilka
Copy link
Member

XVilka commented Oct 4, 2024

It doesn't crash now but there are few missing opcodes left: rizinorg/rizin#4661

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
rizin Needs changes into rizin codebase.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Rizin to the latest dev rizinorg/cutter
3 participants
@XVilka @wargio @mirh