flat assembler
Message board for the users of flat assembler.

Index > High Level Languages > VC++ null pointer dereference

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
The code you posted seems to be at address 00910B46, not 0004xxxx. That's why I said it is IMO in a DLL.
Post 12 Feb 2011, 15:49
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
The base address changes every execution, but still is in the .text segment.
Post 12 Feb 2011, 16:52
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
00910B46 is in the .text segment of your application, loaded at 00040000? Or is your application itself a DLL? Or how?
Post 12 Feb 2011, 21:21
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Oh, it is loaded and entered at the same address when run, but it seems that when I JIT the crash, the executable is relocated? It still is in the .text segment every time.
Post 13 Feb 2011, 00:16
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
AFAIK, executable can't be relocated (it doesn't have relocations), nor is there any reason to do something like that upon crash. Can you describe steps you took to find out that exception address lies in .text segment of current executable?
Post 13 Feb 2011, 01:16
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
Image

_________________
This is a block of text that can be added to posts you make.
Post 13 Feb 2011, 01:26
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Weird... I don't have any idea why the executable seems to be so high. Who is loaded at 00040000? Does your executable have relocations (addresses in assembly dump are clearly relocated)?

Anyhow, the code in question seems to be at RVA 50E06 in that particular compilation. Is that one of "err_" routines from callback.cpp, found in map file? If so, is that callback.cpp your file, or from 3rd party lib?
Post 13 Feb 2011, 09:10
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17716
Location: In your JS exploiting you and your system
revolution
Is this a .NET "Managed" app?
Post 13 Feb 2011, 09:20
View user's profile Send private message Visit poster's website Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
No, it has win32 as target.

Its load address is 400000, but it probably includes relocations.

The crash section moves, but is always att the same offset from image base.

Image

I found the section in IDA:


Image

Is this a deliberate crash to keep me from dereferencing an unitialized variable?

_________________
This is a block of text that can be added to posts you make.
Post 13 Feb 2011, 13:11
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
Hmmm... http://stackoverflow.com/questions/4863420/signal-handling

Seems this piece of code is rather popular. Where does that err_crash routine come from?
Post 13 Feb 2011, 14:29
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
vid wrote:
AFAIK, executable can't be relocated (it doesn't have relocations), nor is there any reason to do something like that upon crash. Can you describe steps you took to find out that exception address lies in .text segment of current executable?
Executables can be relocated just fine, and it's done purposefully by newer operating systems for the purpose of ASLR. Shouldn't be done in debug builds - are you debugging release builds?

_________________
Image - carpe noctem
Post 13 Feb 2011, 20:11
View user's profile Send private message Visit poster's website Reply with quote
mindcooler



Joined: 01 Dec 2009
Posts: 423
Location: Västerås, Sweden
mindcooler
f0dder wrote:
are you debugging release builds?


Yes, I can't build debug as the library has release symbols.

_________________
This is a block of text that can be added to posts you make.
Post 13 Feb 2011, 21:09
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number Reply with quote
vid
Verbosity in development


Joined: 05 Sep 2003
Posts: 7105
Location: Slovakia
vid
f0dder wrote:
vid wrote:
AFAIK, executable can't be relocated (it doesn't have relocations), nor is there any reason to do something like that upon crash. Can you describe steps you took to find out that exception address lies in .text segment of current executable?
Executables can be relocated just fine, and it's done purposefully by newer operating systems for the purpose of ASLR. Shouldn't be done in debug builds - are you debugging release builds?

But that's only possible if relocations are included. Does the new VS include relocations in executables by default, or...?
Post 13 Feb 2011, 22:23
View user's profile Send private message Visit poster's website AIM Address MSN Messenger ICQ Number Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
vid wrote:
But that's only possible if relocations are included.
Indeed.

vid wrote:
Does the new VS include relocations in executables by default, or...?
Not sure when it was added, but yes - at least VS2010 has "Randomized Base Address" (/DYNAMICBASE linker option) enabled by default in release mode for native win32 apps.
Post 13 Feb 2011, 23:31
View user's profile Send private message Visit poster's website Reply with quote
iic2



Joined: 26 Jun 2008
Posts: 123
iic2
I did not read, so I did not think to post this link here since it is pointer related but may not be related in this case. C++ is new to me. ...

If not needed in both places deleting either is fine.

People are providing tons of links about the issue and I'm getting a real chance to learn stuff about C++ Pointers/References that is not in the textbook, but it still makes no since to me yet and what to use it for Sad


http://www.cplusplus.com/forum/beginner/3958/
Post 19 Feb 2011, 22:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.