Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

External libraries are not loaded on windows native debugger #4107

Closed
gogo2464 opened this issue Jan 15, 2024 · 1 comment
Closed

External libraries are not loaded on windows native debugger #4107

gogo2464 opened this issue Jan 15, 2024 · 1 comment
Labels
Debug RzDebug Windows

Comments

@gogo2464
Copy link
Contributor

gogo2464 commented Jan 15, 2024
edited
Loading

Work environment

Questions Answers
OS/arch/bits (mandatory) Windows
File format of the file you reverse (mandatory) PE
Architecture/bits of the file (mandatory) x64.
.\OUT\bin\rizin.exe -v
rizin 0.7.0 @ windows-x86-64
commit: 9ea0b64

Expected behavior

radare2 -e "scr.color=3" -e "pdb.autoload=true" -d C:\\Users\\USERNAME\\AppData\\Local\\Roblox\\Versions\\version-88cfc23f4e7d4e4b\\RobloxPlayerBeta.exe ;

=> ood

            ;-- RtlUserThreadStart:
            ;-- rip:
            0x7fff74b02690      4883ec78       sub rsp, 0x78
            0x7fff74b02694      4c8bc9         mov r9, rcx
            0x7fff74b02697      488b05529911.  mov rax, qword [pdb.Kernel32ThreadInitThunkFunction]    ; [0x7fff74c1bff0:8]=0
            0x7fff74b0269e      4885c0         test rax, rax
        ,=< 0x7fff74b026a1      7410           je 0x7fff74b026b3
        |   0x7fff74b026a3      4c8bc2         mov r8, rdx
        |   0x7fff74b026a6      488bd1         mov rdx, rcx
        |   0x7fff74b026a9      33c9           xor ecx, ecx
        |   0x7fff74b026ab      ff154f291300   call qword [map.IMAGE____.r__] ;[1] ; [0x7fff74c35000:8]=0x7fff74b50af0 pdb._guard_dispatch_icall_nop
       ,==< 0x7fff74b026b1      eb20           jmp 0x7fff74b026d3
       |`-> 0x7fff74b026b3      488bca         mov rcx, rdx
       |    0x7fff74b026b6      498bc1         mov rax, r9
       |    0x7fff74b026b9      ff1541291300   call qword [map.IMAGE____.r__] ;[1] ; [0x7fff74c35000:8]=0x7fff74b50af0 pdb._guard_dispatch_icall_nop
       |    0x7fff74b026bf      8bc8           mov ecx, eax
       |    0x7fff74b026c1      e88a1f0000     call sym.ntdll.dll_RtlExitUserThread ;[2]
       |    0x7fff74b026c6      90             nop
       |    0x7fff74b026c7      8bd0           mov edx, eax
       |    0x7fff74b026c9      4883c9ff       or rcx, 0xffffffffffffffff
       |    0x7fff74b026cd      e87eae0400     call sym.ntdll.dll_NtTerminateProcess

Actual behavior

.\OUT\bin\rizin.exe -e "pdb.autoload=true" -e "scr.color=3" C:\Users\USERNAME\AppData\Local\Roblox\Versions\version-88cfc23f4e7d4e4b\RobloxPlayerBeta.exe
WARNING: bin_file_strings: search interval size (0x334e800) exeeds bin.maxstrbuf (0xa00000), skipping it.
WARNING: bin_file_strings: search interval size (0x1174000) exeeds bin.maxstrbuf (0xa00000), skipping it.
WARNING: bin_file_strings: search interval size (0x334e800) exeeds bin.maxstrbuf (0xa00000), skipping it.
WARNING: bin_file_strings: search interval size (0x1174000) exeeds bin.maxstrbuf (0xa00000), skipping it.
 -- Seek at relative offsets with 's +<offset>' or 's -<offset>'

            0x7fff74b02690      sub   rsp, 0x78
            0x7fff74b02694      mov   r9, rcx
            0x7fff74b02697      mov   rax, qword [0x7fff74c1bff0]      ; [0x7fff74c1bff0:8]=0
            0x7fff74b0269e      test  rax, rax
        ┌─< 0x7fff74b026a1      je    0x7fff74b026b3
        │   0x7fff74b026a3      mov   r8, rdx
        │   0x7fff74b026a6      mov   rdx, rcx
        │   0x7fff74b026a9      xor   ecx, ecx
        │   0x7fff74b026ab      call  qword IMAGE____.r.7fff74c35000   ;[1] ; [0x7fff74c35000:8]=0x7fff74b50af0
       ┌──< 0x7fff74b026b1      jmp   0x7fff74b026d3
       │└─> 0x7fff74b026b3      mov   rcx, rdx
       │    0x7fff74b026b6      mov   rax, r9
       │    0x7fff74b026b9      call  qword IMAGE____.r.7fff74c35000   ;[1] ; [0x7fff74c35000:8]=0x7fff74b50af0
       │    0x7fff74b026bf      mov   ecx, eax
       │    0x7fff74b026c1      call  0x7fff74b04650                   ;[2]
       │    0x7fff74b026c6      nop
       │    0x7fff74b026c7      mov   edx, eax
       │    0x7fff74b026c9      or    rcx, 0xffffffffffffffff
       │    0x7fff74b026cd      call  0x7fff74b4d550                   ;[3]
       │    0x7fff74b026d2      nop
       └──> 0x7fff74b026d3      add   rsp, 0x78```


The call SYMBOL is not printed yet :(

### Additional Logs, screenshots, source code,  configuration dump, ...

Drag and drop zip archives containing the Additional info here, don't use external services or link.
This was referenced Jan 15, 2024
Open
Merged
@wargio wargio mentioned this issue Jan 15, 2024
Closed
5 tasks
@wargio wargio changed the title pdb symbols not loaded in rizin External libraries are not loaded on windows native debugger Jan 15, 2024
@imbillow
Copy link
Contributor

#4113

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Debug RzDebug Windows
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Blind patch for windows debugger to load libraries rizinorg/rizin
3 participants
@XVilka @imbillow @gogo2464