The dll buffer overload for ManualMap::MapImage crashes #480

amkrsh · 2021-12-10T13:31:50Z

BlackBone: PDB: Failed to load msdia140.dll, error 0x0000007e
BlackBone: PDB: blackbone::PDBHelper::Init: (CoCreateDiaDataSource()) failed with HRESULT 0x8007007e
'app.exe' (Win32): Unloaded 'C:\Windows\SysWOW64\ntdll.dll'
BlackBone: ManualMap: Mapping image 'MemoryImage_0x00777530' with flags 0x1084
BlackBone: ManualMap: Loading new image 'MemoryImage_0x00777530'
BlackBone: ManualMap: Image base allocated at 0x000000001a280000
BlackBone: ManualMap: Performing image copy
BlackBone: ManualMap: Relocating image 'memoryimage_0x00777530'
BlackBone: ManualMap: Loading new dependency 'msvcp140.dll'
BlackBone: ManualMap: Dependency path resolved to 'C:\WINDOWS\system32\msvcp140.dll'
BlackBone: ManualMap: Loading new dependency 'comctl32.dll'
BlackBone: ManualMap: Dependency path resolved to 'C:\WINDOWS\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_a8625c1886757984\comctl32.dll'
BlackBone: ManualMap: Loading new dependency 'winspool.drv'
BlackBone: ManualMap: Dependency path resolved to 'C:\WINDOWS\system32\winspool.drv'
BlackBone: ManualMap: Loading new dependency 'comdlg32.dll'
BlackBone: ManualMap: Dependency path resolved to 'C:\WINDOWS\system32\COMDLG32.dll'
BlackBone: ManualMap: Performing security cookie initializtion for image 'memoryimage_0x00777530'
BlackBone: ManualMap: Performing static TLS initialization for image 'memoryimage_0x00777530'

This is the last DebugOutput. I have created my own prints and it seems this happens in some destructor in AddStaticTLSEntry

My simple manual mapper doesn't support all features but it proves that my dllByteArray is correct.

blackbone::Process p;
p.Attach(processId, PROCESS_ALL_ACCESS);
p.mmap().MapImage(std::size(dllByteArray), dllByteArray, false, blackbone::NoThreads | blackbone::WipeHeader);

i have also tried with std::size(dllByteArray) - 1

dllByteArray is of type:
inline unsigned char dllByteArray[]{77,90,144, ....};

the dllByteArray can be download at https://www102.zippyshare.com/v/fiDNvAcK/file.html

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

The dll buffer overload for ManualMap::MapImage crashes #480

The dll buffer overload for ManualMap::MapImage crashes #480

amkrsh commented Dec 10, 2021

The dll buffer overload for ManualMap::MapImage crashes #480

The dll buffer overload for ManualMap::MapImage crashes #480

Comments

amkrsh commented Dec 10, 2021