Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong dumped segment selector set #49

Open
a1ext opened this issue Mar 12, 2019 · 2 comments
Open

Wrong dumped segment selector set #49

a1ext opened this issue Mar 12, 2019 · 2 comments
Assignees
@a1ext
Labels
bug

Comments

@a1ext
Copy link
Owner

a1ext commented Mar 12, 2019

Environment

IDA-side information

Question Answer
IDA-side OS version Win 7 x64
IDA PRO bitness (not IDB/I64) 64
IDA plugin bitness 32
IDA plugin version 1.1.2.97

Debugger-side information

Doesn't matter

Problem Description

After dumping part of dynamically resolved API table, code references get broken:

image

Steps to Reproduce

  1. Open Trickbot sample
  2. trace it in debugger until APIs are resolved
  3. Perform Keep and import dumping of resolved APIs memory region (416CAC - 416F8C):
    image

Possible Solutions

The following script fixes the problem:

seg = idaapi.getseg(0x416CAC)
seg.sel = idaapi.setup_selector(2)
seg.update()

image
@a1ext a1ext self-assigned this Mar 12, 2019
@a1ext a1ext added the bug label Mar 12, 2019
@taodaqiao
Copy link

Labeless 1.1.2.97 Where to download?

@a1ext
Copy link
Owner Author

a1ext commented Jul 4, 2019

Labeless 1.1.2.97 Where to download?

https://ci.appveyor.com/project/a1ext/labeless/builds/23861893/artifacts

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@a1ext a1ext

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@a1ext @taodaqiao