patching icon indicating copy to clipboard operation
patching copied to clipboard
verified publisher icon gaasedelen

'%' can make IDA crash

Open cnitlrt opened this issue 2 years ago • 2 comments

env

python 3.9.9
IDA: 7.6

IDA Pro crashes when I type the '%' character in the Assemble window image

cnitlrt avatar Apr 01 '23 09:04 cnitlrt

This also happens when the line starts with a \ character. From what I see, it's stuck in an infinite loop inside keystone.dll. You can fix the issue by patching plugins\patching\keystone\keystone.dll with the following change, using any Hex Editor.

File Offset Original Bytes Patched Bytes
3604C 0F 84 83 E9 84 00

Verify the MD5 hash of keystone.dll before and after the patch, to ensure that the patch is applied correctly.

MD5 Before Patch MD5 After Patch
f8960c53f18607ceeaeb167bd6fc29f7 d89230f4bda17a63b51591c2a6d06af1

It's not the ideal fix, but it does resolve the issue.

NOTE: This patch is only for v0.1.2 for Windows.

rohitab avatar Dec 13 '23 02:12 rohitab

Thanks for the report 😰

Yes.. there's a few sketchy characters that keystone blows up on that were not caught during development.

I can probably bodge some basic filtering of these characters into the python pre-processing the plugin does prior to passing it off to keystone. Honestly I'd rather move this plugin away from keystone and onto https://github.com/emproof-com/nyxstone if anything.

Keystone isn't really actively maintained and has several sharp edges. Back when I wrote this plugin, I had to fix several bugs in keystone just to get it into a semi-usable state just for the purpose of this plugin and it was pretty time consuming.

gaasedelen avatar Aug 17 '24 05:08 gaasedelen