Can't handle jump to heaven's gate

[ohjeongwook]

Use following command line to reproduce.

python ShellcodeEmulator\emulator.py "b3e4c1e7912d6888c89ea1fc35c570ff56729541.bin" -d MemoryDumps\notepad.dmp > b3e4c1e7912d6888c89ea1fc35c570ff56729541.log
pause

Traceback (most recent call last):
  File "ShellcodeEmulator\emulator.py", line 112, in Run
    self.Emulator.Start(self.CodeStart, self.CodeStart+self.CodeLen)
  File "ShellcodeEmulator\emulator.py", line 44, in Start
    self.uc.emu_start(start, end)
  File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\site-packages\unicorn\unicorn.py", line 288, in emu_start
    raise UcError(status)
unicorn.unicorn.UcError: Unhandled CPU exception (UC_ERR_EXCEPTION)
:	 77B96000: ea 09 60 b9 77 33 00 	ljmp	0x33:0x77b96009

Information on call gate is here

The above instruction jumps to the given address of the code segment through a specified segment selector call gate. Intel’s specification [2] refers to this instruction as a FAR Jump instruction which if it’s segment selector ( in this case 0×0033 ) is a call gate then then the code jumps to the code segment specified in the call gate descriptor ( which is located in the GDT ) and executes the code pointed to by the gate, if the segment selector is for a code segment then a far jump to the segment is performed. which in this case handles the switch from 32bit to 64bit.

More information is here

• Try to apply x64 flags for 0x33 selector.

• Artifacts are shared here