Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extended analysis on larger modules crashes the debugger and debuggee. #44

Closed
johannesstricker opened this issue Oct 28, 2019 · 5 comments
Closed

Extended analysis on larger modules crashes the debugger and debuggee. #44

johannesstricker opened this issue Oct 28, 2019 · 5 comments
Labels
crash enhancement

Comments

@johannesstricker
Copy link

johannesstricker commented Oct 28, 2019
edited
Loading

Doing an extended analysis with x32dbg on slightly larger modules crashes the debugger and debuggee for me. A message box with the error Could not allocate memory (minidump will be created) appears, followed by two more message boxes, which both show MiniDumpWriteDump failed. Error: 2147942408. After that, the debugger and debuggee silently close.

This was tested on a 9mb dynamic library and the crash occurred around 95% of the extended analysis. It works fine for smaller libraries loaded by the same executable, but also happened during the analysis of other executables/DLLs which are slightly larger.

I'm using the latest x32dbg snapshot on Windows 10. Here are my xAnalyzer settings:

[settings]
analysis_extended=true
analysis_undefunctions=true
analysis_auto=true
clear_usercomments=false
clear_userlabels=false
clear_autocomments=true
clear_autolabels=true
track_undef_functions=true
@ThunderCls ThunderCls added this to the v3.0 milestone Oct 31, 2019
@ThunderCls
Copy link
Owner

The crash seems to be due x32dbg stepping over its own memory constraints (2GB, 3GB, 4GB depending on the OS and the large address space setting). When using an extended analysis, a huge amount of INSTRUCTIONSTACK allocations occur due the amount of code being analyzed. This has been an issue from the very beginning with the plugin due how dynamic memory works and most importantly due to a "poor" first design of the plugin itself. This should be hopefully tackled in an upcoming v3.0 of xAnalyzer with a complete rewrite/redesign of the main code.

In the meantime you should avoid performing an extended analysis on large binaries if you're getting crashes. You could rather use analysis by selection/function or non-extended.
Thanks for reporting

@johannesstricker
Copy link
Author

Alright, thank you for the reply. Do you have an estimate when v3.0 will be available? Thank you for the awesome work!

@ThunderCls
Copy link
Owner

This project is being developed on my spare time. At this moment in time v3.0 it's on pause and I'm only pushing critical fixes for the v2.x.x when needed. Hopefully in a month or two I could start working on the new v3.0, redesigning the code and adding a couple new features like structs decoding in API calls, other new stuff I got planned and some fixes, including a workaround for this one.
Until then, I'm glad it has been useful, have a nice one.

@johannesstricker
Copy link
Author

Alright, thank you.

@ThunderCls
Copy link
Owner

We're gonna keep this one open for future reference. Thanks!

@ThunderCls ThunderCls reopened this Nov 7, 2019
@ThunderCls ThunderCls removed this from the v3.0 milestone Jul 18, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
crash enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@johannesstricker @ThunderCls