API tools faq
paste
Guest User

Untitled

a guest
Jun 24th, 2018
119
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.57 KB | None | 0 0
raw download clone embed print report
  1. Hi Derek,
  2.  
  3. Fine. Attached you find 0,0001% of samples in my Database of
  4. testcases, in particular the ACE format.
  5.  
  6. I included enough of them to trigger some nice exceptions,
  7. including some after the getavsoversion() call. (see below)
  8.  
  9. Please note, if you want me to test your engine thoroughly or would
  10. be interested in integrating procedures/tests (read SDL) to have
  11. a more mature/secure product, I am available for contracting.
  12. Please understand that I cannot hand over all tests cases as this took
  13. months to generate.
  14.  
  15. PS. In case your engineers say this would be norma, I would give
  16. them training. The scan doesn't even finish, the client Errors,
  17. even without any second chance exception, that's because you corrupted
  18. memory with all the access violations and subsequent SEH pseudo
  19. recovery as nothing was paradigm.
  20.  
  21.  
  22. -----------------------------------------------------------------------
  23. -
  24. [21:50:14.0220] pid 3716 tid 3752: Access violation (first chance) at libav!getAvSoVersion+0x139
  25.  
  26. Registers:
  27. eax=03cef518 ebx=32b169b8 ecx=03cb1cac edx=00000430 esi=035fcdb0 edi=00000430
  28. eip=10005c89 esp=01117e90 ebp=01120000 iopl=0 no up ei pl nz na pe nc
  29. cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
  30.  
  31. ebp -> b8 83 31 00 00 00 90 2a 2a 41 43 45 2a 2a 14 14 ..1....**ACE**..
  32. esi -> 35 04 00 00 30 04 00 00 36 04 00 00 31 04 00 00 5...0...6...1...
  33.  
  34. Code disassembly:
  35. 10005c79 | e8 32f8ffff | call libav!avduplicatehandle+0xc60
  36. 10005c7e | 83c4 04 | add esp, 0x4
  37. 10005c81 | 85c0 | test eax, eax
  38. 10005c83 | 74 75 | jz libav!getavsoversion+0x1aa
  39. 10005c85 | 8b5c24 18 | mov ebx, [esp+0x18]
  40. * 10005c89 | 8b48 11 | mov ecx, [eax+0x11] *******
  41. 10005c8c | 8d70 04 | lea esi, [eax+0x4]
  42. 10005c8f | 3bcb | cmp ecx, ebx
  43. 10005c91 | 74 79 | jz libav!getavsoversion+0x1bc
  44. 10005c93 | 8b00 | mov eax, [eax]
  45. 10005c95 | 83f8 01 | cmp eax, 0x1
  46. 10005c98 | 76 | db 0x76
  47.  
  48. Stack pointers:
  49. [esp+0x04] -> 35 04 00 00 30 04 00 00 36 04 00 00 31 04 00 00 5...0...6...1...
  50. [esp+0x08] -> b8 83 31 00 00 00 90 2a 2a 41 43 45 2a 2a 14 14 ..1....**ACE**..
  51. [esp+0x0f] -> b0 59 32 e2 00 00 00 00 05 b7 05 00 00 00 00 00 .Y2.............
  52. [esp+0x10] -> 83 c4 28 5f 5e 5d 5b c3 90 90 90 90 90 90 90 90 ..(_^][.........
  53. [esp+0x14] -> 01 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 ................
  54. [esp+0x20] -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  55. [esp+0x28] -> b8 83 31 00 00 00 90 2a 2a 41 43 45 2a 2a 14 14 ..1....**ACE**..
  56.  
  57. Stack dump:
  58. 01117e90: 30 04 00 00 b0 cd 5f 03 00 00 12 01 35 04 00 00 0....._.....5...
  59. 01117ea0: 5c 5c 00 10 70 9a c0 00 b8 69 b1 32 30 04 00 00 \\..p....i.20...
  60. 01117eb0: 18 7f 11 01 00 00 00 00 00 00 12 01 35 04 00 00 .¦..........5...
  61. 01117ec0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  62. 01117ed0: 35 04 00 00 70 9a c0 00 00 00 12 01 0d 16 00 10 5...p...........
  63. 01117ee0: 70 9a c0 00 00 00 12 01 35 04 00 00 18 7f 11 01 p.......5....¦..
  64. 01117ef0: 00 00 00 00 70 9a c0 00 b0 81 11 01 00 00 00 00 ....p...........
  65. 01117f00: 00 00 00 00 00 00 00 00 1c 84 11 01 00 00 00 00
  66.  
  67. -----------------------------------------------------------------------
  68.  
  69.  
  70. [21:52:57.0354] pid 3716 tid 3752: Access violation (first chance) at libav!get
  71. vSoVersion+0xc1
  72.  
  73. Registers:
  74. eax=035fac30 ebx=00001691 ecx=00001adb edx=000011e8 esi=000011f0 edi=000023ce
  75. eip=10005c11 esp=01117ecc ebp=01120000 iopl=0 no up ei pl nz na pe nc
  76. cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
  77.  
  78. ebp -> 29 da 1b 00 00 00 80 2a 2a 41 43 45 2a 2a 0a 0c )......**ACE**..
  79.  
  80. Code disassembly:
  81. 10005c01 | 7e ff | jle libav!getavsoversion+0xb2
  82. 10005c03 | 33d2 | xor edx, edx
  83. 10005c05 | 85ff | test edi, edi
  84. 10005c07 | 7c 1d | jl libav!getavsoversion+0xd6
  85. 10005c09 | 8bcf | mov ecx, edi
  86. 10005c0b | 2bca | sub ecx, edx
  87. 10005c0d | d1f9 | sar ecx, 0x1
  88. 10005c0f | 03ca | add ecx, edx
  89. * 10005c11 | 8b34c8 | mov esi, [eax+ecx*8]
  90. 10005c14 | 3bf3 | cmp esi, ebx
  91. 10005c16 | 76 05 | jbe libav!getavsoversion+0xcd
  92. 10005c18 | 8d79 ff | lea edi, [ecx-0x1]
  93. 10005c1b | eb 05 | jmp libav!getavsoversion+0xd2
  94. 10005c1d | 73 0f | jae libav!getavsoversion+0xde
  95. 10005c1f | 8d | db 0x8d
  96. 10005c20 | 51 | push ecx
  97.  
  98. Stack pointers:
  99. [esp+0x03] -> 31 00 22 00 20 00 25 00 2a 00 00 00 65 00 00 00 1."...%.*...e...
  100. [esp+0x08] -> 01 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 ................
  101. [esp+0x0c] -> 29 da 1b 00 00 00 80 2a 2a 41 43 45 2a 2a 0a 0c )......**ACE**..
  102. [esp+0x0f] -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  103. [esp+0x10] -> 83 c4 10 85 c0 75 0d c7 44 24 14 01 00 00 00 e9 .....u..D$......
  104. [esp+0x14] -> 01 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 ................
  105. [esp+0x18] -> 29 da 1b 00 00 00 80 2a 2a 41 43 45 2a 2a 0a 0c )......**ACE**..
  106. [esp+0x1b] -> 00 22 00 20 00 25 00 2a 00 00 00 65 00 00 00 69 ."...%.*...e...i
  107. [esp+0x20] -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  108. [esp+0x28] -> 01 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 ................
  109. [esp+0x2c] -> e0 84 11 01 a2 99 3a 00 70 9a c0 00 00 00 12 01 ......:.p.......
  110. [esp+0x3c] -> 02 00 00 00 00 00 00 00 00 00 00 00 48 84 11 01 ............H...
  111.  
  112. Stack dump:
  113. 01117ecc: 00 00 00 00 91 16 00 00 70 9a c0 00 00 00 12 01 ........p.......
  114. 01117edc: 0d 16 00 10 70 9a c0 00 00 00 12 01 91 16 00 00 ....p...........
  115. 01117eec: 18 7f 11 01 00 00 00 00 70 9a c0 00 b0 81 11 01 .¦......p.......
  116. 01117efc: 00 00 00 00 00 00 00 00 00 00 00 00 1c 84 11 01 ................
  117. 01117f0c: 00 00 00 00 ff ff ff ff 0c 00 00 00 00 00 00 00 ................
  118. 01117f1c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  119. 01117f2c: 00 00 00 00 00 00 12 01 00 00 00 00 00 00 00 00 ................
  120. 01117f3c: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  121.  
  122. -----------------------------------------------------------------------
  123. --
  124.  
  125. [22:02:11.0546] pid 3716 tid 3752: Access violation (first chance) at libav!avDu
  126. plicateHandle+0xc77
  127.  
  128. Registers:
  129. eax=00003e86 ebx=00003e9f ecx=03a74c84 edx=00003e86 esi=0361a060 edi=00003e86
  130. eip=100054c7 esp=01117e88 ebp=01120000 iopl=0 no up ei ng nz ac po cy
  131. cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010293
  132.  
  133. ebp -> 3b f8 1b 00 00 00 80 2a 2a 41 43 45 2a 2a 0a 0c ;......**ACE**..
  134. ecx -> 00 00 00 00 26 00 00 00 4c 00 00 00 72 00 00 00 ....&...L...r...
  135. esi -> 9f 3e 00 00 86 3e 00 00 a0 3e 00 00 87 3e 00 00 .>...>...>...>..
  136.  
  137. Code disassembly:
  138. 100054b7 | 211a | and [edx], ebx
  139. 100054b9 | 103b | adc [ebx], bh
  140. 100054bb | c172 03 33 | sal dword [edx+0x3], 0x33
  141. 100054bf | c0c3 8b | rol bl, 0x8b
  142. 100054c2 | 0d a4211a10 | or eax, libav!start+0xbdd97
  143. * 100054c7 | 8b0481 | mov eax, [ecx+eax*4]
  144. 100054ca | 8b0d a8211a10 | mov ecx, [libav!start+0xbdd9b]
  145. 100054d0 | 03c1 | add eax, ecx
  146. 100054d2 | c3 | ret
  147. 100054d3 | 90 | nop
  148. 100054d4 | 90 | nop
  149. 100054d5 | 90 | nop
  150. 100054d6 | 90 | nop
  151.  
  152. Stack pointers:
  153. [esp+0x00] -> 83 c4 04 85 c0 74 75 8b 5c 24 18 8b 48 11 8d 70 .....tu.\$..H..p
  154. [esp+0x0c] -> 9f 3e 00 00 86 3e 00 00 a0 3e 00 00 87 3e 00 00 .>...>...>...>..
  155. [esp+0x10] -> 3b f8 1b 00 00 00 80 2a 2a 41 43 45 2a 2a 0a 0c ;......**ACE**..
  156. [esp+0x17] -> b0 59 32 e2 00 00 00 00 05 b7 05 00 00 00 00 00 .Y2.............
  157. [esp+0x18] -> 83 c4 28 5f 5e 5d 5b c3 90 90 90 90 90 90 90 90 ..(_^][.........
  158. [esp+0x1c] -> 01 00 00 00 0c 00 00 00 00 00 00 00 00 00 00 00 ................
  159. [esp+0x28] -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  160. [esp+0x30] -> 3b f8 1b 00 00 00 80 2a 2a 41 43 45 2a 2a 0a 0c ;......**ACE**..
  161.  
  162. Stack dump:
  163. 01117e88: 7e 5c 00 10 86 3e 00 00 86 3e 00 00 60 a0 61 03 ~\...>...>..`.a.
  164. 01117e98: 00 00 12 01 9f 3e 00 00 5c 5c 00 10 70 9a c0 00 .....>..\\..p...
  165. 01117ea8: a7 b4 a1 f1 86 3e 00 00 18 7f 11 01 00 00 00 00 .....>...¦......
  166. 01117eb8: 00 00 12 01 9f 3e 00 00 00 00 00 00 00 00 00 00 .....>..........
  167. 01117ec8: 00 00 00 00 00 00 00 00 9f 3e 00 00 70 9a c0 00 .........>..p...
  168. 01117ed8: 00 00 12 01 0d 16 00 10 70 9a c0 00 00 00 12 01 ........p.......
  169. 01117ee8: 9f 3e 00 00 18 7f 11 01 00 00 00 00 70 9a c0 00 .>...¦......p...
  170. 01117ef8: b0 81 11 01 00 00 00 00 00 00 00 00 00 00 00 00 ................
  171.  
  172.  
  173. -----------------------------------------------------------------------
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!