You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I try to use the sk3wldbg plugin with IDA Pro 7.2 I could not get it to compile properly with 7.3 and the IDA SDK 7.3
I built the 64bit versions both of the unicorn engine and sk3wldbg and installed it at the proper place in the IDA installation directory.
The code I want to emulate is a small part of a Windows Kernel driver subroutine.
Basically it the code "mov"s some constants into stackspace and then performs some kind of calculation over these values in a loop.
I place the cursor on the first of these instructions and run the debugger and choose "Start from here".
IDA gives me the following errors:
found input file D:\driver.fffffa8001b0e000.sys
reading file of 28672 bytes
loadPE64
map_mem_zero(000000013FB90000, 000000013FB90400, 0x3)
Allocated at 000000013FB90000 in map_mem_zero
Copying bytes 0x0:0x400 into block
map_mem_zero(000000013FB91000, 000000013FB92000, 0x5)
Allocated at 000000013FB91000 in map_mem_zero
Copying bytes 0x1000:0x2000 into block
map_mem_zero(000000013FB92000, 000000013FB93000, 0x1)
Allocated at 000000013FB92000 in map_mem_zero
Copying bytes 0x2000:0x3000 into block
map_mem_zero(000000013FB93000, 000000013FB94000, 0x3)
Allocated at 000000013FB93000 in map_mem_zero
Copying bytes 0x3000:0x4000 into block
map_mem_zero(000000013FB94000, 000000013FB95000, 0x1)
Allocated at 000000013FB94000 in map_mem_zero
Copying bytes 0x4000:0x5000 into block
map_mem_zero(000000013FB95000, 000000013FB96000, 0x5)
Allocated at 000000013FB95000 in map_mem_zero
Copying bytes 0x5000:0x6000 into block
map_mem_zero(000000013FB96000, 000000013FB97000, 0x1)
Allocated at 000000013FB96000 in map_mem_zero
Copying bytes 0x6000:0x7000 into block
map_mem_zero(0000000000030000, 0000000000130000, 0x7)
Allocated at 0000000000030000 in map_mem_zero
map_mem_zero(000000013FB98000, 000000013FC98000, 0x3)
Allocated at 000000013FB98000 in map_mem_zero
PC was not set previously, going with screen EA13FB91000: process driver.fffffa8001b0e000.sys has started (pid=33476)
PDBSRC: loading symbols for 'driver.fffffa8001b0e000.sys'...
PDB: using PDBIDA provider
FFFFF80002690000: The instruction at FFFFF80002690000 attempted to execute from unmapped memory -> FFFFF80002690000 (exc.code b, tid 22773)
Whats wrong? Do I need to prepare something before I can start debugging the code?
The same error occurs when I choose to start from the entrypoint.
The text was updated successfully, but these errors were encountered:
I was just playing around and found that if I set RBP to a value well below RSP, resp RSP further away from the end of the "stack segment" the emu executed properly. So apparently I need to setup all the registers to a sensible state. Is this an expected manual user action?
I try to use the sk3wldbg plugin with IDA Pro 7.2 I could not get it to compile properly with 7.3 and the IDA SDK 7.3
I built the 64bit versions both of the unicorn engine and sk3wldbg and installed it at the proper place in the IDA installation directory.
The code I want to emulate is a small part of a Windows Kernel driver subroutine.
Basically it the code "mov"s some constants into stackspace and then performs some kind of calculation over these values in a loop.
I place the cursor on the first of these instructions and run the debugger and choose "Start from here".
IDA gives me the following errors:
found input file D:\driver.fffffa8001b0e000.sys
reading file of 28672 bytes
loadPE64
map_mem_zero(000000013FB90000, 000000013FB90400, 0x3)
Allocated at 000000013FB90000 in map_mem_zero
Copying bytes 0x0:0x400 into block
map_mem_zero(000000013FB91000, 000000013FB92000, 0x5)
Allocated at 000000013FB91000 in map_mem_zero
Copying bytes 0x1000:0x2000 into block
map_mem_zero(000000013FB92000, 000000013FB93000, 0x1)
Allocated at 000000013FB92000 in map_mem_zero
Copying bytes 0x2000:0x3000 into block
map_mem_zero(000000013FB93000, 000000013FB94000, 0x3)
Allocated at 000000013FB93000 in map_mem_zero
Copying bytes 0x3000:0x4000 into block
map_mem_zero(000000013FB94000, 000000013FB95000, 0x1)
Allocated at 000000013FB94000 in map_mem_zero
Copying bytes 0x4000:0x5000 into block
map_mem_zero(000000013FB95000, 000000013FB96000, 0x5)
Allocated at 000000013FB95000 in map_mem_zero
Copying bytes 0x5000:0x6000 into block
map_mem_zero(000000013FB96000, 000000013FB97000, 0x1)
Allocated at 000000013FB96000 in map_mem_zero
Copying bytes 0x6000:0x7000 into block
map_mem_zero(0000000000030000, 0000000000130000, 0x7)
Allocated at 0000000000030000 in map_mem_zero
map_mem_zero(000000013FB98000, 000000013FC98000, 0x3)
Allocated at 000000013FB98000 in map_mem_zero
PC was not set previously, going with screen EA13FB91000: process driver.fffffa8001b0e000.sys has started (pid=33476)
PDBSRC: loading symbols for 'driver.fffffa8001b0e000.sys'...
PDB: using PDBIDA provider
FFFFF80002690000: The instruction at FFFFF80002690000 attempted to execute from unmapped memory -> FFFFF80002690000 (exc.code b, tid 22773)
Whats wrong? Do I need to prepare something before I can start debugging the code?
The same error occurs when I choose to start from the entrypoint.
The text was updated successfully, but these errors were encountered: