Vector35
Crash when opening CFF Explorer.exe
The app crashes when opening "CFF Explorer.exe" or any other executable from NTCore's Explorer Suite.
The error:
Exception in thread Thread-1: Traceback (most recent call last): File "D:\Python27\lib\threading.py", line 810, in *bootstrap_inner self.run() File "D:\Python27\lib\threading.py", line 763, in run self.__target(_self.__args, _self.__kwargs) File "D:\Temp\binaryninja-python-master\DisassemblerView.py", line 175, in ana lysis_thread_proc self.analysis.analyze() File "D:\Temp\binaryninja-python-master\Analysis.py", line 962, in analyze self.start.findBasicBlocks() File "D:\Temp\binaryninja-python-master\Analysis.py", line 865, in findBasicBl ocks block.populate(known_instrs) File "D:\Temp\binaryninja-python-master\Analysis.py", line 807, in populate instr.format_text(self, self.analysis.options) File "D:\Temp\binaryninja-python-master\Analysis.py", line 142, in format_text elif (instr.operands[j].size == self.addr_size) and (value >= block.exe.star t()) and (value < block.exe.end()) and (not self.isLocalJump()): File "D:\Temp\binaryninja-python-master\BinaryData.py", line 148, in end return self.start() + len(self) TypeError: __len() should return an int
I attach an image of the crash
:
Thanks for the heads up, I'll take a look at soon. We admittedly have done less testing of the PE parsing, so appreciate the find.
I just tried the latest version from their website using binary ninja on both OS X and Windows (using the latest binary ninja from the repository) and it wouldn't reproduce for me? At least, I opened up the executable and it looked fine, I didn't click around much.
Just to confirm, here's the hash of the exe I tested:
MD5 (CFF_Explorer/CFF Explorer.exe) = b8c8428e5ebe6f60433089c391a0063a
Can you confirm what executable version you used?
The executable I have has MD5 = FFC218143D392023ED4A0A025E95E1D0. It has version n°: 7.9.0.0 and modified 03-Dec-2010 15:36
Now I realize that it's not the last version of CFF Explorer (sorry about that).
Also, I have the "Explorer Suite" .exe installer, which has SHA1 = AA980E00564DBF47CD67EC170DB24F815B5C93C0. And it's also old.
I'll download the last version of the Suite and check again, but if you want the installer I have, I can upload it to Mega for you.
That's, if you want to check, why this executable is crashing binary ninja.
Cheers!
Yeah, if you can post a mega link that'd be handy. If you'd rather send it to me, my email is <my first name> at <this repository's owning organization> dot com
Here's the download link: https://mega.co.nz/#!sw53kQzB!NQ0SQfv25EQNc_oZ28PGkf5Og_fDsAn0HcGTjwAuin4
I hope it helps!
Strange -- it loaded just fine for me. When does it crash? Can you double check the install process and make sure you don't have multiple copies of one of the pre-requisites installed?
I leave you a video of the crash event: https://mega.co.nz/#!tl5zVKCT!be3ofx_cQdwqb1gzHtAjOHebbHa4RQgg4Wt1_QdVHMU And this exe is the last version of CFF Explorer (8.0.0 - MD5: 293334EC617895258C789CE1FD3D3C39 - SHA1: 0BB93B2A8A9B677578CB1CAC47E39678D9F6B67E). This is weird. Also, notice the error message in the cmd box, when pass over the button and clicks it. Maybe it's a problem due to and old version of PySide? (I have version 1.2.1 for python 2.7 i386). Or the python interpreter? I have ActivePython 2.7.8.10. The python interpreter says:
ActivePython 2.7.8.10 (ActiveState Software Inc.) based on Python 2.7.8 (default, Jul 2 2014, 19:50:44) [MSC v.1500 32 bit (Intel)] on win 32 Type "help", "copyright", "credits" or "license" for more information.
It's bed time around here, but this weekend I'll spend some time trying to figure out what's going on here.
Cheers!
Can you re-try it using the python.org windows installer and see if that fixes it?
No, the same crash happens. Using python 2.7.9 x86.
I'll try reinstalling all packages again.
'''EDIT''': Tested reinstalling all from scratch. The same error happens!!!
The binja package I have it's "binaryninja-python-master.zip" MD5: 9B5EEF0FAAB6D040963C06FEE257AE60 SHA1: 30DB1C3E9DA96DC569E05DA04890F998D03C881E
Is this the correct package?