d00rt
capacity overflow with variables containing a null byte
Hello,
First of all, thanks for sharing your amazing work :) !
I encountered an issue while trying to encode a variable that contains null bytes. Sure, it's something you want to avoid.
Here is the example of stub.c:
char *buf = "\xfc\xe8\x82\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50";
int main(void)
{
return 0;
}
And the stack trace of the execution:
root@kali:~# ./ebfuscator.bin --platform windows --source stub.c --var buf
[+] Created ebfuscator object!
thread 'main' panicked at 'capacity overflow', src/liballoc/raw_vec.rs:777:5
stack backtrace:
0: 0x5665a5a1 - backtrace::backtrace::libunwind::trace::h16f752dd4ee76200
at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.37/src/backtrace/libunwind.rs:88
1: 0x5665a5a1 - backtrace::backtrace::trace_unsynchronized::h2ba2bfa7865ad587
at /cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.37/src/backtrace/mod.rs:66
2: 0x5665a5a1 - std::sys_common::backtrace::_print_fmt::h2f1351b1976d265f
at src/libstd/sys_common/backtrace.rs:76
3: 0x5665a5a1 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h152d46d53383c802
at src/libstd/sys_common/backtrace.rs:60
4: 0x56677e2c - core::fmt::write::hc045adef14e6b94f
at src/libcore/fmt/mod.rs:1030
5: 0x5665856c - std::io::Write::write_fmt::h7e9fcfcdd0d56624
at src/libstd/io/mod.rs:1412
6: 0x5665d1a6 - std::sys_common::backtrace::_print::h7edd835b4f8a7f9b
at src/libstd/sys_common/backtrace.rs:64
7: 0x5665d1a6 - std::sys_common::backtrace::print::ha0c27c35e4896b76
at src/libstd/sys_common/backtrace.rs:49
8: 0x5665d1a6 - std::panicking::default_hook::{{closure}}::h136618832afee642
at src/libstd/panicking.rs:196
9: 0x5665ce54 - std::panicking::default_hook::h2473bff1db845bdd
at src/libstd/panicking.rs:210
10: 0x5665d8de - std::panicking::rust_panic_with_hook::h132dac778fab58fb
at src/libstd/panicking.rs:473
11: 0x5665d427 - std::panicking::continue_panic_fmt::hd979e34bcd9bf865
at src/libstd/panicking.rs:380
12: 0x5665d2f9 - rust_begin_unwind
at src/libstd/panicking.rs:307
13: 0x56675808 - core::panicking::panic_fmt::ha7c242a5364092b4
at src/libcore/panicking.rs:85
14: 0x5667573a - core::panicking::panic::haecc773ab902d090
at src/libcore/panicking.rs:49
15: 0x5667364e - alloc::raw_vec::capacity_overflow::h0ba8854432a98919
at src/liballoc/raw_vec.rs:777
16: 0x56572e5c - alloc::raw_vec::RawVec<T,A>::reserve::he80f0637f904f747
17: 0x5657496c - ebfuscator::transformation::Ebfuscator::_encode_byte_based_on_available_errors_to_postfix::h2aeacf71edff97dd
18: 0x565756c3 - ebfuscator::transformation::Ebfuscator::transform_file::hde89d4508ffa2f53
19: 0x5657ccdd - ebfuscator::main::hb0917566dedebebd
20: 0x56579186 - std::rt::lang_start::{{closure}}::hd27046eca7c2ac51
21: 0x5665ae26 - std::rt::lang_start_internal::{{closure}}::{{closure}}::h32efad347db94980
at src/libstd/rt.rs:49
22: 0x5665ae26 - std::sys_common::backtrace::__rust_begin_short_backtrace::hdfdd79954d2309a7
at src/libstd/sys_common/backtrace.rs:126
23: 0x5665d26f - std::rt::lang_start_internal::{{closure}}::hec4de49de6cd2409
at src/libstd/rt.rs:49
24: 0x5665d26f - std::panicking::try::do_call::ha962f99896b8510c
at src/libstd/panicking.rs:292
25: 0x56660168 - __rust_maybe_catch_panic
at src/libpanic_unwind/lib.rs:80
26: 0x5665dd36 - std::panicking::try::h017b03878a24dc2c
at src/libstd/panicking.rs:271
27: 0x5665dd36 - std::panic::catch_unwind::he304b66443cc1e42
at src/libstd/panic.rs:394
28: 0x5665dd36 - std::rt::lang_start_internal::hcb84df3ff5b411e2
at src/libstd/rt.rs:48
29: 0x5657d0d1 - main
30: 0xf7d437e1 - __libc_start_main
31: 0x56572c11 - <unknown>
Hey thank you!
I see the problem I'll fix it for today or tomorrow! thanks for reporting it!
The problem is that there is no way to generate Error code 0x00 since it is not implemented into ./errors/{platform}/error.{c,h}
If you want to fix it for you until I fix it what you can do is to add a dummy implementation to generate that error code.
for Windows add this code to the files:
./errors/windows/error.c
void generate_error_0(void) { SetLastError(0); }
./errors/windows/error.h
void generate_error_0(void);
for Linux add this code to the files:
./errors/linux/error.c
extern int errno; void generate_error_0(void) { errno = 0; }
./errors/linux/error.h
void generate_error_0(void);
This should work for you until I patch it
