qiling icon indicating copy to clipboard operation
qiling copied to clipboard

Published 20 hours ago verified publisher icon qilingframework

LoadLibraryEx Error

Open whsz6 opened this issue 4 years ago • 4 comments

*Describe the bug hook_LoadLibraryExA failed

Error Report

SetErrorMode(uMode = 0x8001) = 0x0 GetVersion() = 0x40004 GetModuleHandleA(lpModuleName = "KERNEL32") = 0x10551000 GetProcAddress(hModule = 0x10551000, lpProcName = "SetDefaultDllDirectories") = 0x106110d8 SetDefaultDllDirectories(DirectoryFlags = 0xc00) GetSystemDirectoryA(lpBuffer = 0xffffcd44, uSize = 0x104) = 0x14 wsprintfA(format = '%s%s.dll', "", "verifying installer: %d%%") = 0x1e \verifying installer: %d%%.dllwsprintfA() = 0x1e

[!] LoadLibraryExA Exception Found

Traceback (most recent call last): File "/usr/local/lib/python3.6/site-packages/qiling/os/windows/windows.py", line 111, in hook_winapi winapi_func(self.ql, address, {}) File "/usr/local/lib/python3.6/site-packages/qiling/os/windows/fncc.py", line 90, in wrapper return ql.os.x86_stdcall(param_num, params, func, args, kwargs, passthru) File "/usr/local/lib/python3.6/site-packages/qiling/os/os.py", line 300, in x86_stdcall result, param_num = self.__x86_cc(param_num, params, func, args, kwargs) File "/usr/local/lib/python3.6/site-packages/qiling/os/os.py", line 266, in __x86_cc result = func(*args, **kwargs) File "/usr/local/lib/python3.6/site-packages/qiling/os/windows/dlls/kernel32/libloaderapi.py", line 179, in hook_LoadLibraryExA dll_base = ql.loader.load_dll(lpLibFileName.encode()) File "/usr/local/lib/python3.6/site-packages/qiling/loader/pe.py", line 48, in load_dll raise QlErrorFileNotFound("[!] Cannot find dll in %s" % path) qiling.exception.QlErrorFileNotFound: [!] Cannot find dll in /qiling/examples/rootfs/x86_windows//Windows/System32

During handling of the above exception, another exception occurred:

Traceback (most recent call last): File "test.py", line 5, in ql.run() File "/usr/local/lib/python3.6/site-packages/qiling/core.py", line 188, in run self.os.run() File "/usr/local/lib/python3.6/site-packages/qiling/os/windows/windows.py", line 142, in run self.ql.emu_start(self.ql.loader.entry_point, self.exit_point, self.ql.timeout, self.ql.count) File "/usr/local/lib/python3.6/site-packages/qiling/core.py", line 294, in emu_start raise self.internal_exception File "/usr/local/lib/python3.6/site-packages/qiling/utils.py", line 21, in wrapper return func(*args, **kw) File "/usr/local/lib/python3.6/site-packages/qiling/core_hooks.py", line 159, in _hook_trace_cb ret = h.call(ql, addr, size) File "/usr/local/lib/python3.6/site-packages/qiling/core_hooks.py", line 36, in call return self.callback(ql, *args) File "/usr/local/lib/python3.6/site-packages/qiling/os/windows/windows.py", line 116, in hook_winapi raise QlErrorSyscallError("[!] Windows API Implementation Error") qiling.exception.QlErrorSyscallError: [!] Windows API Implementation Error

whsz6 avatar Oct 20 '20 07:10 whsz6

Have you need to setup the dll and register?

https://docs.qiling.io/en/latest/install/#important-note-on-windows-dlls-and-registry

xwings avatar Oct 20 '20 11:10 xwings

I have copied the entire Windows 7 32bit system folder that is actually used.

debug -> Screenshot from 2020-10-21 08-28-11

??... loadlibraryEX parameter C:\Windows\System32\ is displayed expection : C:\Windows\System32\UXTHEME.dll

whsz6 avatar Oct 20 '20 23:10 whsz6

Screenshot from 2020-10-21 11-35-08

whsz6 avatar Oct 21 '20 02:10 whsz6

Can't load dll name in wsprintf function check memory operation function.

TEST MD5 : 6bf409ca842d7b129ae573d3d95c091e

whsz6 avatar Oct 22 '20 02:10 whsz6

This should be solved with the latest version of Qiling.

xwings avatar Oct 06 '22 02:10 xwings