1
Vote

Trying to disassembly x86 throws IndexOutOfRangeException

description

I'm trying to disassemble executable images, my targets are:

C:\Windows\SysWOW64\kernel32.dll < 32-bit decompiles
C:\Windows\System32\kernel32.dll < 64-bit exceptions
C:\Windows\explorer.exe < 64-bit exceptions

I load the .text section and I'm supplying the correct architecture.

The exception:

System.IndexOutOfRangeException was unhandled
HResult=-2146233080
Message=Index was outside the bounds of the array.
Source=SharpDisasm
StackTrace:
   at SharpDisasm.Udis86.Decode.decode_vex(ud& u) in C:\...\SharpDisasm1.1.5_src\SharpDisasm\Udis86\Decode.cs:line 1263
   at SharpDisasm.Udis86.Decode.decode_ext(ud& u, UInt16 ptr) in C:\...\SharpDisasm1.1.5_src\SharpDisasm\Udis86\Decode.cs:line 1330
   at SharpDisasm.Udis86.Decode.decode_opcode(ud& u) in C:\...\SharpDisasm1.1.5_src\SharpDisasm\Udis86\Decode.cs:line 1356
   at SharpDisasm.Udis86.Decode.ud_decode(ud& u) in C:\...\SharpDisasm1.1.5_src\SharpDisasm\Udis86\Decode.cs:line 1369
   at SharpDisasm.Udis86.udis86.ud_disassemble(ud& u) in C:\...\SharpDisasm1.1.5_src\SharpDisasm\Udis86\udis86.cs:line 99
   at SharpDisasm.Disassembler.NextInstruction() in C:\...\SharpDisasm1.1.5_src\SharpDisasm\Disassembler.cs:line 192
   at SharpDisasm.Disassembler.<Disassemble>d__15.MoveNext() in C:\...\SharpDisasm1.1.5_src\SharpDisasm\Disassembler.cs:line 169
   at System.Collections.Generic.List`1..ctor(IEnumerable`1 collection)
   at System.Linq.Enumerable.ToList[TSource](IEnumerable`1 source)
   at Disassembler.Program.DoDisassembly(ImageReader exeImage) in C:\...\Program.cs:line 54
   at Disassembler.Program.Main(String[] args) in C:\...\Program.cs:line 28
   at System.AppDomain._nExecuteAssembly(RuntimeAssembly assembly, String[] args)
   at System.AppDomain.ExecuteAssembly(String assemblyFile, Evidence assemblySecurity, String[] args)
   at Microsoft.VisualStudio.HostingProcess.HostProc.RunUsersAssembly()
   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
   at System.Threading.ThreadHelper.ThreadStart()
InnerException:

comments

lloydk wrote Jun 14, 2016 at 10:38 AM

Looking at Decode.cs, Index is 16 but table size is 16 so it's reaching beyond the end of the table.

lloydk wrote Jun 14, 2016 at 10:44 AM

Sorry, meant to say it's under decode_vex, although looking at the original UDIS86 source it looks the same so I'm wondering if it affects that too.