Veteran Member
Join Date: Nov 2017
Location: Ukraine on fire
|
11-22-2020
, 10:05
[L4d2] Crash on ExtractParentName (libc)
|
#1
|
Hi,
does anybody know which instruction call libc function?
Is it
?
https://crash.limetech.org/5axo7vxvwrwe
Code:
0 libc-2.28.so + 0x986b6
1 server_srv.so!ExtractParentName(string_t) + 0x25
2 server_srv.so!SpawnHierarchicalList(int, HierarchicalSpawn_t*, bool) + 0xbc
3 server_srv.so!CMapEntitySpawner::SpawnAndActivate(bool) + 0x23
4 server_srv.so!MapEntity_ParseAllEntities(char const*, IMapEntityFilter*, bool) + 0x231
5 server_srv.so!CServerGameDLL::LevelInit(char const*, char const*, char const*, char const*, bool, bool) + 0x327
6 metamod.2.l4d2.so!__SourceHook_MFHCls_SGD_LevelInit::Func(char const*, char const*, char const*, char const*, bool, bool) + 0x161
7 server_srv.so + 0x696c80
8 stripper.16.l4d2.so!LevelInit_handler(char const*, char const*, char const*, char const*, bool, bool) + 0x215
9 sourcemod.logic.so!<name omitted> [AdminCache.cpp:325 + 0x19]
PHP Code:
SIGSEGV /SEGV_MAPERR accessing 0x6f427460
Thread 0 (crashed):
0: libc-2.28.so + 0x986b6
eip: 0xf7c956b6 esp: 0xfffddae8 ebp: 0xfffddc08 ebx: 0xfffddc4c
esi: 0x6f427465 edi: 0x6f427460 eax: 0xfffddc4c ecx: 0x00000005
edx: 0x0f67cc70 efl: 0x00210206
f7c956a5 66 0f 60 c9 punpcklbw xmm1, xmm1
f7c956a9 83 e1 0f and ecx, 0xf
f7c956ac 66 0f 70 c9 00 pshufd xmm1, xmm1, 0x0
f7c956b1 74 4d jz 0xf7c95700
f7c956b3 83 e7 f0 and edi, -0x10
> f7c956b6 66 0f 6f 07 movdqa xmm0, [edi]
f7c956ba 66 0f 74 d0 pcmpeqb xmm2, xmm0
f7c956be 66 0f 74 c1 pcmpeqb xmm0, xmm1
f7c956c2 66 0f d7 d2 pmovmskb edx, xmm2
f7c956c6 66 0f d7 c0 pmovmskb eax, xmm0
f7c956ca d3 fa sar edx, cl
fffddae8 a2 7a f8 ed e5 20 94 ed .z... ..
Found via instruction pointer in context
1: server_srv.so!ExtractParentName(string_t) + 0x25
eip: 0xed9420e5 esp: 0xfffddaf0 ebp: 0xfffddc08 ebx: 0xfffddc4c
esi: 0x6f427465 edi: 0xedf87aa2
fffddaf0 65 74 42 6f 2c 00 00 00 80 38 b7 0c 10 4f b7 0c etBo,....8...O..
fffddb00 a0 65 b7 0c 30 7c b7 0c c0 92 b7 0c 40 a7 b7 0c .e..0|......@...
fffddb10 50 62 0e 12 c0 bb b7 0c 90 d1 b7 0c 40 50 d2 10 Pb..........@P..
fffddb20 40 a9 96 0a 00 3b 8a 10 c0 66 fd 0f e0 ea 77 0a @....;...f....w.
fffddb30 f0 63 b9 0c 00 bc 52 0d 70 aa 8c 0d 50 d4 e2 10 .c....R.p...P...
fffddb40 80 5e 14 11 10 74 89 0d 70 36 fd 10 20 e8 b7 0c .^...t..p6.. ...
fffddb50 70 54 9a 0c 50 aa df 0b a0 a4 48 12 f0 be 06 0d pT..P.....H.....
fffddb60 f0 19 93 13 50 0f c1 12 d0 8b dc 12 70 94 3e 0e ....P.......p.>.
fffddb70 e0 21 c1 0c 50 f4 7d 0e c0 11 e4 11 e0 7d bd 0f .!..P.}......}..
fffddb80 80 e6 dd 11 30 41 d2 10 15 46 c2 f7 2c fe 85 ed ....0A...F..,...
fffddb90 63 00 00 00 30 41 d2 10 a0 d2 41 11 50 15 f8 11 c...0A....A.P...
fffddba0 80 f9 ea 10 40 ed d1 10 70 cc 67 0f 61 00 00 00 ....@...p.g.a...
fffddbb0 70 57 b8 0f b0 54 e0 11 b0 58 d2 11 20 f1 60 0f pW...T...X.. .`.
fffddbc0 74 8b 21 ee 30 41 d2 10 08 dc fd ff ac fd 8c ed t.!.0A..........
fffddbd0 20 f1 60 0f 30 41 d2 10 30 69 09 11 30 d8 f9 10 .`.0A..0i..0...
fffddbe0 20 b7 04 13 c0 7f 09 11 00 00 00 00 00 00 00 00 ...............
fffddbf0 10 61 cb 0d a0 43 5b 11 a0 70 9f 0d c0 bb b7 0c .a...C[..p......
fffddc00 70 aa 8c 0d 00 00 00 00 68 dc fd ff 9c 2d 94 ed p.......h....-..
Found via call frame info
2: server_srv.so!SpawnHierarchicalList(int, HierarchicalSpawn_t*, bool) + 0xbc
eip: 0xed942d9c esp: 0xfffddc10 ebp: 0xfffddc68 ebx: 0x0d8caa70
esi: 0x00000000 edi: 0xedf87aa2
fffddc10 4c dc fd ff 65 74 42 6f 30 41 d2 10 00 00 00 00 L...etBo0A......
fffddc20 00 00 00 00 00 00 00 00 00 00 00 00 50 f4 7d 0e ............P.}.
fffddc30 e0 21 c1 0c 70 94 3e 0e 20 d6 fa 00 b0 11 fd 0c .!..p.>. .......
fffddc40 7a 08 00 00 2e 08 00 00 90 94 fd 0c 30 41 d2 10 z...........0A..
fffddc50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
fffddc60 ec e4 fd ff ec dc fd ff 88 dc fd ff 93 30 94 ed .............0..
Found via call frame info
3: server_srv.so!CMapEntitySpawner::SpawnAndActivate(bool) + 0x23
eip: 0xed943093 esp: 0xfffddc70 ebp: 0xfffddc88 ebx: 0x00000000
esi: 0xfffde4ec edi: 0xfffddcec
fffddc70 7a 08 00 00 b0 11 fd 0c 00 00 00 00 74 fa 90 dd z...........t...
fffddc80 00 00 00 00 ec e4 fd ff 38 ed fd ff 01 3b 94 ed ........8....;..
Found via call frame info
4: server_srv.so!MapEntity_ParseAllEntities(char const*, IMapEntityFilter*, bool) + 0x231
eip: 0xed943b01 esp: 0xfffddc90 ebp: 0xfffded38 ebx: 0x00000000
esi: 0xfffde4ec edi: 0xfffddcec
Code:
ExtractParentName(string_t) ; int __stdcall ExtractParentName(char *)
ExtractParentName(string_t) _Z17ExtractParentName8string_t proc near
ExtractParentName(string_t) ; CODE XREF: SpawnHierarchicalList(int,HierarchicalSpawn_t *,bool)+B7↓p
ExtractParentName(string_t)
ExtractParentName(string_t) var_108 = byte ptr -108h
ExtractParentName(string_t) arg_0 = dword ptr 8
ExtractParentName(string_t) s = dword ptr 0Ch
ExtractParentName(string_t)
ExtractParentName(string_t) ; __unwind {
ExtractParentName(string_t) 55 push ebp
ExtractParentName(string_t)+1 89 E5 mov ebp, esp
ExtractParentName(string_t)+3 56 push esi
ExtractParentName(string_t)+4 53 push ebx
ExtractParentName(string_t)+5 81 EC 10 01 00 00 sub esp, 110h
ExtractParentName(string_t)+B 8B 75 0C mov esi, [ebp+s]
ExtractParentName(string_t)+E 8B 5D 08 mov ebx, [ebp+arg_0]
ExtractParentName(string_t)+11 85 F6 test esi, esi
ExtractParentName(string_t)+13 74 53 jz short loc_6BA058
ExtractParentName(string_t)+15 C7 44 24 04 2C 00 00 00 mov dword ptr [esp+4], 2Ch ; ',' ; c
ExtractParentName(string_t)+1D 89 34 24 mov [esp], esi ; s
ExtractParentName(string_t)+20 E8 B7 EE 95 00 call strchr
ExtractParentName(string_t)+25 85 C0 test eax, eax
ExtractParentName(string_t)+27 74 3F jz short loc_6BA058
ExtractParentName(string_t)+29 89 74 24 08 mov [esp+8], esi ; char *
ExtractParentName(string_t)+2D 8D B5 F8 FE FF FF lea esi, [ebp+var_108]
ExtractParentName(string_t)+33 89 34 24 mov [esp], esi ; char *
ExtractParentName(string_t)+36 C7 44 24 0C 2C 00 00 00 mov dword ptr [esp+0Ch], 2Ch ; ',' ; char
ExtractParentName(string_t)+3E C7 44 24 04 00 01 00 00 mov dword ptr [esp+4], 100h ; unsigned int
ExtractParentName(string_t)+46 E8 75 2B 47 00 call _Z9nexttokenPcjPKcc ; nexttoken(char *,uint,char const*,char)
ExtractParentName(string_t)+4B 89 74 24 04 mov [esp+4], esi
ExtractParentName(string_t)+4F 89 1C 24 mov [esp], ebx ; char *
ExtractParentName(string_t)+52 E8 79 99 D8 FF call _Z17AllocPooledStringPKc ; AllocPooledString(char const*)
ExtractParentName(string_t)+57 89 D8 mov eax, ebx
ExtractParentName(string_t)+59 83 EC 04 sub esp, 4
ExtractParentName(string_t)+5C 8D 65 F8 lea esp, [ebp-8]
ExtractParentName(string_t)+5F 5B pop ebx
ExtractParentName(string_t)+60 5E pop esi
ExtractParentName(string_t)+61 5D pop ebp
ExtractParentName(string_t)+62 C2 04 00 retn 4
ExtractParentName(string_t)+62 ; ---------------------------------------------------------------------------
ExtractParentName(string_t)+65 8D 76 00 align 4
ExtractParentName(string_t)+68
ExtractParentName(string_t)+68 loc_6BA058: ; CODE XREF: ExtractParentName(string_t)+13↑j
ExtractParentName(string_t)+68 ; ExtractParentName(string_t)+27↑j
ExtractParentName(string_t)+68 89 33 mov [ebx], esi
ExtractParentName(string_t)+6A 8D 65 F8 lea esp, [ebp-8]
ExtractParentName(string_t)+6D 89 D8 mov eax, ebx
ExtractParentName(string_t)+6F 5B pop ebx
ExtractParentName(string_t)+70 5E pop esi
ExtractParentName(string_t)+71 5D pop ebp
ExtractParentName(string_t)+72 C2 04 00 retn 4
ExtractParentName(string_t)+72 ; } // starts at 6B9FF0
ExtractParentName(string_t)+72 _Z17ExtractParentName8string_t endp
Thank you.
__________________
Last edited by Dragokas; 11-22-2020 at 10:07.
|
|