there is no i386 disassembler engine for i386 code

[crixpwn]

i wanna see disassemble code if i get a crash.

so i've written code like this

eip = event.get_thread().get_pc()
code = event.get_thread().disassemble_around(eip)
crashdump.dump_code(code, eip)

but I received these logs

C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address E06D7363: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address 96170000: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address DE961700: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address 93052000: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address 9C199305: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address F79C1993: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address 800A0CF7: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address B1800A0C: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address EDB1800A: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address A3350F00: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address A3353A77: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address 94000000: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address F7940000: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address A0000000: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address ECA00000: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\process.py:2029: UserWarning: Error read
ing process 324 address DBECA000: Invalid access to memory location.
warnings.warn(msg)
C:\Python27\lib\site-packages\winappdbg\crash.py:618: CrashWarning: Cannot disas
semble, reason: No disassembler engine available for i386 code.
CrashWarning)

[MarioVilas]

Hi!

The "no disassembler engine available" simply means you need to install one that works with WinAppDbg (distorm and capstone are popular choices).

The memory read warnings probably mean that your crash has set the EIP register to an invalid value, so it cannot read the memory because there is nothing there. You may want to examine the stack contents as well, or do some tracing to locate the point in the code before EIP gets overwritten with garbage.