stephenfewer/grinder

Latest FF fatal error call to js_strtod @ 0x6A74D5AD

Closed this issue · 2 comments

soiax commented

Win7 32 bit...
Probably this is how it looks, when a hooking stub needs update?

C:\grinder\node>ruby grinder.rb -browser FF

                       ______     _           __
                      / ____/____(_)___  ____/ /__  _____
                     / / __/ ___/ / __ \/ __  / _ \/ ___/
                    / /_/ / /  / / / / / /_/ /  __/ /
                    \____/_/  /_/_/ /_/\__,_/\___/_/

        By Stephen Fewer of Harmony Security (www.harmonysecurity.com)
                                             GRINDER - Version 0.6-Dev

[+G+] Starting at 2014-07-26 00:08:46
[+G+] Using the config file 'config'...
[+G+] Bringing up Grinder node 'FF_W7_32_G2' with ruby 1.9.3 (32-bit)...
[+G+] Started the Grinder continue process 2992
[+S+] Starting at 2014-07-26 00:08:46
[+S+] Adding fuzzer 'nduja11' to the testcase server
[+S+] Testcase server running on 127.0.0.1:8080
[+G+] Started the Grinder server process 3696
[+G+] Started the Grinder debugger process 1852
[+D+] Starting at 2014-07-26 00:08:49
[+D+] Using the symbol path 'SRV*C:\symbols\*http://msdl.microsoft.com/download/symbols;SRV*C:\symbols\*http://symbols.mozilla.org/firefox'.
[+D+] Running 'C:\Program Files\Mozilla Firefox\firefox.exe'
[+D+] Attached debugger to new 32-bit process 760.
[+D+] Attached debugger to new 32-bit process 760.
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[-D-] Unable to hook JavaScript parseFloat() in process 760, logger dll not injected.
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[-D-] Unable to hook JavaScript parseFloat() in process 760, logger dll not injected.
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[-D-] Unable to hook JavaScript parseFloat() in process 760, logger dll not injected.
[+D+] Logger DLL loaded into process 760 @ 0x72A20000
[+D+] Logging process 760 to log file 'C:\Users\Sicko\AppData\Local\Temp\Low\logger_760.xml'
[+D+] mozjs.dll DLL loaded into process 760 @ 0x6A5D0000
[+D+] Resolved mozjs!num_parseFloat @ 0x6A74D530
[+D+] Resolved mozjs!js_strtod @ 0x6A5EF020
[+D+] call to js_strtod @ 0x6A74D5AD
[-D-] Fatal error 'invalid opcode arguments "test dword ptr [ebp+8], dword ptr [ebp+8]", allowed : [[:reg, :modrm], [:reg, :modrm], [:reg_eax, :i], [:reg_eax, :i], [:modrm, :i], [:modrm, :i], [:modrm, :i], [:modrm, :i]] near "test" at "\"<unk>\"" line 6', quitting.
C:/grinder/node/lib/metasm/metasm/parse.rb:59:in `parse_instruction'
soiax commented

This fixup works for me. FF 31.

node/browser/firefox.rb line ~158

if ( @@cached_major_version >= 31 ) 
                    fixup=%Q{
                        test ecx, ecx
                        jz passthru_end2
                        mov eax,esi 
                    }
stephenfewer commented

Thanks for the fix @soiax! closing this ticket :)