profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/0vercl0k/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

0vercl0k/rp 1028

rp++ is a full-cpp written tool that aims to find ROP sequences in PE/Elf/Mach-O x86/x64 binaries. It is open-source and has been tested on several OS: Debian / Windows 8.1 / Mac OSX Lion (10.7.3). Moreover, it is x64 compatible and supports Intel syntax. Standalone executables can also be directly downloaded.

0vercl0k/CVE-2021-31166 781

Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.

0vercl0k/wtf 721

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.

0vercl0k/CVE-2019-11708 595

Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.

0vercl0k/stuffz 550

Basically a script thrift shop

hugsy/defcon_27_windbg_workshop 490

DEFCON 27 workshop - Modern Debugging with WinDbg Preview

0vercl0k/z3-playground 230

A repository to store Z3-python scripts you can use as examples, reminders, whatever.

0vercl0k/CVE-2019-9810 211

Exploit for CVE-2019-9810 Firefox on Windows 64-bit.

0vercl0k/clairvoyance 206

Visualize the virtual address space of a Windows process on a Hilbert curve.

0vercl0k/CVE-2021-28476 196

PoC for CVE-2021-28476 a guest-to-host "Hyper-V Remote Code Execution Vulnerability" in vmswitch.sys.

issue closed0vercl0k/CVE-2021-28476

What should I do to get RCE?

Hello, I was very interested in PoC. Can you tell me how to do RCE? (Sorry for my bad english.)

closed time in 7 days

comalmot

issue comment0vercl0k/CVE-2021-28476

What should I do to get RCE?

Although this CVE was rated as RCE I am really unsure how it would lead to RCE in the real world - but you're welcome to try! I don't have any leads for you, sorry :)

Cheers

comalmot

comment created time in 7 days

issue comment0vercl0k/wtf

bochscpu backend not setting breakpoints

No worries 😊

Cheers

tmo35

comment created time in 10 days

delete branch 0vercl0k/wtf

delete branch : fbl_ordlookup

delete time in 10 days

push event0vercl0k/wtf

Axel Souchet

commit sha c0cdd32ec97dcda3ccbcc80b053eaa895ece9082

Add ordlookup to be able to handle files that use ordinal imports. (#26) Using `gen_coveragefile_ida.py` on files that use ordinal imports raised an exception in IDA.

view details

push time in 10 days

PR merged 0vercl0k/wtf

Add ordlookup to be able to handle files that use ordinal imports.

Using gen_coveragefile_ida.py on files that use ordinal imports raised an exception in IDA.

+551 -4

0 comment

1 changed file

0vercl0k

pr closed time in 10 days

PR opened 0vercl0k/wtf

Add ordlookup to be able to handle files that use ordinal imports.

Using gen_coveragefile_ida.py on files that use ordinal imports raised an exception in IDA.

+551 -4

0 comment

1 changed file

pr created time in 10 days

create barnch0vercl0k/wtf

branch : fbl_ordlookup

created branch time in 10 days

issue comment0vercl0k/wtf

bochscpu backend not setting breakpoints

Hello,

If SetBreakpoint doesn't return false you should be good - can you try to generate an instruction trace to make sure your target go through the paths you expect it to go through? My guess is maybe the breakpoint are just not hit :)

Cheers

tmo35

comment created time in 11 days

issue closed0vercl0k/wtf

Translation of GVA failed

Hello!

I've been trying to fuzz a target using WTF without success.

As explained in the README file, I got a full snapshot of the target using kd and bdump.js. I ran the server on a Linux VM and the fuzz node on my Windows host.

On the fuzz node, I get this output:

> wtf.exe fuzz --name BDCore --backend=bochscpu --max_len 1024 --limit 500000  --target C:\path\to\targets\targetname --address tcp://192.168.94.129:31337
Initializing the debugger instance.. (this takes a bit of time)
Setting debug register status to zero.
Setting debug register status to zero.
Dialing to tcp://192.168.94.129:31337..
**Translation of GVA 0x23111a27000 failed**

On the server:

$ ./wtf master --max_len 10485760 --runs=10000000 --target /mnt/data/targets/targetname --address tcp://192.168.94.129:31337
Seeded with 7863979151067873873
Iterating through the corpus..
Sorting through the 1 entries..
Running server on tcp://192.168.94.129:31337..
#0 cov: 0 (+0) corp: 0 (0.0b) exec/s: 0.0 (0 nodes) lastcov: 1.0min crash: 0 timeout: 0 cr3: 0 uptime: 1.0min
#0 cov: 0 (+0) corp: 0 (0.0b) exec/s: -nan (1 nodes) lastcov: 1.0min crash: 0 timeout: 0 cr3: 0 uptime: 1.0min
Could not receive size (-1)
Receive failed
#0 cov: 0 (+0) corp: 0 (0.0b) exec/s: 0.0 (0 nodes) lastcov: 1.1min crash: 0 timeout: 0 cr3: 0 uptime: 1.1min

What Translation of GVA 0x23111a27000 failed means and how can I address this error?

Thank you

closed time in 11 days

cube0x8

issue comment0vercl0k/wtf

Translation of GVA failed

No worries at all - let me know how your thing goes :)

Cheers

cube0x8

comment created time in 11 days

issue comment0vercl0k/wtf

Translation of GVA failed

Cool that makes more sense - if you upload the state folder / the fuzzer module and the input you use to reproduce the issue I can have a look :)

Cheers

Le lun. 11 oct. 2021 à 13:11, cube0x8 ***@***.***> a écrit :

Ok, actually I was wrong. My fuzzer harness is executed and it returns error during the InsertTestCase() method. Here the lines of code that fail:

// inject the fuzzed message data into the snapshot for this execution if (!g_Backend->VirtWrite(Gva_t((uint64_t)ParsingState.FileContent), Buffer, BufferSize, true)) { DebugPrint("Failed to write next testcase!"); return false; }

Trying to understand what's going on...

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/0vercl0k/wtf/issues/24#issuecomment-940408022, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORM74NJV3JHOM4ASB73UGNAHBANCNFSM5FVSWNNQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

cube0x8

comment created time in 12 days

issue closed0vercl0k/wtf

Cannot crash

Hello, I am testing your app with simple file with buffer overflow

I run it with this command

 RelWithDebInfo\wtf.exe run --name simple --backend 0 --state D:\path-to-state\state --input D:\path-to-inputs\inputs --trace-path D:\path-to-trace\trace
 --trace-type 1

when running with input length 1000, after ret command, the rip should be 0x6161616161616161, but trace neither give information the the rip is 0x6161616161616161 nor crash. Can I know what happen and how to solve it? Thanks

here is my state, input and fuzzer module code https://mega.nz/file/Dq40WBQK#u95r27KzwHCteEKEcRoepVZG1Rl9yJs254lj-j9G8hQ

closed time in 13 days

FwP-IDN

issue comment0vercl0k/wtf

Translation of GVA failed

Hello,

Oh no! I am sorry to hear that - let's try to figure out what's going on :).

This message means that your fuzzing module or wtf is trying to manipulate virtual memory (reading or writing) but is failing at translation the virtual-address into a physical address. The way wtf implements virtual memory access is by doing the job of the CPU's MMU by walking the page table hierarchy to find the associated physical page. Once this is done, wtf directly writes into the physical page.

In this case, you are trying to read/write from a virtual-address that is invalid - you can load your state.dmp file and do db 0x23111a27000 and you'll probably see that there's no memory there.

Does this help? I can help out more but I'd need to have a look at your fuzzer module / state folder.

Cheers

cube0x8

comment created time in 14 days

delete branch 0vercl0k/wtf

delete branch : fbl_hlt

delete time in 16 days

push event0vercl0k/wtf

Axel Souchet

commit sha a9185b368fe757be31e730c8a63e56bc9d084f2c

Add a hlt hook to prevent infinite-loop like in #22 (#23) In #22 an invalid `tr` segment register lead the CPU to run into an infinite loop when it tries to read `rsp` off the task state segment. This PR adds an `HLT` hook to mitigate those type of issues by stopping the CPU with a message documenting this case.

view details

push time in 16 days

PR merged 0vercl0k/wtf

Add a hlt hook to prevent infinite-loop.

In #22 an invalid tr segment register lead the CPU to run into an infinite loop when it tries to read rsp off the task state segment. This PR adds an HLT hook to mitigate those type of issues by stopping the CPU with a message documenting this case.

+22 -0

0 comment

2 changed files

0vercl0k

pr closed time in 16 days

PR opened 0vercl0k/wtf

Add a hlt hook to prevent infinite-loop.

In #22 an invalid tr segment register lead to the CPU to run into an infinite loop when it tries to read rsp off the task state segment. This PR adds an HLT hook to mitigate those type of issues by stopping the CPU with a message documenting this case.

+22 -0

0 comment

2 changed files

pr created time in 16 days

create barnch0vercl0k/wtf

branch : fbl_hlt

created branch time in 16 days

issue comment0vercl0k/wtf

Cannot crash

Ok so I think I tracked down the issue - basically the @tr register is not right in your regs.json file - if you set tr.base from 0xffffc10011f61000 to 0xffffc10055957000 it should fix the issue:

"RelWithDebInfo\wtf.exe" run --name simple --backend bochscpu --state \Users\over\Downloads\simple\state --input \Users\over\Downloads\simple\inputs\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Initializing the debugger instance.. (this takes a bit of time)
Setting debug register status to zero.
Setting debug register status to zero.
Simple: Hello from Init
Simple: Sampe sini biawak 7ff66382176d 7ff663821772
Simple: Rip: 7ff66382174f
Aftercall: 7ff66382183a
Could not set a breakpoint at hal!HalpPerfInterrupt.
Could not set a breakpoint on hal!HalpPerfInterrupt, but carrying on..
Running \Users\over\Downloads\simple\inputs\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Simple: Hello
Simple: Initial input size: 6
Simple: First 99 character of input: batman
Simple: input buffer size: 1000
ucrash: RtlDispatchException triggered EXCEPTION_ACCESS_VIOLATION_READ @ 0x7ff66382178f
--------------------------------------------------
Run stats:
Instructions executed: 3428 (1639 unique)
          Dirty pages: 36864 bytes (0 MB)
      Memory accesses: 15952 bytes (0 MB)
#1 cov: 1639 exec/s: infm lastcov: 0.0s crash: 1 timeout: 0 cr3: 0 uptime: 0.0s

Out of curiosity, how did you dump your target? Did you use Hyper-V or another hypervisor? I'm curious because it is the first time I see this :).

This is how I got to 0xffffc10055957000:

2: kd> dt ntkrnlmp!_KGDTENTRY64 (@gdtr + ((@tr >> 3) * 0x8))
   +0x000 LimitLow         : 0x67
   +0x002 BaseLow          : 0x7000
   +0x004 Bytes            : <anonymous-tag>
   +0x004 Bits             : <anonymous-tag>
   +0x008 BaseUpper        : 0xffffc100
   +0x00c MustBeZero       : 0
   +0x000 DataLow          : 0n6125048967169310823
   +0x008 DataHigh         : 0n4294951168

2: kd> ? (0xffffc100 << 0n32) + (0x55 << 0n24) + (0x95 << 0n16) + 0x7000
Evaluate expression: -69267796692992 = ffffc100`55957000

I've also added a hlt hook to detect those in the future and prevent an infinite loop:

"RelWithDebInfo\wtf.exe" run --name simple --backend bochscpu --state \Users\over\Downloads\simple\state --input \Users\over\Downloads\simple\inputs\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Initializing the debugger instance.. (this takes a bit of time)
Setting debug register status to zero.
Setting debug register status to zero.
Simple: Hello from Init
Simple: Sampe sini biawak 7ff66382176d 7ff663821772
Simple: Rip: 7ff66382174f
Aftercall: 7ff66382183a
Could not set a breakpoint at hal!HalpPerfInterrupt.
Could not set a breakpoint on hal!HalpPerfInterrupt, but carrying on..
Running \Users\over\Downloads\simple\inputs\aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
Simple: Hello
Simple: Initial input size: 6
Simple: First 99 character of input: batman
Simple: input buffer size: 1000
The emulator ran into a triple-fault exception or hit a HLT instruction.
If this is not an HLT instruction, please report it as a bug!
Stopping the cpu.
--------------------------------------------------
Run stats:
Instructions executed: 237 (71 unique)
          Dirty pages: 12288 bytes (0 MB)
      Memory accesses: 2488 bytes (0 MB)
#1 cov: 71 exec/s: infm lastcov: 0.0s crash: 1 timeout: 0 cr3: 0 uptime: 0.0s

Cheers

FwP-IDN

comment created time in 16 days

issue comment0vercl0k/rp

mis-reported duplicates

Thanks for opening a detailed issue!

This definitely looks related to the disassembler - I'll take a look when I work on the anniversary update.

Cheers

jtpereyda

comment created time in 17 days

issue comment0vercl0k/rp

make next branch the new master

I am planning to put the codebase back in order for the 1k star anniversary - hopefully I'll get to do it before the end of the year. The plan will be to retire the v1 once this is done yes :).

Cheers

jtpereyda

comment created time in 17 days

delete branch 0vercl0k/wtf

delete branch : fbl_tenet

delete time in 17 days

issue comment0vercl0k/wtf

Cannot crash

I just wanted to let you know that I have started to investigate what's going on - I've tracked the place where the bochscpu state is put into a dormant state and it happens when executing the ret instruction:

00 wtf!BX_CPU_C::enter_sleep_state+0x60
01 wtf!BX_CPU_C::shutdown+0xe
02 wtf!BX_CPU_C::exception+0x1ae
03 wtf!BX_CPU_C::translate_linear_long_mode+0x218
04 wtf!BX_CPU_C::translate_linear+0x11a
05 wtf!BX_CPU_C::access_read_linear+0xce
06 wtf!BX_CPU_C::system_read_qword+0x95
07 wtf!BX_CPU_C::get_RSP_from_TSS+0x74
08 wtf!BX_CPU_C::long_mode_int+0x345
09 wtf!BX_CPU_C::interrupt+0xe7
0a wtf!BX_CPU_C::exception+0x25c
0b wtf!BX_CPU_C::exception+0x232
0c wtf!BX_CPU_C::translate_linear_long_mode+0x218
0d wtf!BX_CPU_C::translate_linear+0x11a
0e wtf!BX_CPU_C::access_read_linear+0xce
0f wtf!BX_CPU_C::system_read_qword+0x95
10 wtf!BX_CPU_C::get_RSP_from_TSS+0x74
11 wtf!BX_CPU_C::long_mode_int+0x345
12 wtf!BX_CPU_C::interrupt+0xe7
13 wtf!BX_CPU_C::exception+0x25c
14 wtf!BX_CPU_C::translate_linear_long_mode+0x218
15 wtf!BX_CPU_C::translate_linear+0x11a
16 wtf!BX_CPU_C::access_read_linear+0xce
17 wtf!BX_CPU_C::system_read_qword+0x95
18 wtf!BX_CPU_C::get_RSP_from_TSS+0x74
19 wtf!BX_CPU_C::long_mode_int+0x345
1a wtf!BX_CPU_C::interrupt+0xe7
1b wtf!BX_CPU_C::exception+0x25c
1c wtf!BX_CPU_C::RETnear64_Iw+0x79
1d wtf!BX_CPU_C::cpu_loop+0x125
1e wtf!ZN8bochscpu3cpu6CpuRun3run17hac22012853ccf21fE+0xbb

It appears that as far as the engine is concerned it is dealing with an exception without a resolution and stops (https://github.com/bztsrc/bochs/blob/fdfb5af7e80d4789e1f47e058e3e0231bf0f8917/bochs-2.6.8/cpu/exception.cc#L888,L892):

      else {
        BX_PANIC(("exception(): 3rd (%d) exception with no resolution", vector));
        BX_ERROR(("WARNING: Any simulation after this point is completely bogus !"));
        shutdown();
      }

That's all I have for now but will investigate more this week :)

Cheers and thanks for your patience!

Cheers

FwP-IDN

comment created time in 17 days

issue comment0vercl0k/wtf

Cannot crash

Sorry, I haven't forgotten about this issue - I have been really busy and haven't had time to get to it yet.

Cheers

Le mar. 28 sept. 2021 à 22:25, Febriananda Wida Pramudita < ***@***.***> a écrit :

Hello, can I know updates on this?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/0vercl0k/wtf/issues/22#issuecomment-929846797, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORNJRC25GN3KEVEIZDDUEKPMZANCNFSM5EBSVOMA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

FwP-IDN

comment created time in 24 days

issue comment0vercl0k/CVE-2021-31166

Is the successd result is response status code was 200?

It wouldn't respond as it crashes while processing the request; that's my recollection at least :)

Cheers

Le sam. 25 sept. 2021 à 18:26, antx ***@***.***> a écrit :

and the POC's response is?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/0vercl0k/CVE-2021-31166/issues/8#issuecomment-927209255, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORPYZXVG75UVL74KFQTUDZZCRANCNFSM5ES7AOOA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

antx-code

comment created time in a month

issue comment0vercl0k/CVE-2021-31166

Is the successd result is response status code was 200?

The PoC is successful when the target bluescreens :)

Cheers

Le jeu. 23 sept. 2021 à 00:00, antx ***@***.***> a écrit :

I just want to verify some assets, but I don't know the status code of 200 results of poc is successful?

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/0vercl0k/CVE-2021-31166/issues/8, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORPHQ4UA5X3SQSBCZFTUDLGB3ANCNFSM5ES7AOOA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

antx-code

comment created time in a month

issue comment0vercl0k/wtf

Cannot crash

If you install 'Windbg Preview' you can run 'windbgx -pn wtf.exe' to attach to the process and then do '~*kc' to dump every callstacks of every threads.

Cheers

Le mer. 15 sept. 2021 à 09:29, Febriananda Wida Pramudita < ***@***.***> a écrit :

Yes the output is like this

Simple: Sampe sini biawak 7ff663821789 f6ba3ffcd0 106127d1b50 Simple: Stack: 7ffa7facfa90

Simple: Sampe sini biawak 7ff66382178a f6ba3ffcd0 106127d1b50 Simple: Stack: 7ffa7facfa90

Simple: Sampe sini biawak 7ff66382178e f6ba3ffcd0 106127d1b50 Simple: Stack: 6161616161616161

Simple: Sampe sini biawak 7ff66382178f f6ba3ffcd0 106127d1b50 Simple: Stack: 6161616161616161

Anyway how to know (or what is the command line) to get callstack like this?

0 Id: 2024.3e6c Suspend: 1 Teb: 000000e2`d9e9d000 Unfrozen

Call Site

00 wtf!BX_CPU_C::handleAsyncEvent 01 wtf!BX_CPU_C::cpu_loop 02 wtf!ZN8bochscpu3cpu6CpuRun3run17hac22012853ccf21fE 03 wtf!BochscpuBackend_t::Run 04 wtf!RunTestcaseAndRestore 05 wtf!RunSubcommand 06 wtf!main 07 wtf!invoke_main 08 wtf!__scrt_common_main_seh 09 KERNEL32!BaseThreadInitThunk 0a ntdll!RtlUserThreadStart

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/0vercl0k/wtf/issues/22#issuecomment-920173719, or unsubscribe https://github.com/notifications/unsubscribe-auth/AALIORO4KJGBVEZMQVSHWRDUCDCYLANCNFSM5EBSVOMA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

FwP-IDN

comment created time in a month

issue comment0vercl0k/wtf

Cannot crash

Hey,

Thanks for you detailed report & sharing all the info I need to debug this. I confirm what you are seeing:

Simple: Sampe sini biawak 7ff663821789 f6ba3ffcd0 106127d1b50
Simple: Stack: 7ffa7facfa90

Simple: Sampe sini biawak 7ff66382178a f6ba3ffcd0 106127d1b50
Simple: Stack: 7ffa7facfa90

Simple: Sampe sini biawak 7ff66382178e f6ba3ffcd0 106127d1b50
Simple: Stack: 6161616161616161

Simple: Sampe sini biawak 7ff66382178f f6ba3ffcd0 106127d1b50
Simple: Stack: 6161616161616161

And then it just hangs.. it seems that it gets stuck in the below call-stack:

 0  Id: 2024.3e6c Suspend: 1 Teb: 000000e2`d9e9d000 Unfrozen
 # Call Site
00 wtf!BX_CPU_C::handleAsyncEvent
01 wtf!BX_CPU_C::cpu_loop
02 wtf!ZN8bochscpu3cpu6CpuRun3run17hac22012853ccf21fE
03 wtf!BochscpuBackend_t::Run
04 wtf!RunTestcaseAndRestore
05 wtf!RunSubcommand
06 wtf!main
07 wtf!invoke_main
08 wtf!__scrt_common_main_seh
09 KERNEL32!BaseThreadInitThunk
0a ntdll!RtlUserThreadStart

I will investigate more tonight or this week-end!

Cheers

FwP-IDN

comment created time in a month

issue closed0vercl0k/CVE-2021-28476

vmswitch source code missing

vmswitch's source code is missing. (There is no source code in both compressed file) Can you re-upload the source code?

closed time in 2 months

sts08015