Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9) #240

Open
ghost opened this issue Mar 11, 2024 · 0 comments
Open

Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9) #240

ghost opened this issue Mar 11, 2024 · 0 comments

Comments

@ghost
Copy link

ghost commented Mar 11, 2024
edited by ghost
Loading

I get the following error:

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None 
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)

I tried adding the dll with -l C:\Windows\System32\msvcp140.dll:

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe -l C:\Windows\System32\msvcp140.dll

  File "C:\speakeasy-master\speakeasy\windows\winemu.py", line 1615, in get_fp
    files = [os.path.join(path, fn) for fn in os.listdir(path)]
                                              ^^^^^^^^^^^^^^^^
NotADirectoryError: [WinError 267] The directory name is invalid: 'C:\\Windows\\System32\\msvcp140.dll'

-l C:\Windows\System32\

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe -l C:\Windows\System32\
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)
* Finished emulating
* Saving emulation report to C:\option1_encrypt_nocout.json

-l C:\Windows\SysWOW64\

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe -l C:\Windows\SysWOW64\
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)
* Finished emulating
* Saving emulation report to C:\option1_encrypt_nocout.json

I tried adding an API handler by adding: C:\speakeasy-master\speakeasy\winenv\api\usermode\msvcp140.py using this documentation: https://en.cppreference.com/w/cpp/io/basic_ios/basic_ios

from .. import api

class basic_ios(api.ApiHandler):
    """
    Implements exported functions from msvcp140.dll
    """
    name = 'msvcp140'
    apihook = api.ApiHandler.apihook
    impdata = api.ApiHandler.impdata

    def __init__(self, emu):
        super(basic_ios, self).__init__(emu)
        super(basic_ios, self).__get_hook_attrs__(self)

and get the same error:

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)
* Finished emulating
* Saving emulation report to C:\option1_encrypt_nocout.json

Did I implement the API handler correctly?

Update:
I noticed that basic_ios is not in MSVCP140. It is in MSVC170 https://learn.microsoft.com/en-us/cpp/standard-library/basic-ios-class?view=msvc-170
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants