The MASM Forum

General => The Colosseum => Topic started by: jj2007 on November 26, 2018, 01:38:25 AM

Title: Professional bugs
Post by: jj2007 on November 26, 2018, 01:38:25 AM
Just for fun: I thought of creating a thread documenting bugs made by big software companies. Let's start with WhatsApp :P

WhatsApp desktop, updated a few days ago, Win7-64:
Code: [Select]
00000001401D10CA   | 48 8B CE                  | mov rcx,rsi                           | rsi:&"n#file://#393491738963-1528635064@g.us"
00000001401D10CD   | E8 0E 2E E6 FF            | call 140033EE0                        |
00000001401D10D2   | 48 8B CF                  | mov rcx,rdi                           |
00000001401D10D5   | E8 06 2E E6 FF            | call 140033EE0                        |
00000001401D10DA   | 48 8B 7C 24 30            | mov rdi,qword ptr ss:[rsp+30]         |
00000001401D10DF   | E9 E1 FD FF FF            | jmp 1401D0EC5                         |
...
00000001401D10F0   | 48 8B 41 48               | mov rax,qword ptr ds:[rcx+48]         |
00000001401D10F4   | 48 8D 51 48               | lea rdx,qword ptr ds:[rcx+48]         |
00000001401D10F8   | 48 8B 08                  | mov rcx,qword ptr ds:[rax]            | <<<<<<<<<<< rax is zero!
00000001401D10FB   | 48 85 C9                  | test rcx,rcx                          |
00000001401D10FE   | 0F 85 2C 6C FF FF         | jne 1401C7D30                         |
00000001401D1104   | C3                        | ret                                   |

To catch such bugs, you need to set a Just-In-Time (JIT) debugger, in this case: x64Dbg (for 32-bit code, it's Olly for me).

Warning: When closing x64Dbg, it saves the database, and that can push the working set to over 1GB. You better kill x64.
Title: WhatsApp is a bug
Post by: jj2007 on May 09, 2019, 05:48:22 PM
Sorry, WhatsApp, it's again your turn :eusa_boohoo:
Title: Re: Professional bugs
Post by: Raistlin on May 14, 2019, 07:07:55 PM
https://www.telegraph.co.uk/technology/2019/05/14/whatsapp-flaw-allowed-israeli-hackers-snoop-phones/   :shock:

IT Commandment 17 : "Thay shalt get rid of mainstream social media"
Title: Re: Professional bugs
Post by: hutch-- on May 14, 2019, 08:55:58 PM
 :biggrin:

> "Thay shalt get rid of mainstream social media"  :azn:
Title: Re: Professional bugs
Post by: AW on May 14, 2019, 10:04:24 PM
Quote
Let's start with WhatsApp :P

Now all makes sense.   :idea:
Title: Re: Professional bugs
Post by: jj2007 on May 14, 2019, 10:57:33 PM
It's not WhatApp alone, which erratically starts thrashing my harddisk shuffling gigabytes from A to B. Right now it's at a modest 150MB, and stable, but every now and then it jumps up to ridiculous amounts of written bytes - 45 GIGA! No pattern detected so far.

Slimjet also misbehaves frequently. Thunderbird has a high disk usage, too, but it stays normally within half a GB. I wonder what they are doing :(

See the slimjet line below - and that's for only 15' CPU time, no special sites visited.
Title: Re: Professional bugs
Post by: LiaoMi on May 14, 2019, 11:14:47 PM
It's not WhatApp alone, which erratically starts thrashing my harddisk shuffling gigabytes from A to B. Right now it's at a modest 150MB, and stable, but every now and then it jumps up to ridiculous amounts of written bytes - 45 GIGA! No pattern detected so far.

Slimjet also misbehaves frequently. Thunderbird has a high disk usage, too, but it stays normally within half a GB. I wonder what they are doing :(

See the slimjet line below - and that's for only 15' CPU time, no special sites visited.

(https://i.imgur.com/cYYp5yN.png)
Title: Re: Professional bugs
Post by: TimoVJL on May 15, 2019, 03:28:49 AM
Windows have a one nice feature:
 Delete all Telemetry services and systems starts behaving badly, like odd file locks of several minutes, can't delete or replace file and so on.
Very professional way for punishment for user, who just block M$ of their spying system in legal way.

Google keyword: 'system process (PID 4) is locking the file'

EDIT: How to solve problem:
Quote
Check if your Application Experience service is disabled. It should be enabled and running. This problems appears if it is not.

Title: Re: Professional bugs
Post by: Raistlin on May 15, 2019, 05:25:55 AM
And how do we solve this ?
https://thenextweb.com/security/2019/05/14/bitdefender-researchers-discover-terrifying-security-vulnerability-in-intel-cpus/
Title: Re: Professional bugs
Post by: LiaoMi on May 15, 2019, 05:58:50 AM
And how do we solve this ?
https://thenextweb.com/security/2019/05/14/bitdefender-researchers-discover-terrifying-security-vulnerability-in-intel-cpus/

Quote
That’s where the good news ends, as BitDefender notes that a general fix is “impossible,” as the issue derives from a hardware design flaw. To conclusively protect against this attack, customers would have to replace their Intel silicon with a redesigned chip.

Intel Switches Gears to 7nm Post 10nm, First Node Live in 2021 https://www.techpowerup.com/255338/intel-switches-gears-to-7nm-post-10nm-first-node-live-in-2021 (https://www.techpowerup.com/255338/intel-switches-gears-to-7nm-post-10nm-first-node-live-in-2021)

When it goes live and fit for mass production some time in 2021, Intel's 7 nm process will be a staggering 3 years behind TSMC, which fired up its 7 nm node in 2018. AMD is already mass-producing CPUs and GPUs on this node. Unlike TSMC, Intel will implement EUV (extreme ultraviolet) lithography straightaway. TSMC began 7 nm with DUV (deep ultraviolet) in 2018, and its EUV node went live in March. Samsung's 7 nm EUV node went up last October. Intel's roadmap doesn't show a leap from its current 10 nm node to 7 nm EUV, though. Intel will refine the 10 nm node to squeeze out energy-efficiency, with a refreshed 10 nm+ node that goes live some time in 2020.

The 7 nm+ node is slated for 2022, and succeeding 7 nm++ node in 2023. Intel did not detail the two besides illustrating performance/Watt gains by almost as much as the transition from 10 nm+ to 7 nm. Elsewhere in the market, the early 2020s could see TSMC 6 nm EUV take center-stage, and Samsung implement its 5 nm EUV node.

I will change my processor in 2024  :biggrin:
Title: WhatsApp is a bug
Post by: jj2007 on May 31, 2019, 12:49:08 AM
This morning again, out of the blue, suddenly 13 GB of bytes written by WhatsApp desktop. WhatsApp is one fat bug :eusa_boohoo:
Title: Slimjet sucks
Post by: jj2007 on June 17, 2019, 06:44:57 AM
Bloatware: 4 tabs open, 21 processes! And one of them has already written almost 2GB to disk. Fortunately I don't have an SSD :cool:

(http://www.jj2007.eu/images/Slimjet.png)
Title: Re: Professional bugs
Post by: TimoVJL on June 17, 2019, 07:48:43 PM
You can compare chrome engine too:
https://vivaldi.com/download/

Those sites/pages might be a real problem.
Title: Re: Professional bugs
Post by: hutch-- on June 17, 2019, 11:14:17 PM
JJ,

Try Slimjet in incognito mode. Also go to the settings and run "Clear browsing data". The settings are useful for the problems you mention. I run the 64 bit version and never seem to have a problem.
Title: Re: Professional bugs
Post by: jj2007 on June 18, 2019, 01:32:30 AM
I suppose it's the Chrome basis. Writing gigabytes to disk is an insult anyway. Imagine you have an SSD, it will wear down quickly :sad:
Title: Re: Professional bugs
Post by: TimoVJL on June 18, 2019, 02:48:35 AM
Yes, vivaldi is chrome based and as bad as others too.
Title: Re: Professional bugs
Post by: K_F on June 18, 2019, 08:24:55 AM
JJ,

Try Slimjet in incognito mode. Also go to the settings and run "Clear browsing data". The settings are useful for the problems you mention. I run the 64 bit version and never seem to have a problem.
I have the same setup as Hutch, and I run minimal of Win7 services.. seem to do the job nicely.
Title: Not so SlimJet
Post by: jj2007 on June 27, 2019, 12:19:09 PM
Only 4 tabs open...
(http://www.jj2007.eu/images/NotSoSlimJet.png)
Title: WhatsApp is a bug
Post by: jj2007 on July 25, 2019, 09:14:03 AM
Update: after a few hours of usage, WhatsApp has written 30 GB to disk
Title: Slimjet is a bug
Post by: jj2007 on August 29, 2019, 10:01:31 PM
Ten minutes of work lost:
Quote
The exception eccezione software sconosciuta (0xe0000008) occurred in the application at location 0x74c8c5af.

Title: Re: Slimjet is a bug
Post by: LiaoMi on August 29, 2019, 10:47:26 PM
Ten minutes of work lost:
Quote
The exception eccezione software sconosciuta (0xe0000008) occurred in the application at location 0x74c8c5af.

 :biggrin: Hi jj2007,

maybe your memory is over ?!
https://superuser.com/questions/1442974/chrome-the-exception-unknown-software-exception-0xe0000008 (https://superuser.com/questions/1442974/chrome-the-exception-unknown-software-exception-0xe0000008)
Title: Re: Professional bugs
Post by: jj2007 on August 30, 2019, 12:56:24 AM
Yep, sounds logical: "Your commit charge (virtual memory) may be at 100%" -> "unknown software" :tongue:
Title: Re: Professional bugs
Post by: xanatose on August 31, 2019, 04:56:30 PM
Windows have a one nice feature:
 Delete all Telemetry services and systems starts behaving badly, like odd file locks of several minutes, can't delete or replace file and so on.
Very professional way for punishment for user, who just block M$ of their spying system in legal way.

Google keyword: 'system process (PID 4) is locking the file'

EDIT: How to solve problem:
Quote
Check if your Application Experience service is disabled. It should be enabled and running. This problems appears if it is not.

So basically they admit that you cannot opt out of the spying.
Title: Re: Professional bugs
Post by: hutch-- on August 31, 2019, 06:28:25 PM
JJ,

How much memory is installed on your computer. My younger brother has a win64 box (win10) that only has 8 gig in it and he has similar problems, it may just be not enough memory for the tasks you run.
Title: Re: Professional bugs
Post by: jj2007 on August 31, 2019, 07:44:59 PM
Hutch,

Right, it's a memory problem. I have 6GB installed, and decided recently to disable the page file. That works fine so far, but occasionally I reach the limits. The real issue here is the nonsensical message "unknown software exception". This is why I placed it in the "professional bugs" thread. Apparently SlimJet/Chrome allocate major chunks of memory without checking if HeapAlloc() returned a pointer. Then they let it crash into an exception (very professional) but don't know what kind of error it was. So they randomly pick "unknown software". Compliments :badgrin:
Title: Re: Professional bugs
Post by: jj2007 on August 31, 2019, 07:54:36 PM
So basically they admit that you cannot opt out of the spying.

Yeah, Windows is bad. But innocent in comparison to what Android "apps" ask you to permit. My bank forces me, more or less, to download a new "app" for online banking. It wants permission to use the camera, any files that it could possibly grab, and my contacts. And you cannot say "no" to any of that crap. I flagged it on a financial forum, but just got amused answers. It's incredible what Android users are willing to accept.
Title: Re: Professional bugs
Post by: hutch-- on August 31, 2019, 08:11:07 PM
I rarely ever use my Android tablet because of the data grabbing. I have to use it to upgrade some of my camera equipment but I do not use it for anything else. I am waiting for Huawei to code their own OS as I don't care if they collect data or not as it will not go into an NSA database.
Title: Re: Professional bugs
Post by: LiaoMi on August 31, 2019, 08:56:41 PM
Hutch,

Right, it's a memory problem. I have 6GB installed, and decided recently to disable the page file. That works fine so far, but occasionally I reach the limits. The real issue here is the nonsensical message "unknown software exception". This is why I placed it in the "professional bugs" thread. Apparently SlimJet/Chrome allocate major chunks of memory without checking if HeapAlloc() returned a pointer. Then they let it crash into an exception (very professional) but don't know what kind of error it was. So they randomly pick "unknown software". Compliments :badgrin:

Today there are few programs that take care of having the required memory, the memory is treated like flowing water. I have 32 gigabytes, but working in parallel, almost half of the programs fail. Even worse, the structure of the stored data is disrupted. I wrote to the support service, they rudely answer me that this is my problem. I often give examples where to look for problems, but even here the authors argue that this is unsolvable. There are many ways to manage memory when it is not enough, but apparently today it does not bother anyone. Chrome has the same story, my chrome also often fails when there is not enough memory, he can even make the whole system freeze. The worst thing is that this is a potential vulnerability for taking control of the system. I dream when I have 128 gigabytes of memory  :biggrin:
Title: News from Android
Post by: jj2007 on September 14, 2019, 02:11:21 AM
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile

Quote
At its simplest, the main Simjacker attack involves a SMS containing a specific type of spyware-like code being sent to a mobile phone, which then instructs the UICC (SIM Card) within the phone to ‘take over’ the mobile phone , in order to retrieve and perform sensitive commands.

The attack begins when a SMS - that we term the Simjacker ‘Attack Message’ - is sent to the targeted handset. This Simjacker Attack Message, sent from another handset, a GSM Modem or a SMS sending account connected to an A2P account, contains a series of SIM Toolkit (STK) instructions, and is specifically crafted to be passed on to the UICC/eUICC (SIM Card) within the device. In order for these instructions to work, the attack exploits the presence of a particular piece of software, called the S@T Browser - that is on the UICC.  Once the Simjacker Attack Message is received by the UICC, it uses the S@T Browser library as an execution environment on the UICC, where it can trigger logic on the handset. For the main attack observed, the Simjacker code running on the UICC requests location and specific device information (the IMEI) from the handset. Once this information is retrieved, the Simjacker code running on the UICC then collates it and sends the combined information to a recipient number via another SMS (we call this the ‘Data Message’), again by triggering logic on the handset. This Data Message is the method by which the location and IMEI information can be exfiltrated to a remote phone controlled by the attacker.

During the attack, the user is completely unaware that they received the SMS with the Simjacker Attack message, that information was retrieved, and that it was sent outwards in the Data Message SMS - there is no indication in any SMS inbox or outbox.
...
This S@T Browser software is not well known, is quite old, and its initial purpose was to enable services such as getting your account balance through the SIM card. Globally, its function has been mostly superseded by other technologies, and its specification has not been updated since 2009, however, like many legacy technologies it is still been used while remaining in the background. In this case we have observed the S@T protocol being used by mobile operators in at least 30 countries whose cumulative population adds up to over a billion people
Title: Re: Professional bugs
Post by: daydreamer on September 15, 2019, 06:05:21 AM
So basically they admit that you cannot opt out of the spying.

Yeah, Windows is bad. But innocent in comparison to what Android "apps" ask you to permit. My bank forces me, more or less, to download a new "app" for online banking. It wants permission to use the camera, any files that it could possibly grab, and my contacts. And you cannot say "no" to any of that crap. I flagged it on a financial forum, but just got amused answers. It's incredible what Android users are willing to accept.
maybe so they use the camera so its actually you and not your kid buy lots of stuff so you have not enough money for rent?
what happens if you use windows apps in newer windows instead of good old .exe's?will they follow the that trend?
to develop and have the possibility to testrun those apps,you had to permit some things in w10

and the old "its not a bug its a feature":maybe a feature for those who sell memory
I have upgraded to 20gb from 6gb after I used loads of memory in a program,I wanted to try use 64bit memory and also have few memoryhungry Cg apps,LiaoMi you also use those 32gb for that?
128gb ram sounds nice,but like max 640mb in the old days,we will sooner or later have hardware that breaks that I believe
Title: Slimjet is a bug
Post by: jj2007 on October 28, 2019, 07:37:30 PM
After a few hours of browser session - how is it possible to write 12 GIGABYTES to disk?? :sad:
I am back to Firefox now. We'll see.
Title: Re: Professional bugs
Post by: TimoVJL on October 28, 2019, 08:01:06 PM
Is it a cache issue, just overwrite old data.
For example 500 Mb cache, 32 Gb IO/Write Bytes by now with Vivaldi.
Title: Re: Professional bugs
Post by: jj2007 on October 28, 2019, 09:13:48 PM
It may be a "cache issue", Timo, but it will still kill your SSD. Same for WhatsApp, normally it stays at a few hundred MB of disk writing - still way too much for a text-based application. Right now I see it has sparked to over 2 GB. Why? There is no excuse for such behaviour.
Title: WindScribe crashes on exit
Post by: jj2007 on November 13, 2019, 09:35:15 PM
Another professional bug :thumbsup: