Author Topic: Professional bugs  (Read 227 times)

jj2007

  • Member
  • *****
  • Posts: 9183
  • Assembler is fun ;-)
    • MasmBasic
Professional bugs
« on: November 26, 2018, 01:38:25 AM »
Just for fun: I thought of creating a thread documenting bugs made by big software companies. Let's start with WhatsApp :P

WhatsApp desktop, updated a few days ago, Win7-64:
Code: [Select]
00000001401D10CA   | 48 8B CE                  | mov rcx,rsi                           | rsi:&"n#file://#393491738963-1528635064@g.us"
00000001401D10CD   | E8 0E 2E E6 FF            | call 140033EE0                        |
00000001401D10D2   | 48 8B CF                  | mov rcx,rdi                           |
00000001401D10D5   | E8 06 2E E6 FF            | call 140033EE0                        |
00000001401D10DA   | 48 8B 7C 24 30            | mov rdi,qword ptr ss:[rsp+30]         |
00000001401D10DF   | E9 E1 FD FF FF            | jmp 1401D0EC5                         |
...
00000001401D10F0   | 48 8B 41 48               | mov rax,qword ptr ds:[rcx+48]         |
00000001401D10F4   | 48 8D 51 48               | lea rdx,qword ptr ds:[rcx+48]         |
00000001401D10F8   | 48 8B 08                  | mov rcx,qword ptr ds:[rax]            | <<<<<<<<<<< rax is zero!
00000001401D10FB   | 48 85 C9                  | test rcx,rcx                          |
00000001401D10FE   | 0F 85 2C 6C FF FF         | jne 1401C7D30                         |
00000001401D1104   | C3                        | ret                                   |

To catch such bugs, you need to set a Just-In-Time (JIT) debugger, in this case: x64Dbg (for 32-bit code, it's Olly for me).

Warning: When closing x64Dbg, it saves the database, and that can push the working set to over 1GB. You better kill x64.