DCC Related GPF Bug (6.0 - 6.16) - mIRC Discussion Forums

Print Thread

Re: DCC Related GPF Bug (6.0 - 6.16)

#89624 09/07/04 09:28 AM

Joined: Dec 2002

Posts: 120

The Netherlands

STING

Vogon poet

STING

Vogon poet

Joined: Dec 2002

Posts: 120

The Netherlands

Same happens here, under NT4.0 SP6.
Looks like a buffer overflow, causing the crash.

--edit--
It also seems "20" is not the magic number.
I just tried 100 and it went through all the way.
(Pentium III 730 mhz)

Code:

33970 405 412 NtFreeVirtualMemory (-1, (0x1ed0000), 1060864, 32768, ... (0x1ed0000), 1060864, ) == 0x0
33971 405 412 NtUnlockFile (528, {0, 0}, {-1, -1}, 412, ... ) == STATUS_RANGE_NOT_LOCKED
33972 405 412 NtClose (528, ... ) == 0x0
33973 405 412 NtFsControlFile (20, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... {status=0x0, info=0}, 0x0, ) == 0x0
33974 405 412 NtFsControlFile (20, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... {status=0x0, info=0}, 0x0, ) == 0x0
33975 405 412 NtCreateFile (0xc0110000, {24, 0, 0x40, 0, 0, "\??\C:\BorgIRC\BorgIRC 2.56\mirc.ini"}, 0x0, 128, 7, 3, 96, 0, 0, ... 532, {status=0x0, info=1}, ) == 0x0
33976 405 412 NtLockFile (532, 0, 0, 0, {0, 0}, {-1, -1}, 1, 0, 117505, ... {status=0x0, info=582}, ) == 0x0
33977 405 412 NtQueryInformationFile (532, 1373208, 24, Standard, ... {status=0x0, info=24}, ) == 0x0
33978 405 412 NtAllocateVirtualMemory (-1, 0, 0, 1056992, 8192, 4, ... 32309248, 1060864, ) == 0x0
33979 405 412 NtAllocateVirtualMemory (-1, 32309248, 0, 8416, 4096, 4, ... 32309248, 12288, ) == 0x0
33980 405 412 NtReadFile (532, 0, 0, 0, 8412, 0x0, 2012500072, ... {status=0x0, info=8412}, "[about]\15\12version=6.16\15\12show=Deckard\15\12\15\12[windows]\15\12main=14,1012,12,730,2,0,0\15\12status=1,534,1,303,2,1,0\15\12scripts=179,796,33,608,0,0,0\15\12wchannel=42,800,42,240,0,1,0\15\12wserv=105,853,105,486,2,1,0\15\12wlist=-1,800,-1,480,0,1,0\15\12wquery=63,652,63,240,1,1,0\15\12wwwwlist=-1,666,-1,360,0,1,0\15\12wdccg=-1,269,-1,261,0,1,0\15\12wdccs=-1,269,-1,261,0,1,0\15\12wchat=231,666,231,360,0,1,0\15\12wlinks=-1,851,-1,484,0,1,0\15\12\15\12[dde]\15\12ServerStatus=off\15\12ServiceName=borgirc\15\12CheckName=off\15\12\15\12[wizard]\15\12warning=6\15\12\15\12[dccserver]\15\12n0=0,59,1,1", ) == 0x0
33981 405 412 NtWriteFile (532, 0, 0, 0, "252,666,252,360,0,1,0", 21, {337, 0}, 2012500072, ... {status=0x0, info=21}, ) == 0x0
33982 405 412 NtSetInformationFile (532, 1218444, 8, EndOfFile, ... {status=0x0, info=0}, ) == 0x0
33983 405 412 NtFreeVirtualMemory (-1, (0x1ed0000), 1060864, 32768, ... (0x1ed0000), 1060864, ) == 0x0
33984 405 412 NtUnlockFile (532, {0, 0}, {-1, -1}, 412, ... ) == STATUS_RANGE_NOT_LOCKED
33985 405 412 NtClose (532, ... ) == 0x0
33986 405 412 NtFreeVirtualMemory (-1, (0x1281000), 53248, 16384, ... (0x1281000), 53248, ) == 0x0
33987 405 412 NtRequestWaitReplyPort (292, {48, 72, new_msg, 0, 405, 412, 103084, 0} "\14A\1\0\5\0\312\0\4\0\0\0zq\312\0\0\0\0\0\200\35\24\0\30\7f\1V\24\0\0\1\0\0\0\202\272\37.\271&amp;\0\0\27\273\37." ... {188, 212, reply, 0, 405, 412, 103085, 0} "\2\1\312\0qq\312\0\4\0\0\0zq\312\0\0\0\0\0\200\35\24\0\0\0\0\0\0\0\0\0\221&amp;\0\0\202\272\37.\270&amp;\0\0\27\273\37.\15\0\0\0\225\1\0\0\234\1\0\0\15\0\0\0\234\1\0\0\225\1\0\0\1\0\0\0\5\0\4\0\0\0\0\0\225\1\0\0\234\1\0\0\0\0\0\0\200$\26\0\23\0\0\0\23\0\21\0n\0c\0a\0l\0r\0p\0c\0:\0[\0O\0L\0E\0e\02\0]\0\0\0\0\0\0\0\0\0\372w\0\0\0\0\0\0\0\0\6\0\0\0\350g\25\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ) == 0x0
33988 405 412 NtDeleteAtom (49183, ... ) == 0x0
33989 405 412 NtQueryInformationProcess (-1, DebugPort, 4, ... {process info, class 7, size 4}, 0x0, ) == 0x0
33990 405 412 NtQueryInformationProcess (-1, DefaultHardErrorMode, 4, ... {process info, class 12, size 4}, 0x0, ) == 0x0
33991 405 412 NtClose (336, ... ) == 0x0
33992 405 412 NtOpenKey (0x80000000, {24, 0, 0xc0, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\AeDebug"}, ... 364, ) == 0x0
33993 405 412 NtQueryValueKey (364, "Debugger", Partial, 16, ... ) == STATUS_BUFFER_OVERFLOW
33994 405 412 NtQueryValueKey (364, "Debugger", Partial, 64, ... TitleIdx=0, Type=1, Data="d\0r\0w\0t\0s\0n\03\02\0 \0-\0p\0 \0%\0l\0d\0 \0-\0e\0 \0%\0l\0d\0 \0-\0g\0\0\0"}, 64, ) == 0x0
33995 405 412 NtQueryKey (364, Basic, 24, ... ) == STATUS_BUFFER_OVERFLOW
33996 405 412 NtQueryValueKey (364, "Auto", Partial, 16, ... TitleIdx=0, Type=1, Data="1\0\0\0"}, 16, ) == 0x0
33997 405 412 NtCreateEvent (0x1f0003, {24, 0, 0x2, 0, 0, 0x0}, 0, 0, ... 372, ) == 0x0
33998 405 412 NtRequestWaitReplyPort (32, {24, 48, new_msg, 0, 0, 10, 0, 0} "\0\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\225\1\0\0\234\1\0\0" ... {24, 48, reply, 0, 405, 412, 103086, 0} "\0\0\0\0\4\0\0\0\0\0\0\0\0\0\0\0\225\1\0\0\234\1\0\0" ) == 0x0
33999 405 412 NtFsControlFile (20, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... {status=0x0, info=0}, 0x0, ) == 0x0
34000 405 412 NtQueryAttributesFile ({24, 0, 0x40, 0, 0, "\??\C:\BorgIRC\BorgIRC 2.56\drwtsn32.exe"}, 1237516, ... ) == STATUS_OBJECT_NAME_NOT_FOUND

Last edited by STING; 09/07/04 09:35 AM.

Entire Thread
Subject	Posted By	Posted
DCC Related GPF Bug (6.0 - 6.16)	Anonymous	08/07/04 03:41 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Coolkill	08/07/04 04:00 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Mentality	08/07/04 04:13 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	08/07/04 04:25 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	08/07/04 04:45 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Mentality	08/07/04 04:55 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	STING	09/07/04 09:28 AM
Re: DCC Related GPF Bug (6.0 - 6.16)	STING	09/07/04 09:39 AM
Re: DCC Related GPF Bug (6.0 - 6.16)	Online	09/07/04 01:22 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	STING	09/07/04 01:47 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	09/07/04 02:51 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	09/07/04 10:02 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	KingTomato	09/07/04 11:02 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	landonsandor	10/07/04 03:32 AM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	10/07/04 08:57 AM
Re: DCC Related GPF Bug (6.0 - 6.16)	KingTomato	10/07/04 01:05 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	10/07/04 01:41 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Mentality	10/07/04 01:43 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	10/07/04 01:53 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	KingTomato	10/07/04 03:02 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	10/07/04 05:49 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	landonsandor	11/07/04 01:54 AM
Re: DCC Related GPF Bug (6.0 - 6.16)	RuFy	11/07/04 10:17 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	22/07/04 03:34 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	09/11/04 04:25 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	RuFy	09/07/04 06:06 PM
Re: DCC Related GPF Bug (6.0 - 6.16)	Anonymous	09/07/04 06:52 PM

Link Copied to Clipboard

Forums Bug Reports DCC Related GPF Bug (6.0 - 6.16)