Can't handle jump to heaven's gate #2
Description
Use following command line to reproduce.
python ShellcodeEmulator\emulator.py "b3e4c1e7912d6888c89ea1fc35c570ff56729541.bin" -d MemoryDumps\notepad.dmp > b3e4c1e7912d6888c89ea1fc35c570ff56729541.log
pause
Traceback (most recent call last):
File "ShellcodeEmulator\emulator.py", line 112, in Run
self.Emulator.Start(self.CodeStart, self.CodeStart+self.CodeLen)
File "ShellcodeEmulator\emulator.py", line 44, in Start
self.uc.emu_start(start, end)
File "C:\Users\Administrator\AppData\Local\Programs\Python\Python37-32\lib\site-packages\unicorn\unicorn.py", line 288, in emu_start
raise UcError(status)
unicorn.unicorn.UcError: Unhandled CPU exception (UC_ERR_EXCEPTION)
: 77B96000: ea 09 60 b9 77 33 00 ljmp 0x33:0x77b96009
Information on call gate is here
The above instruction jumps to the given address of the code segment through a specified segment selector call gate. Intel’s specification [2] refers to this instruction as a FAR Jump instruction which if it’s segment selector ( in this case 0×0033 ) is a call gate then then the code jumps to the code segment specified in the call gate descriptor ( which is located in the GDT ) and executes the code pointed to by the gate, if the segment selector is for a code segment then a far jump to the segment is performed. which in this case handles the switch from 32bit to 64bit.
More information is here
- Try to apply x64 flags for 0x33 selector.
- Artifacts are shared here