incomplete emulation of fstenv under TCG
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
QEMU |
Expired
|
Undecided
|
Unassigned |
Bug Description
Steps to reproduce:
1) Install Windows (tried XP and 7) in qemu (tried qemu without kvm and qemu-kvm).
2) Get OllyDbg ( http://
3) Use some Metasploit-encoded file, example included.
It is not a virus!
File was generated with Metasploit, command (if i remember it right): `msfpayload windows/exec cmd=notepad R | msfencode -e x86/shikata_ga_nai -t exe -o cmd_exec_
4) Launch the file under Windows in qemu, make sure it opens a notepad.
5) Open file under OllyDbg, run (F9) it there. It opens a notpad. Close OllyDbg.
6) Open file under OllyDbg, trace over (Ctrl+F12) it there. It fails with `Access violation when writing to [some address]`.
Command: 316A 13, XOR DWORD PTR DS:[EDX+13],EBP
Under native Windows, the trace over command works fine.
Under VMware the trace works fine.
Under VirtualBox it also fails (checked in the spring).
$ qemu-kvm --version
QEMU PC emulator version 0.12.5 (qemu-kvm-0.12.5), Copyright (c) 2003-2008 Fabrice Bellard
Changed in qemu: | |
status: | New → Confirmed |
http:// imagebin. ca/view/ zue0YNZ. html - This is VMware screenshot just before executing that command.
Looks like something is wrong with EDX register in OllyDbg under QEMU. That register was popped as a result of FSTENV command.