Version and Platform (required):
- Binary Ninja Version: 5.4.9450
- Edition: Ultimate
- OS: macOS
- OS Version: 26.4.1
- CPU Architecture: M5
Bug Description:
This is the official definition of the except_handler4_common function for x86 32-bit:
typedef void (__fastcall *PCOOKIE_CHECK)(UINT_PTR);
_except_handler4_common(
IN PUINT_PTR CookiePointer,
IN PCOOKIE_CHECK CookieCheckFunction,
#endif
IN PEXCEPTION_RECORD ExceptionRecord,
IN PEXCEPTION_REGISTRATION_RECORD EstablisherFrame,
IN OUT PCONTEXT ContextRecord,
IN OUT PVOID DispatcherContext
)
The __fastcall calling convention is missing from our type libraries on the CookieCheckFunction. The analysis propagates the bad calling convention to the actual cookie check, which causes the incoming cookie to be on the stack instead of a register as excepted.
Callers of the cookie check function get random variables named cookie that have nothing to do with the stack cookie, as it's looking in the wrong location for the parameter.
Version and Platform (required):
Bug Description:
This is the official definition of the
except_handler4_commonfunction for x86 32-bit:The
__fastcallcalling convention is missing from our type libraries on theCookieCheckFunction. The analysis propagates the bad calling convention to the actual cookie check, which causes the incoming cookie to be on the stack instead of a register as excepted.Callers of the cookie check function get random variables named
cookiethat have nothing to do with the stack cookie, as it's looking in the wrong location for the parameter.