Command not supported "db 1F"

Issues related to VMProtect
apple_banana
Posts: 1
Joined: Wed Apr 03, 2019 1:50 pm

Command not supported "db 1F"

Postby apple_banana » Wed Apr 03, 2019 2:24 pm

Hi, I've been using VMProtect Ultimate v 3.3.1, and here's my function (sensitive code removed):

Code: Select all

int someFunction() {
    assert(!m_path.empty());

    if (m_path.empty()) {
        return global_error;
    }
    std::vector<unsigned char> data;

    int err = OpenFile(m_path, data);
    if (err != 0) {
        m_path /= "/add/some/path";
        err = OpenFile(m_path, data);
        if (err != 0) {
            return err;
        }
    }

    uint8_t* pb = &data[0];
    int cb = static_cast<int>(data.size());

    uint32_t tagMask = 0;

    while (cb > 0) {
        uint8_t tag = *pb;
        cb--;
        pb++;

        uint32_t length = 0;
        fileReadInt(...);
        if (length > static_cast<uint32_t>(cb)) {
            break;
        }

        if (tag == 2) {   
            fileReadInt(...);
            length = 0;
        }
        else if (tag == 3) {
            if (...) {
                assert (...);
                memmove (...);
                memmove (...);
            }
        }
        else if (tag == 4) {
            if (...) {
                assert (...);
                memmove (...);
            }
        }
        else if (tag == 5) {
            if (...) {
                assert (...);
                memmove (...);
            }
        }
        else if (tag == 6) {
            fileReadInt(...);
            length = 0;
        }

        pb += length;
        cb -= length;
    };

    if (...) {
        return global_error;
    }
    return 0;
}


I'm getting the "Command not supported "db 1F" " error while protecting it. Any suggestions?

Admin
Site Admin
Posts: 1676
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Command not supported "db 1F"

Postby Admin » Fri Apr 05, 2019 6:25 am

Please send us a test example that shows your problem.

dzid
Posts: 14
Joined: Fri Jul 03, 2009 5:48 am

Re: Command not supported "db 1F"

Postby dzid » Mon Sep 09, 2019 12:32 am

Got the same problem.

It looks like an issue (issue??) in C++ compiler.

Code: Select all

...
0000000180104006 E8 D5D3F4FF   call 00000001800513E0 → std::vector<char,class std::allocator<char> >::_Xlength(void)
000000018010400B 90   nop
000000018010400C AD   lodsd
000000018010400D 3910   cmp [rax], edx
000000018010400F 0019   add [rcx], bl
0000000180104011 3B10   cmp edx, [rax]
0000000180104013 009D 3C100009   add [rbp+000000000900103C], bl
0000000180104019 3E:1000   adc ds:[rax], al
000000018010401C 9E   sahf
000000018010401D 3F   db 3F
00000001806A3968 22059319   dd 19930522 Magic
00000001806A396C 0D000000   dd 0000000D MaxState
00000001806A3970 28F57D00   dd 007DF528 UnwindMapEntry
00000001806A3974 00000000   dd 00000000 TryBlocks
00000001806A3978 00000000   dd 00000000 TryBlockMapEntry
00000001806A397C 0F000000   dd 0000000F IPMapEntries
00000001806A3980 90F57D00   dd 007DF590 IPtoStateMap
00000001806A3984 78000000   dd 00000078 UnwindHelp
00000001806A3988 00000000   dd 00000000 ESTypeList
00000001806A398C 01000000   dd 00000001 Flags

This is the code in question. We're looking at the branch that throws std::length_error exception. The function std::vector<....>::_Xlength() will not return, and the compiler knows it. For some reason it generates rubbish past the call (or is it some internal data/table?? looks like a table as it has regularish structure) which VMProtect chokes at.

This code is generated by CL 19.22.27905 from VS16.2.

PS: Sometimes VMProtect is able to process the binary, but this function will not work anyway. Calling this function results in crash.
PPS: VMProtect 3.4.0 build 1131
P3S: This is actually a switch table. The actual code ends at nop instruction.

Admin
Site Admin
Posts: 1676
Joined: Mon Aug 21, 2006 8:19 pm
Location: Russia, E-burg
Contact:

Re: Command not supported "db 1F"

Postby Admin » Tue Sep 10, 2019 6:52 am

Unfortunately VMProtect doesn't know about all noreturn functions.