can you do
dumpbin /exports
on the DLL?
202010232046:
0.00 version 1 ordinal base 12 number of functions 12 number of names
ordinal hint RVA name 12 0 000013A0 getModuleName 2 1 000013B0 primitiveAccept = printf 3 2 000014F0 primitiveConnect 4 3 00001630 primitiveCreate 5 4 00001680 primitiveDecrypt 6 5 000017C0 primitiveDestroy 7 6 00001820 primitiveEncrypt 8 7 00001960 primitiveGetIntProperty 9 8 000019F0 primitiveGetStringProperty 10 9 00001B40 primitiveSetIntProperty 11 A 00001BE0 primitiveSetStringProperty 1 B 00001CA0 setInterpreter
Summary
1000 .CRT 1000 .bss 1000 .data 4000 .debug_abbrev 1000 .debug_aranges 2000 .debug_frame 44000 .debug_info 9000 .debug_line 13000 .debug_loc 1000 .debug_macinfo 1000 .debug_ranges 3000 .debug_str 1000 .edata 1000 .idata 1000 .pdata 2000 .rdata 1000 .reloc 1000 .rsrc 9000 .text 1000 .tls 1000 .xdata
202003021730:
File Type: DLL
Section contains the following exports for SqueakSSL.dll
00000000 characteristics 5E5E1711 time date stamp Tue Mar 3 09:36:33 2020 0.00 version 1 ordinal base 12 number of functions 12 number of names ordinal hint RVA name 12 0 000013B0 getModuleName 2 1 000013C0 primitiveAccept = sqSetupCert 3 2 00001500 primitiveConnect 4 3 00001640 primitiveCreate 5 4 00001690 primitiveDecrypt 6 5 000017D0 primitiveDestroy 7 6 00001830 primitiveEncrypt 8 7 00001970 primitiveGetIntProperty 9 8 00001A00 primitiveGetStringProperty 10 9 00001B50 primitiveSetIntProperty 11 A 00001BF0 primitiveSetStringProperty 1 B 00001CB0 setInterpreter
Summary
1000 .CRT 1000 .bss 1000 .data 3000 .debug_abbrev 1000 .debug_aranges 1000 .debug_frame 39000 .debug_info 4000 .debug_line 6000 .debug_loc 1000 .debug_macinfo 1000 .debug_ranges 3000 .debug_str 1000 .edata 1000 .idata 1000 .pdata 1000 .rdata 1000 .reloc 1000 .rsrc 4000 .text 1000 .tls 1000 .xdata
Also, do you get such a backtrace when you invoke the method of UUID that contains
primitiveMakeUUID
?
In the 202010232046 VM, UUID new
does not raise an error but returns a plausible result. In the 202003021730 VM, another LoadLibrary
warning appears in the console but the expressions answers a plausible result, too. The trace is:
0xC0000005: Access violation when writing at position 0xFFFFFFFF9DAC75EC.
ntdll.dll!LdrpAllocateTlsEntry()
ntdll.dll!LdrpHandleTlsData()
ntdll.dll!LdrpDoPostSnapWork()
ntdll.dll!LdrpSnapModule()
ntdll.dll!LdrpMapAndSnapDependency()
ntdll.dll!LdrpMapDllWithSectionHandle()
ntdll.dll!LdrpMapDllNtFileName()
ntdll.dll!LdrpMapDllRetry�()
ntdll.dll!LdrpProcessWork�()
ntdll.dll!LdrpDrainWorkQueue()
ntdll.dll!LdrpLoadDllInternal()
ntdll.dll!LdrpLoadDll�()
ntdll.dll!LdrLoadDll()
KernelBase.dll!LoadLibraryExW()
KernelBase.dll!LoadLibraryExA�()
KernelBase.dll!LoadLibraryA()
Squeak.exe!00000000004aa129()
Squeak.exe!00000000004b8cd7()
Squeak.exe!00000000004b9062()
Squeak.exe!000000000041c642()
Squeak.exe!0000000000407926()
Squeak.exe!0000000000411c9e()
Squeak.exe!0000000000401d3c()
Squeak.exe!00000000004aea6b()
Squeak.exe!00000000004aed8f()
Squeak.exe!00000000004013c7()
Squeak.exe!00000000004014cb()
kernel32.dll!BaseThreadInitThunk�()
ntdll.dll!RtlUserThreadStart�()
So yes, the stack appears to be indentical.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.