Skip to content

Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9) #240

Open
Open
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)#240
@ghost

Description

@ghost
ghost
opened on Mar 11, 2024

I get the following error:

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None 
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)

I tried adding the dll with -l C:\Windows\System32\msvcp140.dll:

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe -l C:\Windows\System32\msvcp140.dll

  File "C:\speakeasy-master\speakeasy\windows\winemu.py", line 1615, in get_fp
    files = [os.path.join(path, fn) for fn in os.listdir(path)]
                                              ^^^^^^^^^^^^^^^^
NotADirectoryError: [WinError 267] The directory name is invalid: 'C:\\Windows\\System32\\msvcp140.dll'

-l C:\Windows\System32\

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe -l C:\Windows\System32\
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)
* Finished emulating
* Saving emulation report to C:\option1_encrypt_nocout.json

-l C:\Windows\SysWOW64\

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe -l C:\Windows\SysWOW64\
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)
* Finished emulating
* Saving emulation report to C:\option1_encrypt_nocout.json

I tried adding an API handler by adding: C:\speakeasy-master\speakeasy\winenv\api\usermode\msvcp140.py using this documentation: https://en.cppreference.com/w/cpp/io/basic_ios/basic_ios

from .. import api

class basic_ios(api.ApiHandler):
    """
    Implements exported functions from msvcp140.dll
    """
    name = 'msvcp140'
    apihook = api.ApiHandler.apihook
    impdata = api.ApiHandler.impdata

    def __init__(self, emu):
        super(basic_ios, self).__init__(emu)
        super(basic_ios, self).__get_hook_attrs__(self)

and get the same error:

PS C:\speakeasy-master> python -m speakeasy -o C:\option1_encrypt_nocout.json -t C:\option1_encrypt_nocout.exe
* exec: module_entry
0x140003e5e: 'KERNEL32.GetSystemTimeAsFileTime(0x12fff88)' -> None
0x140003e6c: 'KERNEL32.GetCurrentThreadId()' -> 0x434
0x140003e78: 'KERNEL32.GetCurrentProcessId()' -> 0x420
0x140003e88: 'KERNEL32.QueryPerformanceCounter(0x12fff90)' -> 0x1
0x1400038f4: 'api-ms-win-crt-runtime-l1-1-0._initterm_e(0x1400053d0, 0x1400053e8)' -> 0x0
0x140003915: 'api-ms-win-crt-runtime-l1-1-0._initterm(0x1400053b0, 0x1400053c8)' -> 0x0
0x140003983: 'api-ms-win-crt-runtime-l1-1-0._get_initial_narrow_environment()' -> 0x48f0
0x14000398b: 'api-ms-win-crt-runtime-l1-1-0.__p___argv()' -> 0x4a10
0x140003993: 'api-ms-win-crt-runtime-l1-1-0.__p___argc()' -> 0x4a60
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4a70
0x140001344: 'VCRUNTIME140.memset(0x12ffd28, 0x0, 0x110)' -> 0x12ffd28
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4aa0
0x14000375f: 'api-ms-win-crt-heap-l1-1-0.malloc(0x20)' -> 0x4ad0
0x14000300c: 'VCRUNTIME140.memcpy(0x4ad0, 0x12ffc78, 0xf)' -> 0x4ad0
0x140001451: 'api-ms-win-crt-heap-l1-1-0.free(0x4aa0)' -> None
0xfeedf02c: module_entry: Caught error: unsupported_api
Invalid memory read (UC_ERR_READ_UNMAPPED)
Unsupported API: MSVCP140.??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ (ret: 0x1400026b9)
* Finished emulating
* Saving emulation report to C:\option1_encrypt_nocout.json

Did I implement the API handler correctly?

Update:
I noticed that basic_ios is not in MSVCP140. It is in MSVC170 https://learn.microsoft.com/en-us/cpp/standard-library/basic-ios-class?view=msvc-170

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions