Results 1 to 3 of 3

Thread: MS IE 11, MS Windows 8.1 debug build - Problem on setting breakpoint on specific func Share/Save - My123World.Com!

  1. #1

    Question MS IE 11, MS Windows 8.1 debug build - Problem on setting breakpoint on specific func

    Hello there.

    I'm digging into mshtml.dll & internet explorer for reverse engineering stuff.
    I'm dissecting the "CTitileElement" class & my purpose is to dissect each CTititleElement function while manipulating "Title" tags .
    well, first of all, I created the following breakpoints while attaching to MS IE 11.0 with windbg .

    Code:
    0:022> bp MSHTML!CTitleElement::CreateElement
    0:022> bp MSHTML!CTitleElement::CreateElementIE9
    0:022> bp MSHTML!CTitleElement::GetTitle
    0:022> bp MSHTML!CTitleElement::SetTitle
    0:022> bp MSHTML!CTitleElement::TitleLength
    Then I use the following simple javascript code :
    Code:
    <html>
    	<title>Hello There!</title>
    </html>
    I want my debugger to hit @ creating the title element, but unfortunately it's quite unstable, I'm not able to be trapped by the debugger while creating the "Title" tag on the above code.

    I thought it is the problem of ASLR & my "br" command (since it's creating the breakpoint @ the spcified address) & I disabled the ASLR by installing EMET & disabling all protections, but still I'm unsucessful.

    Any suggestion to solve this issue ?
    Thanks!

    Regards.
    ~ Area51

  2. #2
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    Once you set break point make sure it is actually set by running following command "bl"

    you can also try to put break point by calculating offset and then setting breakpoint on function offset to remove MSHTML symbols dependency

  3. #3
    Hello!

    Thank you.

    I used the method you mentioned, I here's the log of my work :

    Code:
    0:012> x mshtml!CTitleElement::Create*
    5723cf10          mshtml!CTitleElement::CreateElement (<no parameter info>)
    5723cf90          mshtml!CTitleElement::CreateElementIE9 (<no parameter info>)
    0:012> bp 5723cf10+2
    0:012> bp 5723cf90+2
    
    0:012> bl
     0 e 5723cf12     0001 (0001)  0:**** mshtml!CTitleElement::CreateElement+0x2
     1 e 5723cf92     0001 (0001)  0:**** mshtml!CTitleElement::CreateElementIE9+0x2
     2 e 5723d482     0001 (0001)  0:**** mshtml!CTitleElement::Notify+0x2
    
    
    0:000> gh
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d695fb8 -> 0d9aef88 REJECTED INTERFACE: {ecc8691b-c1db-4dc0-855e-65f6c551af49}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d695fb8 -> 0d9aef88 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d695fb8 -> 0d9aef88 REJECTED INTERFACE: {00000040-0000-0000-c000-000000000046}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d695fb8 -> 0d9aef88 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d695fb8 -> 0d9aef88 REJECTED INTERFACE: {94ea2b94-e9cc-49e0-c0ff-ee64ca8f5b90}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d695fb8 -> 0d9aef88 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {ecc8691b-c1db-4dc0-855e-65f6c551af49}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {00000040-0000-0000-c000-000000000046}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {94ea2b94-e9cc-49e0-c0ff-ee64ca8f5b90}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {77dd1250-139c-2bc3-bd95-900aced61be5}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  13f74fb8 -> 141c8ff0 REJECTED INTERFACE: {ecc8691b-c1db-4dc0-855e-65f6c551af49}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  13f74fb8 -> 141c8ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  13f74fb8 -> 141c8ff0 REJECTED INTERFACE: {00000040-0000-0000-c000-000000000046}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  13f74fb8 -> 141c8ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  13f74fb8 -> 141c8ff0 REJECTED INTERFACE: {94ea2b94-e9cc-49e0-c0ff-ee64ca8f5b90}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  13f74fb8 -> 141c8ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  13f74fb8 -> 141c8ff0 REJECTED INTERFACE: {77dd1250-139c-2bc3-bd95-900aced61be5}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  14912fb8 -> 106a0ff0 REJECTED INTERFACE: {ecc8691b-c1db-4dc0-855e-65f6c551af49}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  14912fb8 -> 106a0ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  14912fb8 -> 106a0ff0 REJECTED INTERFACE: {00000040-0000-0000-c000-000000000046}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  14912fb8 -> 106a0ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  14912fb8 -> 106a0ff0 REJECTED INTERFACE: {94ea2b94-e9cc-49e0-c0ff-ee64ca8f5b90}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  14912fb8 -> 106a0ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  14912fb8 -> 106a0ff0 REJECTED INTERFACE: {77dd1250-139c-2bc3-bd95-900aced61be5}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  07499fb8 -> 049f6ff0 REJECTED INTERFACE: {ecc8691b-c1db-4dc0-855e-65f6c551af49}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  07499fb8 -> 049f6ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  07499fb8 -> 049f6ff0 REJECTED INTERFACE: {00000040-0000-0000-c000-000000000046}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  07499fb8 -> 049f6ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  07499fb8 -> 049f6ff0 REJECTED INTERFACE: {94ea2b94-e9cc-49e0-c0ff-ee64ca8f5b90}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  07499fb8 -> 049f6ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:42) SECURITYPROXY - Frame MasterProxy  07499fb8 -> 049f6ff0 REJECTED INTERFACE: {77dd1250-139c-2bc3-bd95-900aced61be5}: 0x0
    Application "\??\C:\Program Files\Internet Explorer\iexplore.exe" found in cache
    ModLoad: 0ce50000 0cf16000   iexplore.exe
    (003256+000e18:13:43) SECURITYPROXY - Frame MasterProxy  0c0eefb8 -> 0cf64ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:43) SECURITYPROXY - Frame MasterProxy  0c0eefb8 -> 0cf64ff0 REJECTED INTERFACE: {2c258ae7-50dc-49ff-9d1d-2ecb9a52cdd7}: 0x0
    (003256+000e18:13:43) SECURITYPROXY - Frame MasterProxy  122f4fb8 -> 137f4ff0 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:43) SECURITYPROXY - Frame MasterProxy  122f4fb8 -> 137f4ff0 REJECTED INTERFACE: {2c258ae7-50dc-49ff-9d1d-2ecb9a52cdd7}: 0x0
    (003256+000e18:13:43) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:43) SECURITYPROXY - Frame MasterProxy  0d9b0fb8 -> 09bbcf88 REJECTED INTERFACE: {2c258ae7-50dc-49ff-9d1d-2ecb9a52cdd7}: 0x0
    (003256+000e18:13:44) SECURITYPROXY - Frame MasterProxy  105ecfb8 -> 0498dd74 REJECTED INTERFACE: {ecc8691b-c1db-4dc0-855e-65f6c551af49}: 0x0
    (003256+000e18:13:44) SECURITYPROXY - Frame MasterProxy  105ecfb8 -> 0498dd74 REJECTED INTERFACE: {334d391f-0e79-3b15-c9ff-eac65dd07c42}: 0x0
    (003256+000e18:13:44) SECURITYPROXY - Frame MasterProxy  105ecfb8 -> 0498dd74 REJECTED INTERFACE: {00000040-0000-0000-c000-000000000046}:
    and here's my html file :

    Code:
    <!DOCTYPE html>
    <html>
    <head>
    </head>
    <body>
    <script>
        var x = document.createElement("TITLE");
        var t = document.createTextNode("HTML DOM Objects");
        x.appendChild(t);
        document.head.appendChild(x);
    
        document.getElementById("demo").innerHTML = "You have now created a TITLE element in the HEAD section of your document.";
    </script>
    
    </body>
    </html>
    But it's not worked!

    ( very few times, it got hit into the debugger )


    It's notable that I'm using a checked build version of windows :
    Code:
    0:001> vertarget
    Windows 8 Version 9600 UP Checked x86 compatible
    Product: WinNt, suite: SingleUserTS
    Any ideas ?

    Thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •