Handle invalid hook addresses gracefully

Closes #37
ndrewh · Aug 26, 2024 · 76f7285 · 76f7285
1 parent 8c54fdb
commit 76f7285
Show file tree

Hide file tree

Showing 3 changed files with 34 additions and 1 deletion.
diff --git a/pyda_core/pyda_core_py.c b/pyda_core/pyda_core_py.c
@@ -559,9 +559,16 @@ PydaProcess_register_hook(PyObject *self, PyObject *args) {
 
 #ifdef PYDA_DYNAMORIO_CLIENT
     DEBUG_PRINTF("register_hook: %llx\n", addr);
-#endif // PYDA_DYNAMORIO_CLIENT
+    if (!dr_memory_is_readable((app_pc)addr, 1)) {
+        char buf[100];
+        snprintf(buf, sizeof(buf), "Hooked PC %" PRIxPTR " is invalid.", (uintptr_t)addr);
+        PyErr_SetString(PyExc_RuntimeError, buf);
+        return NULL;
+    }
+
     pyda_add_hook(p->main_thread->proc, addr, callback);
 
+#endif // PYDA_DYNAMORIO_CLIENT
     Py_INCREF(Py_None);
     return Py_None;
 }

diff --git a/tests/err_invalidhook.py b/tests/err_invalidhook.py
@@ -0,0 +1,18 @@
+from pyda import *
+from pwnlib.elf.elf import ELF
+from pwnlib.util.packing import u64
+import string
+import sys, time
+
+p = process()
+
+e = ELF(p.exe_path)
+e.address = p.maps[p.exe_path].base
+
+counter = 0
+def lib_hook(p):
+    global counter
+    counter += 1
+
+p.hook(0x1337133713371337, lib_hook)
+p.run()
diff --git a/tests/run_tests.py b/tests/run_tests.py
@@ -224,6 +224,14 @@ def no_warnings_or_errors(stdout: bytes, stderr: bytes) -> bool:
             lambda o, e: o.count(b"pass\n") == 1,
         ]
     )),
+
+    ("err_invalidhook", "simple.c", "err_invalidhook.py", RunOpts(), ExpectedResult(
+        retcode=0,
+        checkers=[
+            output_checker,
+            lambda o, e: e.count(b"RuntimeError: Hooked PC 1337133713371337 is invalid.") == 1,
+        ]
+    )),
 ]
 
 def main():