drrun.exe on simple console application crashes with <intercept_syscall_wrapper: not hooking ??? due to conflict @0x????>
120 views
Skip to first unread message
Flora Xiao
Jun 22, 2017, 3:57:33 PM6/22/17
to DynamoRIO Users
Hello,
First, thanks for the tool! I'm excited to use it.
I wrote a simple console application (generically titled ConsoleApplication1.exe) with one parameter to indicate the input file. The console application started as a stock C# Console Application project in Visual Studio 2015, which I modified to import a library (let's call it TryThisOut) and run a couple functions in the TryThisOut, then exit. It runs and exits with no errors in Visual Studio 2015. I compiled it into a x64 Release binary, and ran the binary from the Developer Command Prompt for VS2015--it ran fine and exits with no errors.
I am currently trying to run it through drrun.exe. The command I'm running is:
This crashes. Is there something I'm doing in my program that's causing this to crash? Was there something I was supposed to include in my code that would cause this? The only libraries I have imported are System and TryThisOut.
First, thanks for the tool! I'm excited to use it.
I wrote a simple console application (generically titled ConsoleApplication1.exe) with one parameter to indicate the input file. The console application started as a stock C# Console Application project in Visual Studio 2015, which I modified to import a library (let's call it TryThisOut) and run a couple functions in the TryThisOut, then exit. It runs and exits with no errors in Visual Studio 2015. I compiled it into a x64 Release binary, and ran the binary from the Developer Command Prompt for VS2015--it ran fine and exits with no errors.
I am currently trying to run it through drrun.exe. The command I'm running is:
drrun.exe -debug -verbose -- ConsoleApplication1.exe sample.pptx
This crashes. Is there something I'm doing in my program that's causing this to crash? Was there something I was supposed to include in my code that would cause this? The only libraries I have imported are System and TryThisOut.
Derek Bruening
Jun 23, 2017, 11:25:09 AM6/23/17
to dynamor...@googlegroups.com
It sounds like some invasive software on your system is injecting code into your process and hooking all of those functions. I would suggest launching in a debugger or attaching a debugger and examining those routines to see who it is: generally if you follow the hook's jump you'll see generated code containing a call into a .dll and that .dll will tell you who.
--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-users+unsubscribe@googlegroups.com.
To post to this group, send email to dynamorio-users@googlegroups.com.
Visit this group at https://groups.google.com/group/dynamorio-users.
For more options, visit https://groups.google.com/d/optout.
Flora Xiao
Jun 23, 2017, 4:49:01 PM6/23/17
to DynamoRIO Users
Oh, goodness. It was my AV. Thank you!
One question, though: Why does DynamoRIO work fine to instrument notepad.exe on the same machine??
On Friday, June 23, 2017 at 10:25:09 AM UTC-5, Derek Bruening wrote:
One question, though: Why does DynamoRIO work fine to instrument notepad.exe on the same machine??
On Friday, June 23, 2017 at 10:25:09 AM UTC-5, Derek Bruening wrote:
It sounds like some invasive software on your system is injecting code into your process and hooking all of those functions. I would suggest launching in a debugger or attaching a debugger and examining those routines to see who it is: generally if you follow the hook's jump you'll see generated code containing a call into a .dll and that .dll will tell you who.
On Thu, Jun 22, 2017 at 3:57 PM, 'Flora Xiao' via DynamoRIO Users <dynamor...@googlegroups.com> wrote:
Hello,
First, thanks for the tool! I'm excited to use it.
I wrote a simple console application (generically titled ConsoleApplication1.exe) with one parameter to indicate the input file. The console application started as a stock C# Console Application project in Visual Studio 2015, which I modified to import a library (let's call it TryThisOut) and run a couple functions in the TryThisOut, then exit. It runs and exits with no errors in Visual Studio 2015. I compiled it into a x64 Release binary, and ran the binary from the Developer Command Prompt for VS2015--it ran fine and exits with no errors.
I am currently trying to run it through drrun.exe. The command I'm running is:drrun.exe -debug -verbose -- ConsoleApplication1.exe sample.pptx
This crashes. Is there something I'm doing in my program that's causing this to crash? Was there something I was supposed to include in my code that would cause this? The only libraries I have imported are System and TryThisOut.
--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-use...@googlegroups.com.
To post to this group, send email to dynamor...@googlegroups.com.
Derek Bruening
Jun 23, 2017, 5:22:36 PM6/23/17
to dynamor...@googlegroups.com
Maybe notepad is on the AV's whitelist of programs that don't need runtime in-process monitoring?
To unsubscribe from this group and stop receiving emails from it, send an email to dynamorio-users+unsubscribe@googlegroups.com.
To post to this group, send email to dynamorio-users@googlegroups.com.
Flora Xiao
Jun 26, 2017, 11:52:50 AM6/26/17
to DynamoRIO Users
I looked up the AV and that seems very likely. Thank you for your help!
On Friday, June 23, 2017 at 4:22:36 PM UTC-5, Derek Bruening wrote:
Maybe notepad is on the AV's whitelist of programs that don't need runtime in-process monitoring?
Reply all
Reply to author
Forward
0 new messages