Windows earliest injection #234
Comments
|
From [email protected] on November 27, 2011 10:05:28 adding an important note for anyone who later debugs issues with early injection: attaching windbg invasively masks problems with ntdll not being initialized as windbg's thread runs LdrInitializeThunk. and of course attaching non-invasively does not allow execution. that means the debugger can be used only to examine DR state or ntdll/PEB state (if non-invasive) and leaves printf-style debugging as the only recourse for handling crashes, etc. Status: Started |
|
Adding summary info as this issue was not updated very well with all the work that went into it years back: earliest injection is implemented (-early_inject_map -early_inject_location 5) for same-arch with no client support. The main reason it has languished is client support (xref #980). |
From [email protected] on November 25, 2009 15:18:06
this was PR 204587 issue #157 enables injecting at the very start of the init APC. we just
need to write a bootstrap loader that can then invoke our private loader:
perhaps by hooking up the DR lib imports, or having a self-contained loader
that makes raw syscalls.
Original issue: http://code.google.com/p/dynamorio/issues/detail?id=234
The text was updated successfully, but these errors were encountered: