Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to start with --dbg path_to/windbg.exe #22

Open
elibi opened this issue Apr 4, 2016 · 6 comments
Open

Unable to start with --dbg path_to/windbg.exe #22

elibi opened this issue Apr 4, 2016 · 6 comments

Comments

@elibi
Copy link

elibi commented Apr 4, 2016

It seems related to the fact that the debugger is started using start_app and not a regular CreateProcess call.
Why do we need to inject to the debugger process? it didn't work anyway.

Unfortunately I don't have the log available.
@elibi
Copy link
Author

elibi commented Apr 6, 2016

@jbremer

@jbremer
Copy link
Member

jbremer commented Apr 7, 2016

Could you try with OllyDBG or x64dbg? As you can see in the command-line string that's created it passes the process identifier along using the -p switch - I'm not sure if that works for WinDBG?
We could add support for WinDBG if you prefer, but initially this switch was intended for Olly.
For WinDBG I propose we add a flag --dbg-windbg that then uses the WinDBG command-line (which I'm sure you can find out for us) instead of the Olly one.

Thanks!

@jbremer
Copy link
Member

jbremer commented Apr 7, 2016

Or just something like --windbg C:\..., of course.

@elibi
Copy link
Author

elibi commented Apr 10, 2016

The command line is fine and actually works.
However, what's not working is the monitor's injection to the WinDBG process, which I don't fully understand why we need it anyways.

When I replaced the "start_app" call with a simple CreateProcess everything worked seamlessly.

@jbremer
Copy link
Member

jbremer commented Apr 10, 2016

It executes the CreateProcess from its own process. I just used start_app rather than CreateProcessW because it's there anyway and includes some flags that we use normally anyway.
Can you show a diff of your solution that does work for you?

@elibi
Copy link
Author

elibi commented Apr 11, 2016

Sure.

diff --git a/bin/inject.c b/bin/inject.c
index 6d93799..f1eb91f 100644
--- a/bin/inject.c
+++ b/bin/inject.c
@@ -548,6 +548,14 @@ int main()
     uint32_t pid = 0, tid = 0, from = 0, inj_mode = INJECT_NONE;
     uint32_t show_window = SW_SHOWNORMAL, only_start = 0, resume_thread_ = 0;

+    STARTUPINFO si;
+    PROCESS_INFORMATION pi;
+
+    ZeroMemory( &si, sizeof(si) );
+    si.cb = sizeof(si);
+    ZeroMemory( &pi, sizeof(pi) );
+
+
     for (int idx = 1; idx < argc; idx++) {
         if(wcscmp(argv[idx], L"--crt") == 0) {
             inj_mode = INJECT_CRT;
@@ -796,8 +804,9 @@ int main()
         wchar_t buf[1024];
         wsprintfW(buf, L"\"%s\" -p %d", dbg_path, pid);

-        start_app(GetCurrentProcessId(), dbg_path, buf,
-            NULL, NULL, SW_SHOWNORMAL);
+//        start_app(GetCurrentProcessId(), dbg_path, buf,
+//            NULL, NULL, SW_SHOWNORMAL);
+       CreateProcessW(NULL, buf, NULL, NULL, FALSE, 0, NULL, NULL, &si, &pi);

         Sleep(5000);
     }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jbremer @elibi