EMET thwarts injection #1546

Open
derekbruening opened this Issue Nov 28, 2014 · 1 comment

Comments

Projects
None yet
1 participant
@derekbruening
Contributor

derekbruening commented Nov 28, 2014

From bruen...@google.com on September 27, 2014 22:47:46

Trying to run powerpnt.exe from Office 2010 under DR on one of my machines recently resulted in powerpnt launching natively, whether I tried drrun, from-parent injection, or AppInit. This is a 64-bit app, so not wow64 layer.

Disabling all the checkboxes for EMET for powerpnt.exe and it then runs fine under DR.

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=1546

@derekbruening

This comment has been minimized.

Show comment
Hide comment
@derekbruening

derekbruening Jan 10, 2017

Contributor

This needs to at least be documented.

Contributor

derekbruening commented Jan 10, 2017

This needs to at least be documented.

@derekbruening derekbruening self-assigned this Jan 11, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment