Crash when doing nothing #1459

Open
Yothri opened this Issue Feb 9, 2017 · 7 comments

Projects

None yet

4 participants

@Yothri
Yothri commented Feb 9, 2017

Hi,

i am not good at reversing yet, and I also guess there wont be any help depending my problem here but its a try worth it.

I am trying to debug a game called Guild Wars 2 with x64Dbg (32 Bit) compiled on 30th January 2017.
I am working on Windows 10 Pro x64.

I know for sure that this game doesnt have any anti debug techniques as well as it doesnt use any anti cheat software. Its not packed, and shipped as a clean executable. I can however debug the game with cheat engine without problems but with x64Dbg the game crashes after some time...

x64Dbg throws an ACCESS_VIOLATION in bottom left corner with yellow background and if i try to continue the process it suddenly crashs. I have no idea why, and I also dont have any idea on how to provide more information.

I already tried those plugins with anti debug techniques but i experience the same problem and like I said this game is clean from anti debug techniques.

image

@mrexodia
Member
mrexodia commented Feb 9, 2017

A first chance exception can be resumed by pressing run again. Probably the game has an exception handler...

@Yothri
Yothri commented Feb 9, 2017

Resuming it instantly gets me to the next exception and finally after some of them it results the game to crash which doesnt happen if its not being debugged with x64dbg. (Also doesnt happen when debugging with cheat engine though).

@blaquee
Contributor
blaquee commented Feb 9, 2017 edited
  1. Are you using any plugins? Which ones.
  2. When it crashes inside the debugger, can you see what the Call Stack looks like? (Call Stack Tab) Show us
  3. Check the Logs window as well for possible more information
  4. Any AV software running? Or any program that could be injecting code into the process.

Unfortunately I dont have the game so there is little I can do with the information provided.

@Yothri
Yothri commented Feb 9, 2017
  1. I am using only SwissArmyKnife Plugin mainly for finding addresses or functions with signatures.

image Stack, seems pretty empty tho. LOL
3. image Logs window.
4. I am not using any AV software, except microsofts windows defender. I noticed yesterday that when Team Viewer is running, it injects in any process a dll, but i made sure for now that this doesnt happen. So no, basically there should not be another process injecting any code into the games process.

Game is free to play xD
What i can do tho is, what i just noticed is, to install game on my laptop and try if it happens there too.

@mrexodia
Member
mrexodia commented Feb 9, 2017

Your log only shows one exception.

@Yothri
Yothri commented Feb 9, 2017

I can press so many times on continue and the log gets bigger:

Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 013160D0 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 74D849AA (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Erste Ausnahme[First chance exception] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!
Last chance exception [Ausnahme] bei 012D3710 (C0000005, EXCEPTION_ACCESS_VIOLATION)!

@skillax
skillax commented Feb 10, 2017

There's a mention of 'Thread created' in your log (TLS callback ?); it's likely the app is actually changing memory-page access-rights. Goto the 012D3710 address in Disassembly and check what memory address it's trying to access; if it's not 00000000 but a real address, look it up in the Memory Map tab and check it's access rights; it's probably missing R and/or X; try adding those permissions and then resume ...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment