New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Automatically attaching x32dbg to this program fails on respawn #1969

Open
asutoshpalai opened this Issue Jun 22, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@asutoshpalai

asutoshpalai commented Jun 22, 2018

Debugger version: June 19 2018
Operating system: Win 7 Ultimate SP1 64bit
Program: http://www.malshare.com/sample.php?action=detail&hash=c6be1119d2cd2cb9a61b70a285e4217e

Warning: The sample is a malware, don't run it on your regular machine. I would suggest using a VM.

I have set x32dbg as JIT for this program and on running it x32dbg is successfully started and attached to the program. When the program respawns itself, the new x32dbg fails to start with the error "The program can't start because x32bridge.dll is missing from your computer. ..."

Reproduction steps:

  • Set x32dbg as debugger using GFlags.exe for the program.
  • Run the program, x32dbg starts. Hit continue twice (past the entry breakpoint) without setting any breakpoints.
  • The program respawns itself. The new x32dbg fails to start showing the above-mentioned error message.

Screenshot

Note: Observed the same behaviour on a very old version (July 27 2017)

@mrexodia

This comment has been minimized.

Member

mrexodia commented Jun 24, 2018

Generally you cannot use x32dbg.exe for GFlags directly. Does the same happen if you set x96dbg.exe ?

@asutoshpalai

This comment has been minimized.

asutoshpalai commented Jul 3, 2018

Thank you for your attention, and sorry for the late reply, I missed the comment notification.

Generally you cannot use x32dbg.exe for GFlags directly.

oh, I didn't know that, had been using x32dbg.exe directly for a long time. Thanks, good to know.

Does the same happen if you set x96dbg.exe ?

I tried with x96dbg and that didn't work too, but something different happened.

As with x32dbg, with x96dbg the first launch (double-clicking the executable) was attached successfully. But upon respawn, it asked me the location of x32dbg.exe first, then x64dbg.exe, then showed the dialogue box that is shown when we launch x96dbg independently. I supplied the correct locations.
Clicking either of the options in the final dialogue box opened a fresh instance of the debugger, but the respawned process was neither created nor attached.

Screenshots attached.

2018-07-03_09-18-37-702x497

Asking the location of x32dbg.exe

2018-07-03_09-19-10-714x490

Asking the location of x64dbg

2018-07-03_09-19-32-323x122

The final dialog.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment