-
Notifications
You must be signed in to change notification settings - Fork 566
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Windows earliest injection #234
Comments
From [email protected] on November 27, 2011 10:05:28 adding an important note for anyone who later debugs issues with early injection: attaching windbg invasively masks problems with ntdll not being initialized as windbg's thread runs LdrInitializeThunk. and of course attaching non-invasively does not allow execution. that means the debugger can be used only to examine DR state or ntdll/PEB state (if non-invasive) and leaves printf-style debugging as the only recourse for handling crashes, etc. Status: Started |
Adding summary info as this issue was not updated very well with all the work that went into it years back: earliest injection is implemented (-early_inject_map -early_inject_location 5) for same-arch with no client support. The main reason it has languished is client support (xref #980). |
From [email protected] on November 25, 2009 15:18:06
this was PR 204587 issue #157 enables injecting at the very start of the init APC. we just
need to write a bootstrap loader that can then invoke our private loader:
perhaps by hooking up the DR lib imports, or having a self-contained loader
that makes raw syscalls.
Original issue: http://code.google.com/p/dynamorio/issues/detail?id=234
The text was updated successfully, but these errors were encountered: