![]() ![]() ![]() The app doesn't seem to be crashing either, since I would expect the app to throw the error you included above. Right, after looking further my comment about createThread seems to be incorrect. The injected DLL itself also creates a new thread for the actual dumping that occurs. What do you mean exactly that it blocks CreateThread by the way? Is this in the injected DLL or in the injector itself and how did you derive that it's this? The injector runs CreateRemoteThread which pretty much gets the target process to run CreateThread. It also is capable of blocking it even with a suspended process somehow. If the crash happens at the Injector side then you can see where it crashes on the injector end but if DoubleAgent doesn't even seem to be able to get in then what it is probably doing is blocking the addition of loading additional DLLs at all somehow despite DoubleAgent being able to inject very early in the process creation. Which would allow you to pick a debug program like visual studio or ida or something to see the exact memory location, instructions, thread, and callstack where the crash occured. Usually when a program crashes you'd be presented with some way to pick between closing the program or attempting to debug it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |