Windows earliest injection

[derekbruening]

From derek.br...@gmail.com on November 25, 2009 15:18:06

this was PR 204587 issue #157 enables injecting at the very start of the init APC. we just need to write a bootstrap loader that can then invoke our private loader: perhaps by hooking up the DR lib imports, or having a self-contained loader that makes raw syscalls.

Original issue: http://code.google.com/p/dynamorio/issues/detail?id=234

[derekbruening]

From bruen...@google.com on November 27, 2011 10:05:28

adding an important note for anyone who later debugs issues with early injection: attaching windbg invasively masks problems with ntdll not being initialized as windbg's thread runs LdrInitializeThunk. and of course attaching non-invasively does not allow execution. that means the debugger can be used only to examine DR state or ntdll/PEB state (if non-invasive) and leaves printf-style debugging as the only recourse for handling crashes, etc.

Status: Started

[derekbruening]

Adding summary info as this issue was not updated very well with all the work that went into it years back: earliest injection is implemented (-early_inject_map -early_inject_location 5) for same-arch with no client support. The main reason it has languished is client support (xref #980).