search

MarioVilas / winappdbg

WinAppDbg Debugger
444 stars 111 forks source link

WinAppDbg cannot debug Metro apps in Windows 10 #39

Open MarioVilas opened 6 years ago

MarioVilas commented 6 years ago

Reason yet unknown.

D:\tools>python pdebug.py --follow calc.exe
WinAppDbg Version 1.6 console debugger
by Mario Vilas (mvilas at gmail.com)

Spawned process (1136)
Started process 1136 at 0x00007ff602d717e0
Started thread 7016 at calc!start
Loaded module (00007FF602D70000) C:\Windows\System32\calc.exe
Loaded module (00007FFEB6490000) C:\Windows\System32\ntdll.dll
Loaded module (00007FFEB3950000) C:\Windows\System32\kernel32.dll
Loaded module (00007FFEB2860000) C:\Windows\System32\KernelBase.dll
Loaded module (00007FFEB48E0000) C:\Windows\System32\shell32.dll
Loaded module (00007FFEB3A10000) C:\Windows\System32\msvcrt.dll
Started thread 7672 at ntdll!RtlReleaseSRWLockExclusive+0x40
Loaded module (00007FFEB37D0000) C:\Windows\System32\cfgmgr32.dll
Loaded module (00007FFEB3820000) C:\Windows\System32\ucrtbase.dll
Loaded module (00007FFEB4820000) C:\Windows\System32\SHCore.dll
Started thread 4436 at ntdll!RtlReleaseSRWLockExclusive+0x40
Loaded module (00007FFEB3FE0000) C:\Windows\System32\rpcrt4.dll
Loaded module (00007FFEB4390000) C:\Windows\System32\combase.dll
Loaded module (00007FFEB3300000) C:\Windows\System32\bcryptprimitives.dll
Loaded module (00007FFEB2AE0000) C:\Windows\System32\windows.storage.dll
Loaded module (00007FFEB3B20000) C:\Windows\System32\advapi32.dll
Loaded module (00007FFEB6330000) C:\Windows\System32\sechost.dll
Loaded module (00007FFEB4330000) C:\Windows\System32\shlwapi.dll
Loaded module (00007FFEB6300000) C:\Windows\System32\gdi32.dll
Loaded module (00007FFEB3380000) C:\Windows\System32\gdi32full.dll
Loaded module (00007FFEB3540000) C:\Windows\System32\msvcp_win.dll
Loaded module (00007FFEB5D20000) C:\Windows\System32\user32.dll
Loaded module (00007FFEB3520000) C:\Windows\System32\win32u.dll
Loaded module (00007FFEB2800000) C:\Windows\System32\kernel.appcore.dll
Loaded module (00007FFEB2840000) C:\Windows\System32\profapi.dll
Loaded module (00007FFEB27B0000) C:\Windows\System32\powrprof.dll
Loaded module (00007FFEB27A0000) C:\Windows\System32\fltLib.dll

Breakpoint (80000003) at address 00007FFEB655CE5C (first chance)

rax=0000000000000000 rbx=0000000000000010 rcx=00007ffeb652a354
rdx=0000000000000000 rsi=00007ffeb65b40f0 rdi=00007ffeb65b47a0
rip=00007ffeb655ce5d rsp=000000c0ffb1f070 rbp=0000000000000000
 r8=000000c0ffb1f068  r9=0000000000000000 r10=0000000000000000
r11=0000000000000246 r12=0000000000000040 r13=0000000000000000
r14=000000c0ffc1b000 r15=0000021102fe0000
iopl=0         no up ei pl zr na pe nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!LdrInitShimEngineDynamic+0x34d:
00007FFEB655CE5D: eb00 jmp ntdll!ldrinitshimenginedynamic+0x34f
1136:7016> continue
Started thread 7068 at ntdll!RtlReleaseSRWLockExclusive+0x40
Loaded module (00007FFEB4300000) C:\Windows\System32\imm32.dll
Started thread 2484 at shcore!Ordinal172+0xa60
Loaded module (00007FFEB46C0000) C:\Windows\System32\ole32.dll
Loaded module (00007FFEB0CE0000) C:\Windows\System32\uxtheme.dll
Loaded module (00007FFEAF270000) C:\Windows\System32\propsys.dll
Loaded module (00007FFEB6390000) C:\Windows\System32\oleaut32.dll
Loaded module (00007FFEB4110000) C:\Windows\System32\clbcatq.dll
Started thread 6760 at combase!CoRegisterPSClsid+0x3c0
Started thread 1848 at ntdll!RtlReleaseSRWLockExclusive+0x40
Loaded module (00007FFEAE280000) C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
Loaded module (00007FFEAA400000) C:\Windows\System32\urlmon.dll
Loaded module (00007FFEA86E0000) C:\Windows\System32\iertutil.dll
Loaded module (00007FFEB2190000) C:\Windows\System32\cryptbase.dll
Loaded module (00007FFE7C3C0000) C:\Windows\System32\ieframe.dll
Loaded module (00007FFEA86C0000) C:\Windows\System32\netapi32.dll
Loaded module (00007FFEAD540000) C:\Windows\System32\version.dll
Loaded module (00007FFEAC710000) C:\Windows\System32\wkscli.dll
Loaded module (00007FFEB22A0000) C:\Windows\System32\bcrypt.dll
Loaded module (00007FFEB1D80000) C:\Windows\System32\netutils.dll
Loaded module (00007FFEA2440000) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.112_none_fb3f961b30681c12\comctl32.dll
Loaded module (00007FFEA1CD0000) C:\Windows\System32\msIso.dll
Loaded module (00007FFE9CC40000) C:\Windows\System32\edputil.dll
Loaded module (00007FFEAD060000) C:\Windows\System32\secur32.dll
Loaded module (00007FFEB26D0000) C:\Windows\System32\sspicli.dll
Loaded module (00007FFE950F0000) C:\Windows\System32\mlang.dll
Loaded module (00007FFEA1E50000) C:\Windows\System32\wininet.dll
Loaded module (00007FFEA23F0000) C:\Windows\System32\Windows.UI.AppDefaults.dll
Loaded module (00007FFEACD20000) C:\Windows\System32\policymanager.dll
Loaded module (00007FFEB01C0000) C:\Windows\System32\msvcp110_win.dll
Loaded module (00007FFEB0B20000) C:\Windows\System32\apphelp.dll
Loaded module (00007FFE9B470000) C:\Windows\System32\twinui.dll
Loaded module (00007FFEAEA40000) C:\Windows\System32\WinTypes.dll
Loaded module (00007FFEB0F30000) C:\Windows\System32\dwmapi.dll
Loaded module (00007FFE9FC40000) C:\Windows\System32\twinui.appcore.dll
Loaded module (00007FFEAEB90000) C:\Windows\System32\CoreUIComponents.dll
Loaded module (00007FFEB1890000) C:\Windows\System32\ntmarta.dll
Loaded module (00007FFEB0860000) C:\Windows\System32\CoreMessaging.dll
Loaded module (0000021104E30000) C:\Windows\System32\CoreMessaging.dll
Unloaded module (0000021104E30000) C:\Windows\System32\CoreMessaging.dll
Loaded module (00007FFEA8350000) C:\Windows\System32\MrmCoreR.dll
Loaded module (00007FFEA7EE0000) C:\Windows\System32\BCP47mrm.dll
Loaded module (00007FFEA7F30000) C:\Windows\System32\Windows.UI.dll
Loaded module (00007FFEA78D0000) C:\Windows\System32\TextInputFramework.dll
Loaded module (00007FFEA7850000) C:\Windows\System32\InputHost.dll
Unloaded module (00007FFEB0F30000) C:\Windows\System32\dwmapi.dll
Unloaded module (00007FFE9B470000) C:\Windows\System32\twinui.dll
Unloaded module (00007FFEA86C0000) C:\Windows\System32\netapi32.dll
Unloaded module (00007FFEAD540000) C:\Windows\System32\version.dll
Unloaded module (00007FFEAC710000) C:\Windows\System32\wkscli.dll
Unloaded module (00007FFEB1D80000) C:\Windows\System32\netutils.dll
Unloaded module (00007FFE7C3C0000) C:\Windows\System32\ieframe.dll
Thread 1848 terminated, exit code 0
Thread 7068 terminated, exit code 0
Thread 4436 terminated, exit code 0
Thread 7672 terminated, exit code 0
Thread 6760 terminated, exit code 0
Thread 2484 terminated, exit code 0
Process 1136 terminated, exit code 0
> q

D:\tools>