mona.py hangs at step 1 of 7 during ROP gadget generation; error trying to process kernel32 and kernelbase.dll

[impost0r]

Expected behavior

mona.py completes the ropchain/rop chain creation function.

Actual behavior

mona.py hangs at Step 1/7 for finding gadgets for VirtualProtect, outputting the following. (See picture below.)

Steps to reproduce the problem

Open WinDBG x86, attach to an already running x86 program; and run .load pykd.pyd; followed by either !py mona rop or !py mona rop -m kernel32.dll

Other useful information (mona version, debugger & debugger version, OS version, etc)

Latest pykd, (0.3.2.2), Latest mona.py revision (2.0 r599), Windows 10 Pro x64, WinVer 1809, WinDBGx86. I have used this against my target along with !py mona rop -m kernel32.dll (Presumably) both progress to another error (this was after me going to sleep) which I regret not logging, mentioning .symfix. Same results. - Run in a vanilla FLARE_VM, aside from software I am trying to exploit. _NT_SYMBOL_PATH = srv*c:\symbols*http://msdl.microsoft.com/download/symbols

Have had issues with mona/windbglib in the past, reference here

Edit: Seems to be a symbol problem. Taking a VM snapshot and will experiment. I'm a primary Linux guy, any help is appreciated.

^ Related error.

tier0.dll is a proprietary, non-standard .dll - could this be why?

[corelanc0d3r]

any updates ?

[impost0r]

Sorry for the extremely long wait for a reply. Was busy with other stuff. This is now closed as it's no longer relevant.

Regards.