search

macote / Winook

Winook - .NET thread-level hooks library
MIT License
81 stars 13 forks source link

A process injected with Winook 1.1.0 may crash #21

Closed macote closed 3 years ago

macote commented 3 years ago

C1rdec/Poe-Lurker#231

Same process injected with version 1.0.1 works just fine.

neal5227 commented 3 years ago

Windows 10 Pro English (Australia) AMD Ryzen 5 3600 16GB ram GTX 970

Let me know if you need more info.

macote commented 3 years ago

Can you paste the error information that can be found in Event Viewer? See How do I find event logs when a program crashes?.

neal5227 commented 3 years ago

Faulting application name: PathOfExile_x64.exe, version: 0.0.0.0, time stamp: 0x6008b964 Faulting module name: ntdll.dll, version: 10.0.19041.662, time stamp: 0x27bfa5f0 Exception code: 0xc000041d Fault offset: 0x000000000009fde4 Faulting process id: 0x15e0 Faulting application start time: 0x01d6f4feb2f7c8f6 Faulting application path: C:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile_x64.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 9a77d1dc-64e6-4c04-ae9a-8697c10c568d Faulting package full name: Faulting package-relative application ID:

neal5227 commented 3 years ago

that was from a couple of days ago, but I've just run the old version of PoELurker again and PoE throws 3 errors from modules, ntdll.dll, KERNELBASE.dll and an unknown module. I'll paste all 3 below.

neal5227 commented 3 years ago

Faulting application name: PathOfExile_x64.exe, version: 0.0.0.0, time stamp: 0x60110795 Faulting module name: ntdll.dll, version: 10.0.19041.662, time stamp: 0x27bfa5f0 Exception code: 0xc000041d Fault offset: 0x000000000009fde4 Faulting process id: 0x4934 Faulting application start time: 0x01d6f69327d02233 Faulting application path: C:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile_x64.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 455bdf17-bb47-402c-9057-fce2e8c8960d Faulting package full name: Faulting package-relative application ID:

neal5227 commented 3 years ago

Faulting application name: PathOfExile_x64.exe, version: 0.0.0.0, time stamp: 0x60110795 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0x20474343 Fault offset: 0x0000000000000000 Faulting process id: 0x4934 Faulting application start time: 0x01d6f69327d02233 Faulting application path: C:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile_x64.exe Faulting module path: unknown Report Id: 961fb97d-7509-484a-920f-d8788e2032d9 Faulting package full name: Faulting package-relative application ID:

neal5227 commented 3 years ago

Faulting application name: PathOfExile_x64.exe, version: 0.0.0.0, time stamp: 0x60110795 Faulting module name: KERNELBASE.dll, version: 10.0.19041.662, time stamp: 0xec58f015 Exception code: 0x20474343 Fault offset: 0x000000000002d759 Faulting process id: 0x4934 Faulting application start time: 0x01d6f69327d02233 Faulting application path: C:\Program Files (x86)\Grinding Gear Games\Path of Exile\PathOfExile_x64.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 6ddb01af-0435-4452-8800-023561c75986 Faulting package full name: Faulting package-relative application ID:

macote commented 3 years ago

Thanks! That will be helpful in my troubleshooting.

macote commented 3 years ago

@C1rdec, can you please create a Lurker build with this version? I simply restored the code like it was in 1.0.1.

@neal5227, if you have chance, please test the Lurker build that C1rdec will create.

Thank you both.

C1rdec commented 3 years ago

@neal5227 Tested a version with v1.1.1 and the process did not crash.

macote commented 3 years ago

Deployed v1.1.1 to NuGet.