search

mandiant / STrace

A DTrace on Windows Reimplementation
MIT License
328 stars 41 forks source link

DLL imports fails. #5

Closed ghost closed 2 years ago

ghost commented 2 years ago

it seems that after using some kernel32.lib apis : the tool returns :

12:10:06.446  INF #3  14976  Log has been initialized.
12:10:06.446  INF #3  14976  Starting DLL load
12:10:06.446  ERR #3  14976  [!] DLL Imports GetPrivateProfileStringA from KERNEL32.dll. Imports are not supported...fatal
12:10:06.446  ERR #3  14976  [!] DLL Imports GetFullPathNameA from KERNEL32.dll. Imports are not supported...fatal
12:10:06.446  ERR #3  14976  [!] DLL Load Failed
12:10:06.446  ERR #3  14976  [!] Plugin Loading Failed

or is it limited to the KernelLand apis only ?

stevemk14ebr commented 2 years ago

correct only kernel imports, specifically from ntoskrnl.exe are allowable.