Workaround the problem of Dynamorio not being able to execute some targets

ncatlin / rgat

An instruction trace visualisation tool for dynamic program analysis

Apache License 2.0

366 stars 33 forks source link

Workaround the problem of Dynamorio not being able to execute some targets #21

Closed ncatlin closed 3 years ago

ncatlin commented 8 years ago

This is somewhat tricky to raise a DynamoRIO issue for since you have to execute live malware to reproduce it, but lots of sameples (eg TeslaCrypt, Shylock) will make DynamoRIO nope out with

ERROR: Failed to create process for [target path]

This might be an internationalisation issue

ncatlin commented 8 years ago

KeePass 2 also fails with

ERROR: unable to inject: exec of |(null)| failed

ncatlin commented 7 years ago

Used pe-parse to add some "this won't run" warnings for managed binaries

ncatlin commented 3 years ago

Closed due to move to Pin