Sample trcapi is causing an exception on a .NET (64 bit COR) executable #273
Labels
bug
Something isn't working
Comments
|
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x4736733c This might be related to #54 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
I am using trcapi to trace a malware sample. The malware sample executes normally without trcapi. However,
with tracapi(withdll.exe 64 bit since it is 64 bit COR), it is raising an exception.
The malware sample doesn't seem to have any anti-debug anit-hooking check.
Command-line test case
withdll.exe /d:trcapi64.dll Installer.exe
Expected behavior
Installer.exe creates a suspended process InstallUtil.exe. so we are expecting to see a CreateProcess event.
But it crashed half way:
20230124111232276 3532 50.60: trcapi64: 001 -RaiseException(,,,) ->
20230124111232276 ---- --.00: Error 1810889600 in (null).
Additional context
I am still trying to debug it and narrow down the issue a bit.
The text was updated successfully, but these errors were encountered: