When you want to know what went wrong in loading the process.
My sources:
Entry Point Not Found, and other DLL Loading Problems
Microsoft System Journal, Under the Hood, September 1999
Basically, they highlight the usage of Windows Debugging Tools utility Global Flags.
It should be able to add a flag "Show Loader Snaps" to the target process.
Well, it doesn't do anything on my machine. So:
Go to
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options"
Add a key with your EXE name, such as "ConsoleApplication1.exe" (without path)
Add a value to that key, Type: DWORD, name: "GlobalFlag", value 2.
Now run the process under debugger.
Running and external debug messages collectors such as WinDbg or DebugView won't work.
But running it using Visual Studio or Ollydbg, the loader messages are showing in the output window.
yo, this was super useful to me.
ReplyDeletehave an upcoming DEFCON talk about attacking the Windows' loader, and a lot of the work I did was made easier with debugging info.
thanks for sharing!