Reverse Engineering Asked by user1743 on July 19, 2021
Using tools like strace I can figure out the signals a program receives as it executes, regardless of whether or not signal handlers for those signals have been defined.
[EDIT]
In order to do the same on Windows I’m following what’s mentioned here. I tested it by having a test process sleep at the start for about 20 seconds, then crash by jumping to 0x41414141. As it sleeps I attach procdump.exe to the process and then monitor the exceptions in procmon.exe. Is there a way I can do this without the sleep? I tried running it from OllyDbg and then attaching procdump.exe but the message would say that the process is already being debugged.
Any advice on how I could proceed?
You can just use the -x command line argument for ProcDump:
-xLaunch the specified image with optional arguments. If it is a Store Application or Package, ProcDump will start on the next activation (only)....
Launch a process and then monitor it for exceptions:
C:>procdump -e 1 -f "" -x c:dumps consume.exe
Correct answer by Jason Geffner on July 19, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP