APP CRASH MoveFileExW import issue #2658
Comments
|
If you look at the imports of your client lib ("dumpbin /imports winafl.dll") and find the pseudo-dll "api-ms-*.dll" where this import is supposed to come from, and then compare to our list at https://github.com/DynamoRIO/dynamorio/blob/master/core/win32/loader.c#L1354 mapping those to real dlls, perhaps you could submit a simple patch to fix it? Sometimes the mappings are different on win7 vs win10 though. |
|
Is the issue with the client lib? The library I'm using (winafl.dll) doesn't import MoveFileExW, nor does it appear to use any pseudo-dlls. The binary that is to be instrumented (Test_MoveFileExW.exe) contains the import for MoveFileExW, but it also doesn't appear to attempt to import from a pseudo-dll. I happen to have a Windows 10 VM as well, and kernelbase.dll on that platform does export MoveFileExW. |
|
Yes, the issue is with DR's private loader failing to load the client lib. (Our loader is not used on the application, only the client.) It won't matter what application you run. From the log: So it's these new-ish VC runtime libs. |
|
我也遇到这种问题,但是我没办法提供更加详细的信息。因为我还不太会使用这个软件。但是它一直报这种错误,请问应该怎么处理这个问题 |
|
我是使用命令:drrun.exe -t drstrace -- notepad之后出现这种问题的 |
|
Hello @impter, please post your comments in English as we are not able to translate from Chinese. Thanks. |
|
I have the same problem. |
|
I have a job to how to use DynamoRIO.but now i am confused.I can not find some message for the problem.The Internet do not have enough message for this. |
|
@impter if you're having the same issue as @meridumates see @derekbruening 's response at #2658 (comment) |
|
Just to spell it out further: if the API set mappings are different on win7 and win10, please submit a Pull Request which checks the version and maps your imported API pseudo-dll to the proper version for win7, if our current code is targeting win10. |
|
I have the same problem. |
|
The mapping code is here: https://github.com/DynamoRIO/dynamorio/blob/master/core/win32/loader.c#L1466 Find out what API-MS-Win-Core-File-L2-1 maps to on your OS. As mentioned, we would be happy to take a Pull Request which checks the version and maps this pseudo-dll to the proper library for win7. |
|
@derekbruening I have solved this problem with making custom build. Just downloaded source and built on my PC. |
You mean there is some recent change since 7.1.0 which fixed this on Win7? |
|
|
I have this exact same problem with DynamoRio 7.1.0, and I can confirm that it doesn't happen with a custom build from master. Details: Built DynamoRio 5d5227 with DrMemory 6227fe. This is a X86 build (X64 is failing for me), done on a Windows 7 machine. |
|
For just a DynamoRIO build, any recent weekly cronbuild https://github.com/DynamoRIO/dynamorio/wiki/Latest-Build will have the fix: no need to build from sources. For DrMemory: looks like it should have its DR updated. |
Thanks, but I'm looking for a DrMemory build instead ;-)
I tried building the latest DrMemory with "correct" DynamoRIO (I just discovered you're using git submodules - that should be in the documentation somewhere). That one, too, doesn't have the problem |
It is: https://github.com/DynamoRIO/drmemory/wiki/UpdatingDR, https://github.com/DynamoRIO/drmemory/wiki/Workflow instructing to use devsetup.sh which does the submodule commands for you, etc. |
|
DynamoRIO/drmemory@dc9f8d4 just updated DR to 5121dd0. Sounds like this issue is resolved. |
The API-MS-Win-Core-File-L2-1 pseudo-dll is provided by kernel32.dll on Windows 7, instead of kernelbase.dll as it is on all later versions. Issue: #2658
|
This may not actually be fixed but instead was masked somehow? See DynamoRIO/drmemory#2440. I have a PR to properly fix it. |
The API-MS-Win-Core-File-L2-1 pseudo-dll is provided by kernel32.dll on Windows 7, instead of kernelbase.dll as it is on all later versions. Issue: #2658
Updates DR to 5e27a982 to fix DynamoRIO/dynamorio#2658 where Windows 7 has imports in kernel32.dll which are in kernelbase.dll on all subsequent Windows versions. Issue: #2440, DynamoRIO/dynamorio#2658
Updates DR to 5e27a982 to fix DynamoRIO/dynamorio#2658 where Windows 7 has imports in kernel32.dll which are in kernelbase.dll on all subsequent Windows versions. Issue: #2440, DynamoRIO/dynamorio#2658 Fixes #2440
|
Hi, Is there a permanent fix for the Win 7 import error (#2441) that is discussed in this thread? Last update by @derekbruening says updated DR to 5e27a98 to fix the issue. Not sure how I install it on my Win 7 x64 host. Do i need to download the DR and manually build it? Any help is appreciate as I am new to this. My usage is limited to analyzing malware. for ex., I use dstrace this way, dstrace -- calc.exe to capture the system calls on a malicious file. I tried installing MSI and zip from both cronbuild-2.5.19128 and 2.4, but getting the error.
Unable to load client library: import MoveFileExW not found in KERNELBASE.dll Any help is appreciated. Thanks, |
|
drmemory cronbuild-2.5.19128 should have the PR #2440 fix so we would expect it to solve this problem. I would suggest generating the DR debug logs ( |
|
I am getting the same issue on win7 64 running a 32bit app with the MoveFileExW on the current latest build from the download page. |
|
Getting the latest 2.4.128 fails with: The program can't start because I've just noticed that this thread is closed, so I'll go look for another! |
What version of DynamoRIO are you using?
DynamoRIO-Windows-7.0.0-RC1
Does the latest build from
https://github.com/DynamoRIO/dynamorio/wiki/Latest-Build solve the problem?
This is the latest
What operating system version are you running on?
Windows 7, x64 EN
What application are you running?
Test_MoveFileEx.exe, which is a simple console application that calls a single function (MoveFileExW).
Is your application 32-bit or 64-bit?
32-bit debug build
How are you running the application under DynamoRIO?
<drrun.exe -c winafl.dll -target_module Test_MoveFileEx.exe -target_offset 0x20 -fuzz_iterations 10 -nargs 1 -- Test_MoveFileEx.exe>
What happens when you run without any client?
Test_MoveFileEx.exe performs as expected (moves a file)
What happens when you run with debug build ("-debug" flag to
drrun/drconfig/drinject)?
App crash occurs as well
What steps will reproduce the problem?
What is the expected output? What do you see instead? Is this an
application crash, a DynamoRIO crash, a DynamoRIO assert, or a hang (see
https://github.com/DynamoRIO/dynamorio/wiki/Bug-Reporting and set the title
appropriately)?
The expected output is for the executable to run to completion ten times. The closest description that matches this issue is "APP CRASH," since the application does in fact crash.
Please provide any additional information below.
The issue appears to be with how DynamoRIO attempts to import MoveFileExW. On the version of Windows I am running, MoveFileExW is only exported by kernel32.dll. However, DynamoRIO attempts to import MoveFileExW from kernelbase.dll. The import fails (and a DynamoRIO notification message pops up), and the app crashes immediately afterwards
Test_MoveFileEx.exe.0.5436.txt. Attached is the log (.html saved as .txt) file generated with the log level set to three. Search for "MoveFileExW" to find a good starting reference.
The text was updated successfully, but these errors were encountered: