首页
论坛
课程
招聘
[OllyDbg 1.x] [转帖]ZwQueryObject-Fix 1.0.0.0 by Leecher
2013-7-11 09:08 8387

[OllyDbg 1.x] [转帖]ZwQueryObject-Fix 1.0.0.0 by Leecher

2013-7-11 09:08
8387
ZwQueryObject-Fix 1.0.0.0 by Leecher
FIX for ZwQueryObject hang on file objects that have FO_SYNCHRONOUS_IO set. There is a "bug" in Win32 that hangs calls to ZwQueryObject and other functions when the queried handle has this flag set, as the Syscall is waiting forever.
OllyDbg suffers from this bug as it reads certain handle information after it hits a breakpoint. This then leads to a freeze of the debugger. This plugin tries to fix it by hooking the functions:
NtQueryObject (ntdll.dll)
GetFileType (kernel32.dll)
that get used by OllyDbg, which can cause the lockup and let them process the queries in a separate thread with a timeout of 1 sec. If the call hangs, an error is returned to OllyDbg and the debugger doesn't freeze anymore.


[公告]5月14日腾讯安全零信任发展趋势论坛重磅开幕!邀您一起从“零”开始,共建信任!!

上传的附件:
收藏
点赞1
打赏
分享
最新回复 (2)
雪    币: 247
活跃值: 活跃值 (52)
能力值: ( LV4,RANK:50 )
在线值:
发帖
回帖
粉丝
chengqiyan 活跃值 2013-9-26 20:55
2
0
收藏了  最近搞这个程序老无响应。。
雪    币: 8
活跃值: 活跃值 (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
赵建新 活跃值 2016-3-20 07:03
3
0
什么东东
游客
登录 | 注册 方可回帖
返回