CreateProcess DEBUG_PROCESS fails to show any window
- From: Layne <sludge@xxxxxxxxxxx>
- Date: Fri, 07 Dec 2007 01:48:26 -0500
I cannot for the life of me sort this out.
Logged in as Admin, Admin clone, Power User, User all applies
Anytime I run an application that calls CreateProcess with a
DEBUG_PROCESS or DEBUG_ONLY_THIS_PROCESS whether it's one I wrote or
you wrote, it creates the proc with a valid thread and proc handle
returned showing fine in Task Man but the window fails to load.
However, the strangest part is OpenProcess with PROCESS_ALL_ACCESS
then DebugActiveProcess works like a charm
Two workarounds to this problem :
IF I create an appication without debugging info and the target app to
load has no debug info CreateProcess with DEBUG flag loads the process
just fine, however I can't debug it of course.
The other is to AdjustToken on the valid proc handle I get from
CreateProc be either suspending the thread or creating a thread to go
do it while I wait, then resuming the new thread with the new
descriptor and the window loads just fine.
Now, fixes I have tried :
I scanned thoroughly in safe mode for all sorts of adware, trojans,
corruptions, triple checked Debug Apps privileges in LocPol and reset
SeDebugPriv more than once to be sure. I checked that I owned the
apps, along with SYSTEM of course and have full rights to the exes. I
tried Run As.. I've ran them from a console, used different accounts,
scanned some more for virri, scan disk, defrag, registry checks.
I have WndDbg installed along with retail symbols, didnt get checked
so not all match the dlls but verified them and then renamed the dll
symbol dir and still nothing. Ran Proc Explorer and verfied
everything, looked at the call stack of the "frozen app" stuck on
NtDll at an int3h call some exeswith only 4 pages committed some with
maybe 7 but all very small footprints, like it's stuck at the loader.
I am trying here as a last resort before reinstalling or how do I go
about getting rid of the debug tools for windows to see if maybe that
will help or uninstalling the symbols package - I did not save the
unsinatll info on them as I didn't want anything to happen and they
get dleeted or tampered with.
I'm currently dling Comodo to replace Kirrio Personal Firewall which
has turned into a piece of crap firewall for me using Messenger ports
to try and communicate and uploading my everyt move to their FTP
server has gotten old as Im on dial up and it tries to fire up my
modem. Thinking maybe app behavior blocking is casuing the prob and a
rootkit analyzer shows fwdrv.sys from Sunblet has hooked
ZwCreateProcess and maybe that's the prob.
So thanks if you've read this far and any help would be much
appreciated. Thank you kindly.
.
- Prev by Date: windbg reference
- Next by Date: vsjitdebugger error?
- Previous by thread: windbg reference
- Next by thread: vsjitdebugger error?
- Index(es):
Relevant Pages
|
