Axel Souchet
Axel Souchet
Firefox on Windows hooks `kernel32!BaseThreadInitThunk` which prevents the remote thread to start in the target, see https://dxr.mozilla.org/mozilla-central/source/mozglue/build/WindowsDllBlocklist.cpp#821: ``` 0:032> u kernel32!BaseThreadInitThunk KERNEL32!BaseThreadInitThunk: 00007ff8`550d81e0 49bb0064453af87f0000 mov r11,offset mozglue!patched_BaseThreadInitThunk (00007ff8`3a456400) 00007ff8`550d81ea 41ffe3...
Currently the clairvoyance file is pretty 'dumb'; it is ASCII and not compressed. It'd probably be a good idea to store it differently. Note that I haven't bothered to do...
In https://github.com/0vercl0k/wtf/issues/101, there is a dump file with a `DumpType = 9` which isn't supported by `kdmp-parser`. Based on the investigation, this seems to be newish and only available in...
Explore the possibility to use a `setup.py` and to have `kdmp` available on pip
As an example, most of `nt`'s section are `pageable` (also true for any other drivers) which means the memory manager can page out those sections of code. This leads to...
The issue when I use `wtf` is symbolizing traces too often - every invocation needs a lot of arguments and it just makes it annoying to run it several times....
Hello, The following bytes '\x44\x0f\xf8\x41\x8b' (disassembled as `psubb mm0,mmword ptr [rcx-75h]` by windbg) triggers an off-by-one in the `RegistersMMX` global variable: ```c++ void __bea_callspec__ fillRegister(int index, OPTYPE* pMyOperand, PDISASM pMyDisasm)...
Hello, I'm hitting an OOB read access in the below code: ```c++ void __bea_callspec__ FixOpSizeForMemoryOperand (PDISASM pMyDisasm) { int i = GV.MemDecoration / 100; if (ArgsSize[GV.MemDecoration - (i*100+1)] != 0)...