Blackbone icon indicating copy to clipboard operation
Blackbone copied to clipboard

Published 20 hours ago verified publisher icon DarthTon

mmap fails resolving dependencies' import table(user32.dll)

Open krinitsa opened this issue 6 years ago • 3 comments

Host Machine: Windows 10 x64 ver 10.0.17672.1000 (Also happens in Win 8.1) Target DLL: C:\windows\system32\user32.dll

Test Scenario, a simple executable that maps random executables. I've tried mapping putty.exe , notepad.exe, all of the above failed to be mapped. The sole process that was successfully mapped was calc.exe (As given in your example)

mmap() fails resolving user32.dll's import table at my machine (it doesn't find the function SetClassLongPtrA).

Problematic function: ProcessModules::GetExport

krinitsa avatar May 31 '18 13:05 krinitsa

@DarthTon looks like ASLR needs to be enabled

krinitsa avatar Jun 03 '18 15:06 krinitsa

But ASLR is enabled by default in windows.

DarthTon avatar Jun 03 '18 21:06 DarthTon

Not for debug. Once I map my process as debug. It fails. ASLR is disabled by default

krinitsa avatar Jun 04 '18 00:06 krinitsa