unicorn_pe icon indicating copy to clipboard operation
unicorn_pe copied to clipboard

Published 20 hours ago verified publisher icon hzqst

ManualMap failed

Open stdhu opened this issue 2 years ago • 3 comments

After I compiled it myself, I used the compiled program to analyze a 64-bit sys I wrote, but so did the 64 bits exe file, which was always manualmap failed。

sys: API emulation callback not registered: ntoskrnl.exe!DbgPrintEx called from imagebase+0x1025 BlackBone: ManualMap: Unmapping image 'myfirstdriver.sys' BlackBone: Free: Free at address 0x000001DCF04A0000 BlackBone: ManualMap: Unmapping image 'ntoskrnl.exe' BlackBone: Free: Free at address 0x000001DCF26A0000 uc_emu_start return: 0 entrypoint return: ffff10a0c2ae0d4c last rip: 1dcf04a101f (myfirstdriver.sys+101f) BlackBone: Free: Free at address 0x000001DCF0470000 BlackBone: Free: Free at address 0x000001DCF0490000 BlackBone: Free: Free at address 0x000001DCF0480000

exe: LdrLoadDllByName failed to MapImage dxcore.dll, status C0000034 BlackBone: Allocate: Allocating at address 0x000001D1A5B80000 (0x1000 bytes) BlackBone: Allocate: Allocating at address 0x000001D1A5B90000 (0x1000 bytes) BlackBone: Allocate: Allocating at address 0x000001D1A5BA0000 (0x4000 bytes) BlackBone: ManualMap: Mapping image 'ext-ms-win-gdi-desktop-l1-1-0.dll' with flags 0x1d001 BlackBone: ManualMap: Failed to load image 'ext-ms-win-gdi-desktop-l1-1-0.dll'/0x0000000000000000. Status 0xC0000034 BlackBone: Free: Free at address 0x000001D1A5B80000 BlackBone: Free: Free at address 0x000001D1A5B90000 BlackBone: Free: Free at address 0x000001D1A5BA0000 LdrLoadDllByName failed to MapImage ext-ms-win-gdi-desktop-l1-1-0.dll, status C0000034 BlackBone: ManualMap: Performing security cookie initializtion for image 'user32.dll' BlackBone: ManualMap: Performing security cookie initializtion for image 'test.exe' BlackBone: Free: Decommit at address 0x000001D1A9E45000 (0x1000 bytes) BlackBone: Free: Decommit at address 0x000001D1A9B83000 (0x1000 bytes) unknown API called called from imagebase+0x70e7c BlackBone: ManualMap: Unmapping image 'test.exe' BlackBone: Free: Free at address 0x000001D1A7380000 BlackBone: ManualMap: Unmapping image 'user32.dll' BlackBone: Free: Free at address 0x000001D1A99F0000 BlackBone: ManualMap: Unmapping image 'gdi32.dll' BlackBone: Free: Free at address 0x000001D1A9E20000 uc_emu_start return: 0 entrypoint return: 1 last rip: 1d1a73f0e76 (test.exe+70e76)

stdhu avatar May 21 '22 03:05 stdhu