drltrace icon indicating copy to clipboard operation
drltrace copied to clipboard
verified publisher icon mxmssh

drltrace can't output the trace of child process

Open whuang328 opened this issue 6 years ago • 4 comments

Thanks for all the contribution and information in drltrace. I have just started the research of binary analysis in Windows. And I am trying to apply drltrace on my research to trace the library calls of Adobe Acrobat DC reader. However, I suffered from an issue that I can't get the Adobe related dll such as 'JP2KLib.dll' by applying -only_to_lib flag on drltrace.

My command is ".\drltrace.exe -logdir D:\Winfuzz_test\drltrace_win_x32\log -only_to_lib "JP2KLib.dll" -- "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" D:\Winfuzz_test\test\1.pdf"

And the environment is Windows 7 with visual studio 2013.

After I tried it on Acrobat Reader 9.0, I can successfully get the 'JP2LLib.dll' in the trace. Maksim told me that maybe the reason is that Acrobat Reader DC will call 'JP2Klib.dll' in its child process, but drltrace can't get the log of the child process now. Can you help me to examine this issue? Thanks for all the help and information.

whuang328 avatar Feb 09 '19 00:02 whuang328

Thank you for opening this issue. Could you try debug version of drltrace on latest Adobe? https://github.com/mxmssh/drltrace/releases/download/0.9d/drltrace_win32_debug.rar

mxmssh avatar Feb 09 '19 07:02 mxmssh

Dear Maksim,

Thanks for the quick update. I will try it tonight and reply it to you as soon as possible.

Sincerely, Wei-Han

取得 iOS 版 Outlookhttps://aka.ms/o0ukef

From: Maksim Shudrak [email protected] Sent: Saturday, February 9, 2019 2:26:26 AM To: mxmssh/drltrace Cc: Huang, Wei-Han; Author Subject: Re: [mxmssh/drltrace] drltrace can't output the trace of child process (#15)

Thank you for opening this issue. Could you try debug version of drltrace on latest Adobe? https://github.com/mxmssh/drltrace/releases/download/0.9d/drltrace_win32_debug.rar

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/mxmssh/drltrace/issues/15#issuecomment-462021750, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AlhxiN-_-PWQAUAbYgYUG36XYSR0cW3_ks5vLngigaJpZM4ayJAl.

whuang328 avatar Feb 09 '19 16:02 whuang328

It can get the dll such as 'JP2KLib.dll' now. Thanks for all the contribution and help.

whuang328 avatar Feb 12 '19 05:02 whuang328

Great, thank you for feedback. The question is why release version doesn't work :)

mxmssh avatar Feb 12 '19 05:02 mxmssh