yossizap

Thanks for providing the pcap file! Had a more indicative error in winedbg when I was looking into it recently so I'll take another look. Didn't think anyone uses it...

Great! Will still look into it but at least you have other options for now :) Just use gdbserver with r2 instead of gdb.

Will look into it

Sorry, didn't have a ton of time. This is a PE specific issue. https://github.com/radareorg/radare2/blob/35b05d86972f32e8962758c336d4914a757bf1b9/libr/bin/format/pe/pe.c#L341-L348 It uses the baddr from the header instead of using the actual binaddr. Attempting to fix.

That was a separate issue that was misleading. Can't really find any other differences specific to PEs that deal with baddr. This will require more time, maybe I'll be able...

Small note: tested and this doesn't happen in windows. Thanks for debugging and trying to reproduce the issue! > Can a thread be stopped if it is already stopped due...

>I wonder how can it work reliably without stopping all threads when breakpoint is hit Yep, and dbg.threads is only in use in windows debug. Another issue is that unless...

There are still major performance issues on rizin's side that should be fixed before merging.

Working on this issue in PR #1821. If you have any additional suggestions or recommendations based on your experience please add them there.

It happens with all windows binaries. I don't remember the event that caused it but it wasn't trivial to solve this on rizin's side, I'll try to give it another...