-
Notifications
You must be signed in to change notification settings - Fork 146
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problems in Windows 10 DLL profile generation #792
Comments
We are aware that drakpdb (component used in drakvuf-sandbox to generate profiles for DLLs) has been broken for some time now (probably something change in the PDB format / microsoft API). We are looking for a replacement for this module. As a temporary workaround, I can suggest manual intervention and performing steps from https://drakvuf.com under |
Well that does not work either, even on older versions as I mentioned , which is why I'm confused , if it's pdb format issue then this should be with newer versions of pdbs and dlls , I'm actually trying it with older versions of windows 10,
Same issue happens with win32k.sys , apparently @tklengyel encountered a similar issue with win32k.sys with Windows 10 1903 , yet was there anyone able to create profiles for ole32 or other dlls ? ole32 is required for filetracer , and some other profiles are required for other plugins to work properly. |
This issue is regarding the profile generation from drakpdb & pdbconv , I have been trying numerous times to generate profiles for modules or DLLs from Windows 10 , but they always fail due to the unhandled leaf type, after some searching, I understand this is because of Microsoft allowing C++ types into modules such as win32k.sys and other DLLs/modules , yet I can't find a proper way to generate the profiles for the required DLLs. I tried checking out DIA , but still unable to get grasp on how to use it to build a profile.
I have tried different Windows 10 builds & version :
I'm trying to build profiles for the dlls to be able to use drakvuf plugins (ole32 for filetracer , etc ... ), if there are pre-existing profiles for a specific version would be greatif someone could share those and I will use them with the appropriate windows version.
Also if anyone has an idea why I'm encountring this issue although I've tried using the recommended windows 10 2004 , hopefully the answers shared in this issue might help and be sort of guide for anyone who encounters the same issue.
The text was updated successfully, but these errors were encountered: