Skip to content
GitLab
Open
Issue created by Administrator@rootContributor

Dr. STrace internal crash occurs while attempting to trace a .exe

Created by: scfcode

Describe the bug

I was attempting to use drstrace.exe to follow the execution of a .exe and then a drstrace.exe crash occurs.

The following is the command line I use

C:\Users\scf>c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\bin\drstrace.exe -dr_ops "-dumpcore_mask 0x8bff" -no_follow_children "C:\Program Files\corz\checksum\checksum.exe" vrd("C:\Users\scf\Desktop\Stuff\tw") "C:\ProgramData\myHashes"

To Reproduce Steps to reproduce the behavior:

  1. I downloaded the checksum utility from https://corz.org/windows/software/checksum/#section-Download (I have a problem using that app on my machine where it won't verify the hashes and I was aiming to investigate that with drstrace.exe)
  2. See above. It fails, with or without the dr_ops
  3. I see
C:\Users\scf>c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\bin\drstrace.exe -dr_ops "-dumpcore_mask 0x8bff" -no_follow_children "C:\Program Files\corz\checksum\checksum.exe" vrd("C:\Users\scf\Desktop\Stuff\tw") "C:\ProgramData\myHashes"
<Using system call file c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\drmemory\logs\symcache\syscalls_x64.txt>
<drstrace log file is .\drstrace.checksum.exe.04784.0000.log>
<Application C:\Program Files\corz\checksum\checksum.exe (4784).  Dr. STrace internal crash at PC 0x00000000710cbc4b.  Please report this at http://drmemory.org/issues.  Program aborted.
0xc0000005 0x00000000 0x00000000710cbc4b 0x00000000710cbc4b 0x0000000000000001 0x000000007118dcbc
Base: 0x0000000071000000
Registers: eax=0x0000000000000001 ebx=0x000002313ff84a00 ecx=0xffffffffffffffff edx=0x0000000000000001
        esi=0x00000083aafff118 edi=0x0000000000000000 esp=0x00000083aaffefd8 ebp=0x0000000000000000
        r8 =0x0000000000000008 r9 =0x0000000000000000 r10=0x0000000000000000 r11=0x0000000000000246
        r12=0x0000000000000001 r13=0x0000000000000000 r14=0x00000083aafff600 r15=0x0000000000000000
        eflags=0x0000000000010286
version 7.91.18298, custom build
-no_dynamic_options -logdir 'C:\Users\scf' -client_lib 'c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\bin64\release\drstracelib.dll;0;-symcache_path `c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\logs\symbols\WinTypes.pdb\BB00EF018D604443AE6FFFBC56CB76BD2\WinTypes.pdb` -sysnum_file `c:\Users\scf\Desktop\Stuff>
_EVENT_BASIC_INFORMATION structure has unknown types_EVENT_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types

Please also answer these questions:

  • What happens when you run without any client? The checksum.exe program does not crash
  • What happens when you run with debug build ("-debug" flag to drrun/drconfig/drinject)? I still see a crash
C:\Users\scf>c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\bin\drstrace.exe -debug -no_follow_children "C:\Program Files\corz\checksum\checksum.exe" vrd("C:\Users\scf\Desktop\Stuff\tw") "C:\ProgramData\myHashes"
<Using system call file c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\drmemory\logs\symcache\syscalls_x64.txt>
<drstrace log file is .\drstrace.checksum.exe.23344.0000.log>
<Application C:\Program Files\corz\checksum\checksum.exe (23344).  Dr. STrace internal crash at PC 0x00000000710cbc4b.  Please report this at http://drmemory.org/issues.  Program aborted.
0xc0000005 0x00000000 0x00000000710cbc4b 0x00000000710cbc4b 0x0000000000000001 0x000000007118dcbc
Base: 0x0000000071000000
Registers: eax=0x0000000000000001 ebx=0x00000176e6c355c0 ecx=0xffffffffffffffff edx=0x0000000000000001
        esi=0x00000027c0dfeef8 edi=0x0000000000000000 esp=0x00000027c0dfedb8 ebp=0x0000000000000000
        r8 =0x0000000000000008 r9 =0x0000000000000000 r10=0x0000000000000000 r11=0x0000000000000246
        r12=0x0000000000000001 r13=0x0000000000000000 r14=0x00000027c0dff400 r15=0x0000000000000000
        eflags=0x0000000000010286
version 7.91.18298, custom build
-no_dynamic_options -logdir 'C:\Users\scf' -client_lib 'c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\bin64\debug\drstracelib.dll;0;-symcache_path `c:\Users\scf\Desktop\Stuff\DrMemory-Windows-2.3.0-1\logs\symbols\WinTypes.pdb\BB00EF018D604443AE6FFFBC56CB76BD2\WinTypes.pdb` -sysnum_file `c:\Users\scf\Desktop\Stuff\D>
_EVENT_BASIC_INFORMATION structure has unknown types_EVENT_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types_ALPC_BASIC_INFORMATION structure has unknown types

Expected behavior I expect to be about to get an drstrace log I can inspect.

Screenshots or Pasted Text

See above

Versions

  • What version of DynamoRIO are you using? The 2.3.0 release:
  • Does the latest build from https://github.com/DynamoRIO/dynamorio/releases solve the problem? This was latest
  • What operating system version are you running on? ("Windows 10" is not sufficient: give the release number.) This is on Windows 21H1 - 19043.928
  • Is your application 32-bit or 64-bit?

Additional context

checksum.exe.13092.00000000.ldmp.zip