Once again I have someone using one of my tables and an AOB isn't found. In the past I've had a user upload the EXE for analysis and that has worked. But with this game most of the relevant code is in DLLs. So I tested creating a dump file, with task manager, and analyzing that worked as I was able to open the file with CE and scan for AOBs and find the code I was expecting. Then I had the user create a dump file and upload that. But scanning for AOBs doesn't work. Even AOBs that work on the table for them aren't found. So at this point I'm thinking I have misunderstood what the dump file is or how to use. Now their DF was created on win 10 and mine on win 7, if that matters. And theirs is 6+ GB and mine is 2+ GB, and I'm not really understanding the reason for this. But I find all the same DLLs listed when opened with visual studio.
In my searching I did find that "Scylla" dumps differ from windbg dumps and I assume that task manager creates windbg dumps. But I'm not really sure where this fits in yet.
So my questions are as follows. Why is there so much of a size difference? And what should I do differently for analyzing processes like this in the future?
Analyzing a dump file is not going as expected.
Re: Analyzing a dump file is not going as expected.
I'm not knowledgeable enough to say exactly why but I can speculate that the environment your friend has dumped the file on is vastly different to that of yours, and that potentially there is something that alters the OS in some way that has to be loaded constantly for it to work. Stardock Windowblinds is an example of this. I would recommend advising them to dump with x64dbg using OllyDumpEx plugin.
[Link]
[Link]
Re: Analyzing a dump file is not going as expected.
So this one would work it seems. But the interface is a little goofy, I had a hard time finding the right DLL. As the window isn't resizable and the file paths where longer than the interface showed even with hovering and what not. But I had started messing with Scylla in x64bdg, and that seems to work too. Plus it comes with x64dbg so no need to require table users to install a plugin on top of x64dbg. And it's interface is more simplistic, so hopefully easier to use for beginners.LeFiXER wrote: ↑Mon Aug 02, 2021 11:35 pmI'm not knowledgeable enough to say exactly why but I can speculate that the environment your friend has dumped the file on is vastly different to that of yours, and that potentially there is something that alters the OS in some way that has to be loaded constantly for it to work. Stardock Windowblinds is an example of this. I would recommend advising them to dump with x64dbg using OllyDumpEx plugin.
[Link]
Re: Analyzing a dump file is not going as expected.
Absolutely, I do agree that there is room for improvement. Scylla is nice too, the main thing is that the dump files are both done in the same fashion to produce identical results, or at least that's the aim.
Who is online
Users browsing this forum: No registered users