EvilZone

Programming and Scripting => .NET Framework => : vicious October 18, 2013, 04:07:43 AM

: VB.NET runPE [problem]
: vicious October 18, 2013, 04:07:43 AM

I'm trying to make a runPE in vb.net work in windows 7.
I get c0000005 errorr code - memory access violation, in offset 00003f2c , that is just before the end of my portable executable (the victim process).
The error comes from ZwUnmapViewOfSection , WriteProcessMemory or SetThreadContext (all in kernel32.dll). When the code reaches ResumeThread I get the error sometimes, or sometimes notthing at all, but the process is terminated, so I cannot attach debugger. When I set breakpoint in visual studio just before ResumeThread and attach WinDbg to my victim process it shows that:  only part of a readprocessmemory or writeprocessmemory request was completed.
So how can I find out what went wrong in rewrighting the process memory?

PS:I don't know if this question is for here or for reverse engineering, seems like it don't fit here, nor there

: Re: VB.NET runPE [problem]
: NovaCygni October 19, 2013, 06:21:09 PM

run and debug with ollydbg, least yourll see whats throwing the exception.