-
-
[转帖]ZwQueryObject-Fix 1.0.0.0 by Leecher
-
发表于: 2013-7-11 09:08
-
ZwQueryObject-Fix 1.0.0.0 by Leecher
FIX for ZwQueryObject hang on file objects that have FO_SYNCHRONOUS_IO set. There is a "bug" in Win32 that hangs calls to ZwQueryObject and other functions when the queried handle has this flag set, as the Syscall is waiting forever.
OllyDbg suffers from this bug as it reads certain handle information after it hits a breakpoint. This then leads to a freeze of the debugger. This plugin tries to fix it by hooking the functions:
NtQueryObject (ntdll.dll)
GetFileType (kernel32.dll)
that get used by OllyDbg, which can cause the lockup and let them process the queries in a separate thread with a timeout of 1 sec. If the call hangs, an error is returned to OllyDbg and the debugger doesn't freeze anymore.
[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!
