Winxp sp3 running with KD enabled in VitrualBox, i'm connecting to it through kernel pipe connection.
i have one prog which is protected with execryptor, that should be started in VM.
but as soon as the target launched - kd invoked immediately:
i still can not to determine which is the reason triggering the exception (this is not only one, it will be several, including obvious int3 breaks)Single step exception - code 80000004 (first chance (further(excl int3) will looks the same))
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
001b:006dece4 e98c070000 jmp 006df475
001b:006decd9 81c800010000 or eax,100h
001b:006decdf 870424 xchg eax,dword ptr [esp]
001b:006dece2 9d popfd
001b:006dece3 90 nop
001b:006dece4 e98c070000 jmp GFTPpro+0x2df475 (006df475) <<<<<<<<<<<<<<<<<<
001b:006dece9 0000 add byte ptr [eax],al
001b:006deceb 81c036e0fbfe add eax,0FEFBE036h
001b:006decf1 03c8 add ecx,eax
i checked out DR registers - empty.
call stack at the moment:
looks like this is tls and oep not executed yet (protection code both in tls and oep)kd> k
WARNING: Frame IP not in any known module. Following frames may be wrong.
0012f9cc 7c93acb0 0x6dece4
0012fa18 7c935e50 ntdll!LdrpCallTlsInitializers+0x83
0012fb18 7c921194 ntdll!LdrpRunInitializeRoutines+0x48b
0012fc94 7c92108f ntdll!LdrpInitializeProcess+0x1131
0012fd1c 7c90e437 ntdll!_LdrpInitialize+0x183
00000000 00000000 ntdll!KiUserApcDispatcher+0x7
and there is only one thread at the moment.
so any ideas about what protector could do to raise exceptions?
actually, this is not a problem, anyway i could avoid it with gN, but because there lots of same situations, i need a solution how to force KD to ignore all of exceptions in the predefined timeband.