Category Archives: 64-bit

Experimental Use of 64-bit Dump of 32-bit .NET Process in WinDbg

A .NET dmp file is typically best captured as 32-bit for 32-bit process. On x64 system this could be using the 32-bit task manager (C:\windows\syswow64\taskmgr.exe), WinDbg (x86), or a tool like ProcDump (http://live.sysinternals.com/ProcDump.exe ) However what if a 32-bit .NET … Continue reading

Posted in .NET, 64-bit, Patching, WinDbg | Tagged | 3 Comments

Launching .NET EXE extracted from Memory DMP

Using the SOS debugging extension (http://msdn.microsoft.com/en-us/library/bb190764(v=vs.110).aspx) we can easily save modules in a .NET memory dump. I wanted to do some runtime analysis of an EXE, but I only had dmp file. 0:000> .load C:\windows\microsoft.net\Framework64\v2.0.50727\sos.dll0:000> lmv m qfbox2start             end                 module … Continue reading

Posted in .NET, 64-bit, WinDbg | Tagged | Leave a comment

Case of the Invalid Base Key Error

Continuing my series on .NET patching – refer to https://chentiangemalc.wordpress.com/2014/05/19/case-of-the-net-service-hang-patching-webclient-operation-timed-out/ for the previous articles more of an overview of using some of the tools described. A “front end” application that was used to launch another application was failing to launch … Continue reading

Posted in .NET, 64-bit, Application Compatibility, Debugging, Hacking, Patching, Reflexil, WinDbg, Windows 7 | 2 Comments

Case of the Totally Broken TrustedInstaller

On a group of Windows 7 x64 machine the TrustedInstaller service, listed in Windows Services as the “Windows Module Installer Service”, was failing to start: We also saw evidence in the Application Event log with errors like: Faulting application name: … Continue reading

Posted in 64-bit, AppSense, Debugging, ProcMon, Windows 7 | Tagged | 5 Comments

Case of the Incorrect Side-by-Side Configuration

So I had downloaded the latest version of BIND DNS server for Windows from http://www.isc.org/downloads as I wanted to have an up-to-date version of DNS diagnosis tool dig to be available. However if you just tried running dig.exe by itself  … Continue reading

Posted in 64-bit, Application Compatibility, ProcMon, SysInternals, Windows 7 | Tagged | 8 Comments

Creating a Single .EXE when you need a separate .EXE to run on x86 and x64 Platforms

Sometimes you may have separate .EXEs to run whether on x86 (32-bit) or x64 (64-bit) platforms. Reasons for this are often around the need to access the native 64-bit registry location i.e. HKLM\SOFTWARE without getting redirected to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node…But sometimes having … Continue reading

Posted in 64-bit, AutoIT, Scripting | Tagged | Leave a comment