Jump to content
Tuts 4 You

zwfix.zip 1.0.0.0


1 Screenshot

About This File

FIX for ZwQueryObject hang on file objects that have FO_SYNCHRONOUS_IO set.

There is a "bug" in Win32 that hangs calls to ZwQueryObject and other functions

when the queried handle has this flag set, as the Syscall is waiting forever.

Ollydbg suffers from this bug as it reads certain handle informations after it

hits a breakpoint. This then leads to a freeze of the debugger.

This plugin tries to fix it by hooking the functions

NtQueryObject (ntdll.dll)

GetFileType (kernel32.dll)

that get used by olly, which can cause the lockup and let them process the

queries in a seperate thread with a timeout of 1sec. If the call hangs, an error

is returned to Olly and the debugger doesn't freeze anymore.

  • Thanks 1

User Feedback

Recommended Comments

There are no comments to display.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...