0

Now, I am new to reverse engineering and I am trying to attach (by x64dbg) to starcraft.exe game process. But after attaching it, this process always closes. Here is my log debug.

! Database file: D:\Programs\x64dbg\x64\db\StarCraft.exe.dd64
[ScyllaHide] Loaded VA for NtUserBlockInput = 0x00007FFFCAAE8450
[ScyllaHide] Loaded VA for NtUserQueryWindow = 0x00007FFFCAAE1230
[ScyllaHide] Loaded VA for NtUserGetForegroundWindow = 0x00007FFFCAAE17B0
[ScyllaHide] Loaded VA for NtUserBuildHwndList = 0x00007FFFCAAE13B0
[ScyllaHide] Loaded VA for NtUserFindWindowEx = 0x00007FFFCAAE1DB0
[ScyllaHide] Loaded VA for NtUserGetClassName = 0x00007FFFCAAE1F50
[ScyllaHide] Loaded VA for NtUserInternalGetWindowText = 0x00007FFFCAAE1C70
[ScyllaHide] Loaded VA for NtUserGetThreadState = 0x00007FFFCAAE1030
[ScyllaHide] Hook injection successful, image base 000001A732490000
Error replacing page: 00007FF79FFE0000[00000000000B6000] (starcraft.exe)
Sections:
".text": 00007FF79ECA1000[0000000000A5F000]
".rdata": 00007FF79F700000[00000000002EF000]
".data": 00007FF79F9EF000[00000000005E7000]
".pdata": 00007FF79FFD6000[0000000000071000]
".rodata": 00007FF7A0047000[0000000000001000]
"_RDATA": 00007FF7A0048000[0000000000002000]
".rsrc": 00007FF7A004A000[0000000000038000]
".reloc": 00007FF7A0082000[0000000000014000]
New pages:
" ".rodata"": 00007FF7A0047000[0000000000001000]
" "_RDATA"": 00007FF7A0048000[0000000000002000]
" ".rsrc"": 00007FF7A004A000[0000000000038000]
" ".reloc"": 00007FF7A0082000[0000000000014000]
Please report an issue!
Error replacing page: 00007FF79F9E0000[0000000000600000] (starcraft.exe)
Sections:
".text": 00007FF79ECA1000[0000000000A5F000]
".rdata": 00007FF79F700000[00000000002EF000]
".data": 00007FF79F9EF000[00000000005E7000]
".pdata": 00007FF79FFD6000[0000000000071000]
".rodata": 00007FF7A0047000[0000000000001000]
"_RDATA": 00007FF7A0048000[0000000000002000]
".rsrc": 00007FF7A004A000[0000000000038000]
".reloc": 00007FF7A0082000[0000000000014000]
New pages:
" ".data"": 00007FF79F9EF000[00000000005E7000]
Please report an issue!
Error replacing page: 00007FF79ECA0000[0000000000D40000] (starcraft.exe)
Sections:
".text": 00007FF79ECA1000[0000000000A5F000]
".rdata": 00007FF79F700000[00000000002EF000]
".data": 00007FF79F9EF000[00000000005E7000]
".pdata": 00007FF79FFD6000[0000000000071000]
".rodata": 00007FF7A0047000[0000000000001000]
"_RDATA": 00007FF7A0048000[0000000000002000]
".rsrc": 00007FF7A004A000[0000000000038000]
".reloc": 00007FF7A0082000[0000000000014000]
New pages:
"starcraft.exe": 00007FF79ECA0000[0000000000001000]
" ".text"": 00007FF79ECA1000[0000000000A5F000]
Please report an issue!
Process started: 00007FF79ECA0000 C:\Program Files (x86)\StarCraft Remastered\x86_64\StarCraft.exe
"x86_64\Starcraft.exe" -launch
argv[0]: x86_64\Starcraft.exe
argv[1]: -launch
Attach to a process!
DLL loaded: 00007FFFCD090000 C:\Windows\System32\ntdll.dll
Thread 17124 created, Entry: 00007FFF487983A0, Parameter: 0000000000000000
Thread 17128 created, Entry: 00007FFF48798380, Parameter: 0000000000000000
Thread 17132 created, Entry: starcraft.00007FF79F67A03C, Parameter: 0000000000000000
Thread 17136 created, Entry: starcraft.00007FF79F63D240, Parameter: 0000000000000000
//a lot of threads created
Thread 16400 created, Entry: starcraft.00007FF79F67A03C, Parameter: 0000000000000000
Thread 16356 created, Entry: starcraft.00007FF79F67A03C, Parameter: 0000000000000000
Thread 16648 created, Entry: starcraft.00007FF79F67A03C, Parameter: 0000000000000000
Thread 17880 created, Entry: ntdll.00007FFFCD0E2B20, Parameter: 000001A7487ED0B0
DLL loaded: 00007FFFCC960000 C:\Windows\System32\kernel32.dll
DLL loaded: 00007FFFCADC0000 C:\Windows\System32\KernelBase.dll
DLL loaded: 00007FFFC7FB0000 C:\Windows\System32\apphelp.dll
Error replacing page: 00007FF79FFE0000[00000000000B6000] (starcraft.exe)
Sections:
".text": 00007FF79ECA1000[0000000000A5F000]
".rdata": 00007FF79F700000[00000000002EF000]
".data": 00007FF79F9EF000[00000000005E7000]
".pdata": 00007FF79FFD6000[0000000000071000]
".rodata": 00007FF7A0047000[0000000000001000]
"_RDATA": 00007FF7A0048000[0000000000002000]
".rsrc": 00007FF7A004A000[0000000000038000]
".reloc": 00007FF7A0082000[0000000000014000]
New pages:
" ".rodata"": 00007FF7A0047000[0000000000001000]
" "_RDATA"": 00007FF7A0048000[0000000000002000]
" ".rsrc"": 00007FF7A004A000[0000000000038000]
" ".reloc"": 00007FF7A0082000[0000000000014000]
Please report an issue!
Error replacing page: 00007FF79F9E0000[0000000000600000] (starcraft.exe)
Sections:
".text": 00007FF79ECA1000[0000000000A5F000]
".rdata": 00007FF79F700000[00000000002EF000]
".data": 00007FF79F9EF000[00000000005E7000]
".pdata": 00007FF79FFD6000[0000000000071000]
".rodata": 00007FF7A0047000[0000000000001000]
"_RDATA": 00007FF7A0048000[0000000000002000]
".rsrc": 00007FF7A004A000[0000000000038000]
".reloc": 00007FF7A0082000[0000000000014000]
New pages:
" ".data"": 00007FF79F9EF000[00000000005E7000]
Please report an issue!
Error replacing page: 00007FF79ECA0000[0000000000D40000] (starcraft.exe)
Sections:
".text": 00007FF79ECA1000[0000000000A5F000]
".rdata": 00007FF79F700000[00000000002EF000]
".data": 00007FF79F9EF000[00000000005E7000]
".pdata": 00007FF79FFD6000[0000000000071000]
".rodata": 00007FF7A0047000[0000000000001000]
"_RDATA": 00007FF7A0048000[0000000000002000]
".rsrc": 00007FF7A004A000[0000000000038000]
".reloc": 00007FF7A0082000[0000000000014000]
New pages:
"starcraft.exe": 00007FF79ECA0000[0000000000001000]
" ".text"": 00007FF79ECA1000[0000000000A5F000]
Please report an issue!
DLL loaded: 00007FFFCB8E0000 C:\Windows\System32\user32.dll
DLL loaded: 00007FFFCAAE0000 C:\Windows\System32\win32u.dll
//a lot of dll loaded
DLL loaded: 00007FFF8BB10000 C:\Windows\System32\ncryptsslp.dll
DLL loaded: 00007FFFC21D0000 C:\Windows\System32\wbem\wbemprox.dll
DLL loaded: 00007FFFC1110000 C:\Windows\System32\wbemcomn.dll
DLL loaded: 00007FFFC0C50000 C:\Windows\System32\wbem\wbemsvc.dll
DLL loaded: 00007FFFC0500000 C:\Windows\System32\wbem\fastprox.dll
DLL loaded: 00007FFFB8E60000 C:\Windows\System32\amsi.dll
Thread 17284 exit
Thread 17340 exit
Thread 17344 exit
Thread 17208 exit
Thread 17288 exit
Thread 17292 exit
Thread 17296 exit
Thread 17336 exit
Thread 17276 exit
Thread 17280 exit
Thread 17372 exit
Thread 17376 exit
Thread 17300 exit
Thread 17404 exit
Thread 17308 exit
Thread 16432 exit
Thread 16436 exit
Thread 16440 exit
Thread 17304 exit
Thread 17356 exit
Thread 17364 exit
Thread 7664 exit
Thread 16396 exit
Thread 16416 exit
Thread 17368 exit
Thread 16420 exit
Thread 17360 exit
Thread 16408 exit
Process stopped with exit code 0xC0000005 (STATUS_ACCESS_VIOLATION)
Saving the database to D:\Programs\x64dbg\x64\db\StarCraft.exe.dd64 16мс
Debugging stopped!

The same happens if I try to check what accesses adress in the game. How I can bypass this problem?

I am expecting to debug game process normally and learn how to bypass debug protection. I`ve tryed to use ScillaHide with different settings but nothing changed.

tvxth
  • 1
  • 1

0 Answers0