I'm trying to run some dynamic analysis routines on Windows programs, using things like Intel Pin and DynamoRIO. I am running Windows 11. A problem I am having is when I use cmd.exe
to launch an interactive application, control returns immediately to the interpreter after the application has been launched. This means those apps don't get analyzed properly.
For example, if I use DynamoRIO to instrument the File Explorer like this:
drrun.exe -t drcachesim -- explorer.exe
Then DynamoRIO returns immediately after explorer.exe
is launched, and it doesn't actually instrument File Explorer when the user can interact with it.
I've had similar issues with Intel Pin. It seems the root issue is cmd.exe
detaches from processes immediately after launching them. I am a complete novice Windows developer, so there is probably some mechanism I am unaware of that is causing this. I would be grateful or any insight or feedback here.
CodePudding user response:
Two things to note here.
cmd.exe waits for console programs but not GUI programs. Use the
start
command to wait on GUI programs:start /wait notepad.exe
.Explorer.exe will often communicate with an existing instance of itself and then just exit. Exit Explorer and then use Task manager to kill all Explorer.exe instances and then run your command.