1. F3 (Edit: not F2) on a 64-bit exe or dll.
2. Select Image File Header.
3. Please Wait... forever.
Not sure if it's related to the file size. I succeeded in dumping an exe and a dll of < 10 KB, but all other tests (50 KB ~ 3 MB) failed.
This didn't happen with 8.51a.
TC 8.52b1 - fail to dump 64-bit Image File Header
Moderators: Hacker, petermad, Stefan2, white
TC 8.52b1 - fail to dump 64-bit Image File Header
Last edited by yyang on 2015-08-15, 12:36 UTC, edited 1 time in total.
1. Perhaps F3?
2. It seems that you're using FileInfo lister plugin, this should be mentioned if you report plugin problem.
Are you using latest plugin version? Please check this topic.
I'm using quite old version of this plugin (2.0.10.0 buind in 2007) and it works fine in TC 8.52b1 for 64-bit PE files. Tested on C:\Windows\Explorer.exe, got 4K lines of listing within 1-2 seconds.
2. It seems that you're using FileInfo lister plugin, this should be mentioned if you report plugin problem.
Are you using latest plugin version? Please check this topic.
I'm using quite old version of this plugin (2.0.10.0 buind in 2007) and it works fine in TC 8.52b1 for 64-bit PE files. Tested on C:\Windows\Explorer.exe, got 4K lines of listing within 1-2 seconds.
Re: TC 8.52b1 - fail to dump 64-bit Image File Header
No such problem hereyyang wrote:1. F2 on a 64-bit exe or dll.
2. Select Image File Header.
3. Please Wait... forever.
Not sure if it's related to the file size. I succeeded in dumping an exe and a dll of < 10 KB, but all other tests (50 KB ~ 3 MB) failed.
This didn't happen with 8.51a.
with TC 8.52b1 x64 and the actual file_info plugin from july 2015
Thanks! It's F3 really.MVV wrote:1. Perhaps F3?
2. It seems that you're using FileInfo lister plugin, this should be mentioned if you report plugin problem.
Are you using latest plugin version? Please check this topic.
I'm using quite old version of this plugin (2.0.10.0 buind in 2007) and it works fine in TC 8.52b1 for 64-bit PE files. Tested on C:\Windows\Explorer.exe, got 4K lines of listing within 1-2 seconds.
I'm using the latest fileinfo plugin (Jul 2015). As you said, it works for C:\Windows\Explorer.exe perfectly, so this is not related to the file size.
Could you please test again with these files? They are dummy binaries generated with 64-bit VC 2010 (source code included). Thanks.
http://www.filedropper.com/dlltest
MVV and Horst.Epp,
Thank you both very much. I revert to 8.51a now and it still doesn't work. But with the same configurations, it works perfectly on another machine. It must be something wrong with my machine. I really should have a better test before creating this post. Thanks again and sorry for the fuss.
Thank you both very much. I revert to 8.51a now and it still doesn't work. But with the same configurations, it works perfectly on another machine. It must be something wrong with my machine. I really should have a better test before creating this post. Thanks again and sorry for the fuss.
#147523
First of all you better post such plug-in specific bugs in here.
Now I think it might be related to my similar problem:
http://www.ghisler.ch/board/viewtopic.php?p=297742#297742
Not sure what exactly triggers it, it doesn't always happen, but it does for most x64 PEs opened from 32bit plug-in.
The plug-in author didn't answer to this yet, so you either send him an e-mail or we wait for a fix.
From a programmers's point of view it's just weird that your machine config is related to a PE dump, so it's some serious flaw in the plug-in.
Now I think it might be related to my similar problem:
http://www.ghisler.ch/board/viewtopic.php?p=297742#297742
Not sure what exactly triggers it, it doesn't always happen, but it does for most x64 PEs opened from 32bit plug-in.
The plug-in author didn't answer to this yet, so you either send him an e-mail or we wait for a fix.
From a programmers's point of view it's just weird that your machine config is related to a PE dump, so it's some serious flaw in the plug-in.
TC plugins: PCREsearch and RegXtract
Thank you, milo1012.
Sorry that I posted in the wrong place. I thought it might be the new beta's issue, because this problem didn't manifest itself before.
As I clear the "Show Runtime FTable" option (or in fileinfo.ini: Dump_Pdata=0), it works fine on 64-bit binaries.
And there may be a new release soon:
http://www.ghisler.ch/board/viewtopic.php?t=1095&postdays=0&postorder=asc&start=285&sid=fc57b8f3dce7f2f8769917b14355caf5
Sorry that I posted in the wrong place. I thought it might be the new beta's issue, because this problem didn't manifest itself before.
As I clear the "Show Runtime FTable" option (or in fileinfo.ini: Dump_Pdata=0), it works fine on 64-bit binaries.
And there may be a new release soon:
http://www.ghisler.ch/board/viewtopic.php?t=1095&postdays=0&postorder=asc&start=285&sid=fc57b8f3dce7f2f8769917b14355caf5
