Debugging Assembly Execution using Frida-trace
cd C:\Python\Python39\Scriptspip install frida frida-toolsC:\Python\Python39\Scripts\
.\frida-trace.exe -f C:\Tools\AssemblyLoaderX.exe C:\Tools\MsgBox.exe -i "*Load*"Where:
-f is the assembly name to be spawned (execute) followed by its arguments.
-i is the function name to lookup for.
Result
Started tracing 148 functions. Press Ctrl+C to stop.
/* TID 0x37d0 */
4166 ms LoadLibraryExA()
4166 ms | LoadLibraryExA()
4166 ms | | LoadLibraryExW()
4166 ms [*] Using ExecuteAssemblyLoadFileAppDomain1:
| | | LdrLoadDll()
4167 ms LoadLibraryExW()
4167 ms | LoadLibraryExW()
4167 ms | | LdrLoadDll()
4169 ms [+] Executing 'TheMessageBox.exe' in 'King AppDomain' AppDomain.
| | | LoadLibraryExW()
4169 ms | | | | LoadLibraryExW()
4169 ms | | | | | LdrLoadDll()
4169 ms | | | LoadLibraryExW()
4169 ms | | | | LoadLibraryExW()
4169 ms | | | | | LdrLoadDll()
4169 ms | | | LoadLibraryExW()
4169 ms | | | | LoadLibraryExW()
4169 ms | | | | | LdrLoadDll()
4169 ms | | | LoadLibraryExW()
4169 ms | | | | LoadLibraryExW()
4169 ms | | | | | LdrLoadDll()
4169 ms | | | LoadLibraryExW()
4169 ms | | | | LoadLibraryExW()
4169 ms | | | | | LdrLoadDll()
4169 ms | | | LoadLibraryExA()
4169 ms | | | | LoadLibraryExA()
4169 ms | | | | | LoadLibraryExW()
4169 ms | | | | | | LdrLoadDll()
4171 ms LoadLibraryExA()
4172 ms | LoadLibraryExA()
4172 ms | | LoadLibraryExW()
4172 ms | | | LdrLoadDll()
4174 ms LoadLibraryExW()
4174 ms | LoadLibraryExW()
4174 ms | | LdrLoadDll()
4174 ms LoadLibraryExA()
4174 ms | LoadLibraryExA()
4174 ms | | LoadLibraryExW()
4174 ms | | | LdrLoadDll()
4175 ms LoadLibraryExW()
4176 ms LoadLibraryExW()
4176 ms | LdrAddLoadAsDataTable()
4176 ms LdrRemoveLoadAsDataTable()
4176 ms LoadLibraryExW()
4177 ms | LdrAddLoadAsDataTable()
4178 ms LdrRemoveLoadAsDataTable()
4179 ms LoadLibraryExW()
4179 ms | LoadLibraryExW()
4179 ms | | LdrLoadDll()
4185 ms | | | LoadLibraryExW()
4185 ms | | | | LoadLibraryExW()
4185 ms | | | | | LdrLoadDll()
4185 ms | | | LoadLibraryExW()
4185 ms | | | | LoadLibraryExW()
4185 ms | | | | | LdrLoadDll()
4186 ms | | | LoadLibraryExW()
4186 ms | | | | LoadLibraryExW()
4186 ms | | | | | LdrLoadDll()
4186 ms | | | LoadLibraryExW()
4186 ms | | | | LoadLibraryExW()
4186 ms | | | | | LdrLoadDll()
4186 ms | | | LoadLibraryExW()
4186 ms | | | | LoadLibraryExW()
4186 ms | | | | | LdrLoadDll()
4186 ms | | | LoadLibraryExW()
4186 ms | | | | LoadLibraryExW()
4186 ms | | | | | LdrLoadDll()
4186 ms | | | LoadLibraryExW()
4186 ms | | | | LoadLibraryExW()
4186 ms | | | | | LdrLoadDll()
4186 ms LoadLibraryExA()
4186 ms | LoadLibraryExA()
4186 ms | | LoadLibraryExW()
4187 ms | | | LdrLoadDll()
4189 ms LoadLibraryExW()
4189 ms | LoadLibraryExW()
4189 ms | | LdrLoadDll()
4189 ms LoadLibraryExW()
4189 ms | LoadLibraryExW()
4189 ms | | LdrLoadDll()
4189 ms LoadLibraryExW()
4189 ms | LoadLibraryExW()
4189 ms | | LdrLoadDll()
4190 ms LoadLibraryExW()
4190 ms | LoadLibraryExW()
4190 ms | | LdrLoadDll()
4193 ms LoadLibraryExW()
4193 ms | LoadLibraryExW()
4193 ms | | LdrLoadDll()
4203 ms LoadLibraryExW()
4203 ms | LdrLoadDll()
4205 ms LoadLibraryExW()
4205 ms | LoadLibraryExW()
4205 ms | | LdrLoadDll()
4229 ms LoadLibraryExW()
4229 ms | LoadLibraryExW()
4230 ms | | LdrLoadDll()
4230 ms LoadLibraryExW()
4230 ms | LoadLibraryExW()
4230 ms | | LdrLoadDll()
4230 ms ResolveDelayLoadedAPI()
4230 ms | LdrResolveDelayLoadedAPI()
4230 ms ResolveDelayLoadedAPI()
4230 ms | LdrResolveDelayLoadedAPI()
4231 ms LoadLibraryExW()
4231 ms | LoadLibraryExW()
4231 ms | | LdrLoadDll()
4231 ms LoadLibraryExW()
4231 ms | LoadLibraryExW()
4231 ms | | LdrLoadDll()
4234 ms LoadLibraryExW()
4234 ms | LoadLibraryExW()
4234 ms | | LdrLoadDll()
4234 ms LoadLibraryExW()
4234 ms | LoadLibraryExW()
4234 ms | | LdrLoadDll()
4236 ms | | | ResolveDelayLoadedAPI()
4236 ms | | | | LdrResolveDelayLoadedAPI()
4238 ms LoadLibraryExW()
4238 ms | LoadLibraryExW()
4238 ms | | LdrLoadDll()
4238 ms LoadLibraryExW()
4238 ms | LoadLibraryExW()
4238 ms | | LdrLoadDll()
4261 ms LoadLibraryExW()
4262 ms | LoadLibraryExW()
4262 ms | | LdrLoadDll()
4262 ms LdrResolveDelayLoadedAPI()
4263 ms LoadLibraryExA()
4263 ms | LoadLibraryExW()
4263 ms | | LdrLoadDll()
4265 ms ResolveDelayLoadedAPI()
4265 ms | LdrResolveDelayLoadedAPI()
4266 ms LoadLibraryExA()
4266 ms | LoadLibraryExW()
4266 ms | | LdrLoadDll()
4288 ms LoadLibraryExW()
4288 ms | LoadLibraryExW()
4288 ms | | LdrLoadDll()
4292 ms LoadLibraryExW()
4292 ms | LoadLibraryExW()
4292 ms | | LdrLoadDll()
4298 ms LoadLibraryExW()
4298 ms | LoadLibraryExW()
4298 ms | | LdrLoadDll()
4313 ms LoadLibraryExW()
4313 ms | LoadLibraryExW()
4313 ms | | LdrLoadDll()
4314 ms LoadLibraryExW()
4314 ms | LoadLibraryExW()
4314 ms | | LdrLoadDll()
4315 ms LoadLibraryExW()
4315 ms | LoadLibraryExW()
4315 ms | | LdrLoadDll()
4316 ms ResolveDelayLoadedAPI()
4316 ms | LdrResolveDelayLoadedAPI()
4319 ms ResolveDelayLoadedAPI()
4319 ms | LdrResolveDelayLoadedAPI()
4319 ms ResolveDelayLoadedAPI()
4319 ms | LdrResolveDelayLoadedAPI()
4319 ms ResolveDelayLoadedAPI()
4319 ms | LdrResolveDelayLoadedAPI()
4320 ms ResolveDelayLoadedAPI()
4320 ms | LdrResolveDelayLoadedAPI()
4323 ms ResolveDelayLoadedAPI()
4323 ms | LdrResolveDelayLoadedAPI()
4393 ms ResolveDelayLoadedAPI()
4393 ms | LdrResolveDelayLoadedAPI()
4395 ms RtlIsThreadWithinLoaderCallout()
4396 ms LoadLibraryExW()
4396 ms | LdrLoadDll()
4411 ms LdrResolveDelayLoadedAPI()
4424 ms RtlIsThreadWithinLoaderCallout()
4425 ms ImmLoadIME()
4425 ms | LdrResolveDelayLoadedAPI()
4425 ms | ResolveDelayLoadedAPI()
4425 ms | | LdrResolveDelayLoadedAPI()
4425 ms | LoadIconW()
4425 ms | LoadCursorW()
4426 ms | LoadCursorW()
4464 ms RtlIsThreadWithinLoaderCallout()
4465 ms LdrResolveDelayLoadedAPI()
4468 ms ResolveDelayLoadedAPI()
4469 ms | LdrResolveDelayLoadedAPI()
4482 ms ResolveDelayLoadedAPI()
4483 ms | LdrResolveDelayLoadedAPI()
4492 ms LdrLoadAlternateResourceModuleEx()
4493 ms ResolveDelayLoadedAPI()
4493 ms | LdrResolveDelayLoadedAPI()
4494 ms ResolveDelayLoadedAPI()
4494 ms | LdrResolveDelayLoadedAPI()
4504 ms LoadLibraryExW()
4504 ms | LdrLoadDll()
4505 ms LoadMenuW()
4506 ms | LdrLoadAlternateResourceModuleEx()
4506 ms | LoadResource()
4506 ms | LoadMenuIndirectW()
You said YES!
94192 ms LoadLibraryExA()
94193 ms | LoadLibraryExW()
94193 ms | | LdrLoadDll()
94193 ms LoadLibraryExA()
94193 ms | LoadLibraryExW()
94193 ms | | LdrLoadDll()
94193 ms LoadLibraryExA()
94193 ms | LoadLibraryExW()
94193 ms | | LdrLoadDll()
94194 ms ResolveDelayLoadedAPI()
94194 ms | LdrResolveDelayLoadedAPI()
94194 ms ResolveDelayLoadedAPI()
94195 ms | LdrResolveDelayLoadedAPI()
94195 ms ResolveDelayLoadedAPI()
94195 ms | LdrResolveDelayLoadedAPI()
94196 ms ResolveDelayLoadedAPI()
94196 ms | LdrResolveDelayLoadedAPI()
94203 ms LoadIconW()
94203 ms LoadCursorW()
94204 ms LoadCursorW()
94235 ms ResolveDelayLoadedAPI()
94235 ms | LdrResolveDelayLoadedAPI()
Process terminatedLast updated