Analyzers
Talk to fellow users of Intel Analyzer tools (Intel VTune™ Profiler, Intel Advisor)

Profile Failed

YuGang_T_
Beginner
1,385 Views

Hello,I profiled the sample project tachyon vc10, and got a problem.. B elow is the log:

Analyzing Debug configuration
    11/24/14 19:49:16  Profiling Debug configuration may provide misleading results. Change active configuration for performance measurements to Release to accurately reflect the behavior of your released product. 

Collection failed
    11/24/14 19:49:23  Collection failed. The data cannot be displayed. 
    [Instrumentation Engine]: SYSCALL_INSPECTOR: Too long trace in the NTDLL!NtSetContextThread function Incompatible operating system or incompatible software installed on the system Pin is exiting due to fatal error 

My environment is:

intel-i3

WIN 7 64bit 

Microsoft VS 2013

NO anti-virus program is running 

Thanks in advance, any advise would be appreciated.

0 Kudos
1 Solution
Bernard
Valued Contributor I
1,385 Views

@YuGang

It seems that there is no installed any hooks or inline trampoline jumps.

View solution in original post

0 Kudos
14 Replies
YuGang_T_
Beginner
1,384 Views

My VTune Version is, Intel VTune Amplifier XE 2015 (update1_setup).

0 Kudos
Peter_W_Intel
Employee
1,384 Views

Please reference to this thread with similar problem.

0 Kudos
YuGang_T_
Beginner
1,384 Views

Thanks for reply.

I Followed his solution and removed all the anti-virus SW. without effect.

 

0 Kudos
Peter_W_Intel
Employee
1,384 Views

Possibly there was other 3rd-party software - which had installed ntdll.dll patch. If you are not sure what software is - you can try other machine. 

0 Kudos
Bernard
Valued Contributor I
1,384 Views

@YuGang

You can use Windows debugger (windbg)  !chkimg command in order to check for image consistency. In your case I would try to check Ntdll.dll image first for installed hooks.

http://community.websense.com/blogs/securitylabs/archive/2010/04/29/analyzing-malwares-using-microsoft-tools.aspx

0 Kudos
YuGang_T_
Beginner
1,384 Views

iliyapolak wrote:

@YuGang

You can use Windows debugger (windbg)  !chkimg command in order to check for image consistency. In your case I would try to check Ntdll.dll image first for installed hooks.

http://community.websense.com/blogs/securitylabs/archive/2010/04/29/anal...

Thanks for reply.

I've got the windbg tool and then how should i use it to trace the problem.

I read the article above but still dont know how to !chkimg, for i dont have a dump file.

 

0 Kudos
Bernard
Valued Contributor I
1,384 Views

@YuGang

Please download following tool for creating user mode dump file : http://www.microsoft.com/en-us/download/details.aspx?id=4060

Proceed further as it was explained in this article http://community.websense.com/blogs/securitylabs/archive/2010/04/29/analyzing-malwares-using-microsoft-tools.aspx

If you want you can send me dump files and I will run !chkimg command.

0 Kudos
YuGang_T_
Beginner
1,385 Views

iliyapolak wrote:

@YuGang

Please download following tool for creating user mode dump file : http://www.microsoft.com/en-us/download/details.aspx?id=4060

Proceed further as it was explained in this article http://community.websense.com/blogs/securitylabs/archive/2010/04/29/anal...

If you want you can send me dump files and I will run !chkimg command.

Windbg can not show the command window any more on my pc. 

I upload 2 dump files, will u please !chkimg them. Thanks.

 

0 Kudos
Bernard
Valued Contributor I
1,385 Views

@YuGang

Tomorrow I will check those files.

0 Kudos
YuGang_T_
Beginner
1,385 Views

Thank you

0 Kudos
Bernard
Valued Contributor I
1,385 Views

You are welcome.

 

0 Kudos
Bernard
Valued Contributor I
1,386 Views

@YuGang

It seems that there is no installed any hooks or inline trampoline jumps.

0 Kudos
YuGang_T_
Beginner
1,385 Views

iliyapolak wrote:

@YuGang

It seems that there is no installed any hooks or inline trampoline jumps.

Thanks.

Seems my windows system need to be reinstalled.

0 Kudos
Bernard
Valued Contributor I
1,385 Views

@YuGang

Probably it can be the best solution in your case. I will run !chkimg on my other laptop in order to verify the results.

0 Kudos
Reply