Solved: Please reference to this

YuGang_T_ · ‎11-24-2014

Hello,I profiled the sample project tachyon vc10, and got a problem.. B elow is the log:

Analyzing Debug configuration
11/24/14 19:49:16 Profiling Debug configuration may provide misleading results. Change active configuration for performance measurements to Release to accurately reflect the behavior of your released product.

Collection failed
11/24/14 19:49:23 Collection failed. The data cannot be displayed.
[Instrumentation Engine]: SYSCALL_INSPECTOR: Too long trace in the NTDLL!NtSetContextThread function Incompatible operating system or incompatible software installed on the system Pin is exiting due to fatal error

My environment is:

intel-i3

WIN 7 64bit

Microsoft VS 2013

NO anti-virus program is running

Thanks in advance, any advise would be appreciated.

Bernard · ‎12-06-2014

@YuGang

It seems that there is no installed any hooks or inline trampoline jumps.

View solution in original post

YuGang_T_ · ‎11-24-2014

My VTune Version is, Intel VTune Amplifier XE 2015 (update1_setup).

Peter_W_Intel · ‎11-24-2014

Please reference to this thread with similar problem.

YuGang_T_ · ‎11-24-2014

Thanks for reply.

I Followed his solution and removed all the anti-virus SW. without effect.

Peter_W_Intel · ‎11-24-2014

Possibly there was other 3rd-party software - which had installed ntdll.dll patch. If you are not sure what software is - you can try other machine.

Bernard · ‎11-26-2014

@YuGang

You can use Windows debugger (windbg) !chkimg command in order to check for image consistency. In your case I would try to check Ntdll.dll image first for installed hooks.

http://community.websense.com/blogs/securitylabs/archive/2010/04/29/analyzing-malwares-using-microsoft-tools.aspx

YuGang_T_ · ‎11-27-2014

iliyapolak wrote:

@YuGang

You can use Windows debugger (windbg) !chkimg command in order to check for image consistency. In your case I would try to check Ntdll.dll image first for installed hooks.

http://community.websense.com/blogs/securitylabs/archive/2010/04/29/anal...

Thanks for reply.

I've got the windbg tool and then how should i use it to trace the problem.

I read the article above but still dont know how to !chkimg, for i dont have a dump file.

Bernard · ‎12-01-2014

@YuGang

Please download following tool for creating user mode dump file : http://www.microsoft.com/en-us/download/details.aspx?id=4060

Proceed further as it was explained in this article http://community.websense.com/blogs/securitylabs/archive/2010/04/29/analyzing-malwares-using-microsoft-tools.aspx

If you want you can send me dump files and I will run !chkimg command.

YuGang_T_ · ‎12-01-2014

iliyapolak wrote:

@YuGang

Please download following tool for creating user mode dump file : http://www.microsoft.com/en-us/download/details.aspx?id=4060

Proceed further as it was explained in this article http://community.websense.com/blogs/securitylabs/archive/2010/04/29/anal...

If you want you can send me dump files and I will run !chkimg command.

Windbg can not show the command window any more on my pc.

I upload 2 dump files, will u please !chkimg them. Thanks.

Bernard · ‎12-02-2014

@YuGang

Tomorrow I will check those files.

YuGang_T_ · ‎12-02-2014

Thank you

Bernard · ‎12-03-2014

You are welcome.

Bernard · ‎12-06-2014

@YuGang

It seems that there is no installed any hooks or inline trampoline jumps.

YuGang_T_ · ‎12-07-2014

iliyapolak wrote:

@YuGang

It seems that there is no installed any hooks or inline trampoline jumps.

Thanks.

Seems my windows system need to be reinstalled.

Bernard · ‎12-07-2014

@YuGang

Probably it can be the best solution in your case. I will run !chkimg on my other laptop in order to verify the results.

Profile Failed