|
I'm guessing you're using Windows 10? Where the Windows PE Image Loader uses the thread pool to parallel load images.
You can disable parallel loading in the registry and retry for fun (not profit):
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FILENAME.exe]
"MaxLoaderThreads"=dword:00000001
Note that you have to replace the 'FILENAME.exe' key with whatever is the file name of the target.
You could also set the value in the targets PEB (untested):
PEB.ProcessParameters.LoaderThreads = 1
|