Windbg: Windows Kernel Debugging

Tools/Windows 2024. 3. 16. 00:34

Commands

1. Find out target binary EPROCESS address

!process 0 0 calc.exe

2. Context Swiching

.process /i EPROCESS_ADDRESS

3. Load symbols

.sympath

!sym noisy

.reload /f /user

4. Set break point

sxe ld test.sys

bm calc!*

ba w8 ADDRESS

bp /p @$proc calc!blabla~

[bp/bm/bc/bd/be]

5. Unload symbol

bc *

.reload /u /user

.process /r /p

ETC

- Comment

bp TEST!execute; $$ before executing

Another way

1. Target PC

windbgx -server tcp:port=41414

And then open or attach to the target process.

2. Host PC

windbgx -remote tcp:server=192.168.0.41,port=41414

sxe -c "gn" 0xC0000420

sxe -c "gn" 0xC0000095

저작자표시 비영리 변경금지

'Tools > Windows' 카테고리의 다른 글

Windbg Commands / Tips (0)	2024.04.25
Visual Studio Tips (0)	2024.03.13
Instrumentation for Windows (0)	2024.03.04
Windows Application Fuzzing 기본 세팅 (0)	2023.04.07
kdnet: Windows 10 Kernel Network Debugging Setting (0)	2022.12.02

ABOUT ME

fuzz fuzz

Commands

1. Find out target binary EPROCESS address

2. Context Swiching

3. Load symbols

4. Set break point

5. Unload symbol

ETC

Another way

1. Target PC

2. Host PC

'Tools > Windows' 카테고리의 다른 글

티스토리툴바

ABOUT ME

Commands

1. Find out target binary EPROCESS address

2. Context Swiching

3. Load symbols

4. Set break point

5. Unload symbol

ETC

Another way

1. Target PC

2. Host PC

'Tools > Windows' 카테고리의 다른 글

관련글 관련글 더보기

티스토리툴바