windbg
-
Windbg Commands / TipsTools/Windows 2024. 4. 25. 19:13
Useful Windbg CommandCheck InstructionuMemory Viewdqdddb? poi rcx+420hdq poi rcx+420hdq poi(poi(rcx+420h))Break PointConditional Break Pointba w1 addressba w2 addressba r1 addressba r2 addressbu General Break Pointbp [address | symbol]bd [num]bc [num]be [num]bc *bd *Exceptions sx sxe 0xC0000420sxe 0xc0000002sd *sxe ld test.dllExecutiong / p / t / upc / pt / tt / tag- / g-u / g-p / guF11, F10, Sh..
-
Windbg: Windows Kernel DebuggingTools/Windows 2024. 3. 16. 00:34
Commands1. Find out target binary EPROCESS address!process 0 0 calc.exe 2. Context Swiching.process /i EPROCESS_ADDRESSg 3. Load symbols.sympath!sym noisy.reload /f /userlm 4. Set break pointsxe ld test.sysbm calc!*ba w8 ADDRESSbp /p @$proc calc!blabla~[bp/bm/bc/bd/be] 5. Unload symbolbc *.reload /u /user.process /r /p ETC- Commentbp TEST!execute; $$ before executingAnother way1. Target PCwindbg..