windows kernel analysis
-
Windbg: Windows Kernel DebuggingTools/Windows 2024. 3. 16. 00:34
Commands1. Find out target binary EPROCESS address!process 0 0 calc.exe 2. Context Swiching.process /i EPROCESS_ADDRESSg 3. Load symbols.sympath!sym noisy.reload /f /userlm 4. Set break pointsxe ld test.sysbm calc!*ba w8 ADDRESSbp /p @$proc calc!blabla~[bp/bm/bc/bd/be] 5. Unload symbolbc *.reload /u /user.process /r /p ETC- Commentbp TEST!execute; $$ before executingAnother way1. Target PCwindbg..