Flag: Tornado! Hurricane!


Article Abstract In part three of this three part article series, the kernel-mode interface to Windows debugging is dissected in detail. The reader is expected to have some basic knowledge of C and general NT Kernel architecture and semantics. Also, this is not an introduction on what debugging is or how to write a debugger. It is meant as a reference for experienced debugger writers, or curious security experts. The reader is expected to have some basic knowledge of C and general NT Kernel architecture and semantics. Also, this is not an introduction on what debugging is or how to write a debugger. It is meant as a reference for experienced debugger writers, or curious security experts.

Full Article ...    Printer Friendly ...

Article Comments
JasonGeffner Posted: Thursday, February 1 2007 13:56.34 CST
Awesome job! I want a "part four"! :)

MohammadHosein Posted: Thursday, February 1 2007 15:29.03 CST
thank you for these excellent series of articles

anonymouse Posted: Thursday, February 1 2007 23:35.29 CST
so this is how some of the functions in syser operates getting one access to r0 as well as r3 mode in a single debugger

thanks a lot its as usual highly informative

:thumbsup: :yay

flyingkisser Posted: Tuesday, January 15 2008 20:17.43 CST
very good,very powerful!So,where is part I and part II?

praveendarshanam Posted: Friday, September 18 2009 15:18.19 CDT
good articles!! all partz r amazing!!!


Add New Comment
Comment:










There are 30,978 total registered users.


Recently Created Topics
let 'IDAPython' impo...
Sep/24
set 'IDAPython' as t...
Sep/24
GuessType return une...
Sep/20
About retrieving the...
Sep/07
How to find specific...
Aug/15
How to get data depe...
Jul/07
Identify RVA data in...
May/06
Immunity Debugger Re...
Aug/03
Question about memor...
Dec/12
How can i find conne...
Nov/27


Recent Forum Posts
How to find specific...
hackgreti
Problem with ollydbg
sh3dow
How can I write olly...
sh3dow
New LoadMAP plugin v...
mefisto...
Intel pin in loaded ...
djnemo
OOP_RE tool available?
Bl4ckm4n
OOP_RE tool available?
van7hu
Should binaries be n...
Kolisar
Problem with ollydbg
nullx42
!findtrampoline Immu...
skycrack


Recent Blog Entries
nieo
Mar/22
Android Application Reversing

halsten
Mar/14
Breaking IonCUBE VM

oleavr
Oct/24
Anatomy of a code tracer

hasherezade
Sep/24
IAT Patcher - new tool for ...

oleavr
Aug/27
CryptoShark: code tracer ba...

More ...


Recent Blog Comments
nieo on:
Mar/22
IAT Patcher - new tool for ...

djnemo on:
Nov/17
Kernel debugger vs user mod...

acel on:
Nov/14
Kernel debugger vs user mod...

pedram on:
Dec/21
frida.github.io: scriptable...

capadleman on:
Jun/19
Using NtCreateThreadEx for ...

More ...


Imagery
SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit