OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Topic created on: February 15, 2011 10:18 CST by mehdinaghous .

WHICH KERNAL DEBUGGER IS BEST
FOR DEVICE DRIVER AND PORT
THANKS

djnemo		February 16, 2011 10:36.00 CST
In Memory of SoftIce, there are many choice but i think WinDBG, there is also SysEnter but its not stable enough

GreenPiece		February 19, 2011 12:22.43 CST
Hello! SoftIce doesn't support anything later WinXP so I don't think it should be used now. Syser is not stable enough though it's very perspective. So WinDbg is the most suitable choice.

RvaZero		February 20, 2011 19:06.25 CST
�f you want for development use a Virtual PC software(VMware, VirtualBox, etc) with Visual Studio + VirtualKD else use IDA with Bochs etc. check ilfak' s tutorials about driver debugging with IDA pro.

NeOXQuiCk		March 8, 2011 07:14.29 CST
i will give you straight answer.. the one you can use up to its potentional

corehook		March 8, 2011 21:32.13 CST
windbg,Syser

506398911qqcom		March 18, 2011 03:05.06 CDT
windbg i think

aking1012		March 21, 2011 03:41.48 CDT
I would be looking at windbg...there is an interesting project on codeplex wrapping dbghlp in python here: http://pykd.codeplex.com/. It's built for python 2.6. Requires boost as well. I am recompiling boost for 2.7 to try and get it working in my environment(the build process is a bit painful with VS Express). It is supposed to allow kernel debugging or loading as a module for windbg for program debugging, but I haven't played with it much yet.

detlef		March 23, 2011 02:20.59 CDT
I think its windbg. you can traverse all the structs with it. I've not investigated that much to try to do this with IDA Pro. It seemed to me that you have to define your own structs for the objects. Or does one of you guys have a better solution to this? is there on option to integrate windows kernel level objects into IDA PRO? symbol files do not solve that problem. header files could, but does it work?

slcoleman		March 23, 2011 11:05.04 CDT
> is there on option to integrate windows kernel level objects into IDA PRO? symbol files do not solve that problem. header files could, but does it work? IDA Pro can ingest header files for struct definition matching, but header files for the Windows kernel are pretty scarce these days (I used to have an NDA). You could cobble together your own header files just to define the structs that you know about, and then load them into IDA Pro for disassembly. I have not played with the debugger but it should work for that too.

aking1012		March 23, 2011 13:15.09 CDT
> detlef: I think its windbg. you can traverse all the structs with it. I\'ve not investigated that much to try to do this with IDA Pro. It seemed to me that you have to define your own structs for the objects. > > Or does one of you guys have a better solution to this? is there on option to integrate windows kernel level objects into IDA PRO? symbol files do not solve that problem. header files could, but does it work? I would look at the IDA windbg connector - sadly, I am using 4.9 free(poor student) and can't afford 5.4+ where that functionality is present. I do KNOW that you can connect to windbg from IDA. As to population of structs from there, it will require testing from someone with adequate resources.

detlef		March 29, 2011 10:46.16 CDT
@slcoleman: yeah, you'r right. I've not tried that yet. I have to try out the IDA windbg connector. never used it before. thx for the hints

softwolf1987		November 24, 2011 20:15.09 CST
I think the windbg is the best

ReverSin		November 28, 2011 08:24.54 CST
> GreenPiece: Hello! > SoftIce doesn\'t support anything later WinXP so I don\'t think it should be used now. > Syser is not stable enough though it\'s very perspective. > So WinDbg is the most suitable choice. My personal choice when starting into ring3 was OllyDbg and IDA Pro which I got more into IDA Pro. Before than it was SoftICE, but I managed to get SoftICE working fully compatible on NT 6+ (Vista and up, fam) with a few small quirks. I am currently trying Windbg because I saw it can remotely and locally debug kernel mode via W7&W8 but the fact it's by windows obviously shows me its going to limit some things. I tried virtualKD and I am just having a fucking problem with it, no matter what I can't connect to my virtualbox. Host W7 i7 6Gb RAM Guest Vista 2.5gbRAM Always get this "debugee can not connect." so I am fucking aggravated from it, maybe some pointers? I still don't think WinDbg is the best, but right now its the only one saying it can ring0 NT6+ but I know IDA can if I can just get it working. I can help you find 6.2 or 6.1 w/e version if you need, just get in contact with me.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Imagery

SoySauce Blueprint
Jun 6, 2008