OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: May 11, 2007 10:59 CDT by iyegypt .

debugview by sysinternals don't work and no capturing actions , any body knows why ?

anonymouse		May 11, 2007 11:08.14 CDT
dont know why but ive seen it happening randomly (mostly the driver resource embedded inside it doesnt get registered with createservice kind of problems) you can try debugmon from osronline.com it seemd to perform well the few times i had need for viewing debug prints

iyegypt		May 12, 2007 09:54.05 CDT
thanx i tried debugmon but in vain , it is obvious that i have a windows problem or some things in registery must be edited any suggestions plz tell

Sirmabus		May 30, 2007 10:45.09 CDT
It's a great tool, but it does have a few other problems. If the RE world had a "Medal of Honor", IMHO Mark Russinovich should receive it :-) #1 It can be flooded pretty easy; Then it crashes. IMHO perhaps if Mark added some sort of ring buffer, and, or, did something to reduce the overhead updating it's window. Like separate scheduled update thread(s), etc. #2 There are inherent problems (unrelated to DBGVIEW et al) with "OutputDebugString()" to begin with. For one thing, it works using an exception hanndler (exception code 0x40010006) which can cause havoc in your own exception handler if you havn't compensated for it. I've seen (in particular with low level hooks) where OutputDebugString() alone will cause a crash. #3 Also a pain, lot of lazy/clumsy programmers (curse you!) where they see their driver/application is the center of the universe and decide to leave OutputDebugString() outputs in release builds requiring you to mess with DBGVIEW to filter the crap. Maybe the ultimate solution is to forgo using OutputDebugString() all together and use some other type of global IPC system like a simple one way named pipe. It could work from both kernel and user lands, and one could do all sorts of things like multiple channels, colors/codes, etc. Put a client component in a .lib, and, or, .DLL and just include it with your projects. Probably something like this already exists. I'll make one my self one day if I can get past not wanting to make the fancy UI for it. Anyone have a nice Sysinternals'ish UI framework they want to share?

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit