Hex-Rays (hexrays) <infohex-rayscom>

Thursday, February 19 2009 13:21.04 CST

We have already published short tutorial on Windows kernel debugging
with IDA and VMWare on our site, but the debugging experience can
still be improved.

VMWares GDB stub is very basic, it doesnt know anything about processes or
threads (for Windows guests), so for anything high-level well need
to do some extra work. We will show how to get the loaded module list
and load symbols for all them using IDAPython.