Use IDA in kernel mode ??

hello
how i can use ida on kernel mode?

[mm10121991]

I remember with windbg debug and config it to kernel mode but i forgot how to do that exactly

[Git]

IDA won't do kernel debugging, although Bochs that comes with it may (I don't know). Best is probably windbg. Make sure you keep a map/pdb of your driver and have a read here :
http://msdn.microsoft.com/en-us/library/windows/hardware/ff553382%28v=vs.85%29.aspx

Git

[Syoma]

afaik, ida can debug kernel mode. Check the hexrays blog, seems I saw article about kernel debugging there.

[Git]

You're right, it's an IDA plugin to link IDA with Windbg. Nice one.

http://www.hexblog.com/?p=92

Git

[mcp]

The best solution is probably virtualkd + VMWare + IDA WinDBG as shown here. VirtualKD provides a faster communication channel for the WinDBG backend, so you are not limited to the speed of the serial COM port emulation.

[virus]

VirtualKD works nice. Is there a similar solution for VirtualBox?

[Syoma]

VKD works in VBox as well.

I would personally listen to the other guys and use Windbg with VKD or without (depending on your configuration), however, in case you choose to pursue this you can find a tutorial here: http://www.hexblog.com/?p=123

[stantheguy]

Hi guys,

Sorry if I'm a little bit off the topic but can anyone help me out with a copy of IDA. I've searched the forum but each time, I reach a dead-end as far as the search is concerned.

cheers

[Syoma]

You can find it on the official web-site or in Google.

[stantheguy]

Quote:

Originally Posted by Syoma

You can find it on the official web-site or in Google.

Can you please provide me the link?

[Git]

www.google.com

[Syoma]

http://google.com/search?q=IDA+Pro+6.1+download

with VMware , and start remote.exe.