How to debug kernel Drivers??

hello,
I just want to debug a driver with softice, I've never done it before, anyone can told me if I can do it without having source, I know that softice can do it if you've got them, but dunno how to do it without.... anyone knows if it's possible to hide sice of compuware driverstudio 3.1 ( on FTP) icedump I found don't work for version 4.3.1
Thanks a lot,long life to exetools
loman!

[peleon]

Hi,

When you have the driver loaded you can put in Softice: "driver drivername", then you will see the Dispatch routines addresses for that driver. Just set up a BPX in the routines addresses that you are interested to trace.

Regards.

thanks, when I'll be at home, I'll try!

Hi,

It would also be very useful to have the symbols set up for the driver...it will give you a lot of help..as well as the whole OS symbols, since the driver is likely to call other functions in the kernel.

Best regards,
Alex Ionescu
http://www.relsoft.net

Best way to debug kernel drivers, install target OS on VMWare,
install there debugger target components.

And Debug it from host OS.

I don't try WinDbg, but Driver Studio works fine.

I've never made softice work fine with vmware, but windbg was ok.

What should I attend to when I use softice under vmware?

[WhoCares]

Don't forget IDA + I2S(IDA2Softice) plug-in if you have no source for your target!

can you please tell me where to find IDA2Softice??
thanks
loman

[WhoCares]

why not google it?

[JMI]

Searching? Nah. That's way too hard. Especially is one has to go all the way to the main page of Aaron's Home Page. It IS a TOOL site after all.

Regards,

I googled it ,
hxxp://www.google.com/search?sourceid=navclient&hl=it&ie=UTF-8&oe=UTF-8&q=IDA2Softice

or

hxxp://www.google.com/search?q=i2s+ida&hl=it&ie=UTF-8

but I wasn't able to find it, sorry

[WhoCares]

I2S is written by mostek.

hxxp://mostek.subcultural.com/

[JMI]

loman:

Did you, by any chance READ my post?????????

Aaron has a TOOL SITE associated with this Forum. Its at:

http://www.exetools.com (Well duh!)

On the Home Page is a link to:

"updated disassembler: IDA to SoftIce converter/loader v0.02i - added plugIn for IDA 4.19"

which is linked to "http://mostek.subcultural.com/" where you will find the v0.03 of the software.


Regards,

[JMI]

To Set the Record Straight:

loman PM'ed me to point out he had not understood my original post because of problems with English. I will say here what I said to him in my reply.

I am also sorry that I did not recognize that English was the problem and recognize now that my earlier post was not that clear for a non-English speaking person.

Reversing is difficult enough when done in one's own language and it is much much harder when trying to learn it in someother language. I have great respect for those who try that difficult task and admiration for those who succeed. My apologies to loman for misunderstanding the problem.

Regards,

Quote:

Originally Posted by loman

hello,
I just want to debug a driver with softice, I've never done it before, anyone can told me if I can do it without having source, I know that softice can do it if you've got them, but dunno how to do it without.... anyone knows if it's possible to hide sice of compuware driverstudio 3.1 ( on FTP) icedump I found don't work for version 4.3.1
Thanks a lot,long life to exetools
loman!

Also, try to get Windows Checked/Debug Build, it wil be very helpfull IMHO. Microsoft provides the Debug version to MSDN subscribers. I am sure someone on this forum might be having it.