Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-09-2005, 17:23
pfzhao
 
Posts: n/a
How can I modify windbg is using ring0 on single pc?

I unkonw used windbg's ring0 mode on single pc and is not used VM's Pipe ,I was seeking a patch or more way modfiy the windbg to run ring0,but I can't find,please post your suggesting !
if you have russ's patch for windbg please tell me !
Reply With Quote
  #2  
Old 03-09-2005, 19:19
JuneMouse
 
Posts: n/a
welcome to the club of single pc windbagging
as far as i know i havent been yet able to achieve it
russ patch ??
you mean the utility by mark russinovich ???

if yes then it is called livekd and it is available for download for free
from thier site sysinternals.com

but even with livekd you can only find static structures of kernel in a single machine you cannot trace through kernel live
but it sure is a nice application and if you happen to have the book
windows internals something by solomon and russinovich then you can
actually find some good kernel info by using livekd
because it also fetches the symbols from microsoft symbol server for almost all the system drivers too

hope this is what you are looking for
Reply With Quote
  #3  
Old 03-09-2005, 19:50
visu
 
Posts: n/a
if you are ruuning XP, latest windbg allows local kernel debugging.

Select Local tab in Kernel Debugging Dialog.

Hope it helps

Visu
Reply With Quote
  #4  
Old 03-09-2005, 20:30
JuneMouse
 
Posts: n/a
well it is still stactic all you can do with local kernel debugging is watch
read and write to user and kernel memory that is all
no dynamic commands like t,p,g , no break points bp etc are avl
in xp too that means it is of practically not much usefull

well if that is what you would like to then livekd does that for you in w2k too
and even older versions of windbg is sufficient
Reply With Quote
  #5  
Old 03-09-2005, 21:18
visu
 
Posts: n/a
Thats right. However, I am just wondering, why livekd can offer debugging with one PC and Microsoft can't. Since livekd internally uses Microsoft kd or windbg, I am sure there has to be some (hidden??) interface for live debugging or probing. Anyone knows how livekd works?

Visu
Reply With Quote
  #6  
Old 03-09-2005, 22:34
JuneMouse
 
Posts: n/a
read some microsoft.public.kernel or microsoft.public.windbg

livekd instalss a driver and fools the os to think it as a crashdump file
and fakes some context structures and redirects the ioctl to read the kernel memory

and the ms guys picked it upon that idea and implemented it in xp
as Local Kernel Debugging so it is a reversers contribution in some twisted
context

but in xp they dont fake context structures and such because they had the complete source code for thier os as well as russinovichs app
Reply With Quote
  #7  
Old 03-09-2005, 23:20
pll823
 
Posts: n/a
LiveKd
------
LiveKd allows you to run the Kd and Windbg Microsoft kernel debuggers, which are part of the Debugging Tools for Windows package, locally on a live system. While the latest versions of Windbg and Kd have a similar capability on Windows XP and Server 2003, LiveKd works on NT 4 through Server 2003 and enables more functionality, such as viewing thread stacks with the !thread command, than debugger's own live kernel debugging facility.

Download:http://www.wasm.ru/baixado.php?mode=tool&id=115
Reply With Quote
  #8  
Old 03-10-2005, 11:07
pfzhao
 
Posts: n/a
thanks All of


Debug is important in our way ,but mast have a super tools,like soft-ice ,trw,ollydbg,kd,windbg and more plugin's addin those. sure.
Reply With Quote
  #9  
Old 03-10-2005, 12:05
willii
 
Posts: n/a
In fact. livekd is not realtime kernel debugger. It just make memorydump many times and do on the memorydumps. WinDbg do so too.
It is only softice which can do kernel debugger on one machine.

WinDbg and livekd is a ring3 application. You can never expert it can do ring0 debug on one machine. Because if ring0 paused, no ring3 application can running unless you are in VM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Run Ring0 code in Vista 64bits elephant General Discussion 0 10-02-2007 08:03


All times are GMT +8. The time now is 23:28.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )