#1
|
|||
|
|||
What is everyone using for Ring 0 these days?
There are lots of lovely (x64/IDA/Olly) Ring 3 debuggers around at the moment but a bit of a dearth of Ring 0 as far as I can make out.
Syser seems dead, SoftIce is but a fond and distant memory. I'm kind of looking at attaching IDA with GDB to a VM but have a few snags trying to do that at the moment (not sure why - going to play some more over the Easter break) but thought I would ask here. So ... What is the community using for Ring 0/Kernel debugging at the moment? Many thanks in advance and happy Easter break to all. -=bb=- |
#2
|
|||
|
|||
windbg, it's the best for windows ring0 debugging (although it's very slow).
|
The Following User Says Thank You to mr.exodia For This Useful Post: | ||
-=bb=- (04-02-2015) |
#3
|
|||
|
|||
Hey mr.exodia!
Thank you for your reply - I assume you mean using Windbg in a dual machine environment rather than on a single machine? IIRC you can't use Windbg on a standalone machine for Ring 0 - though I am very happy to be corrected. EDIT : To be clear I'm on a Windows 8 64bit system. Following instructions from here (hxxps://msdn.microsoft.com/en-us/library/windows/hardware/ff553382(v=vs.85).aspx) leads me to an error stating that local kernel debugging is not supported by WOW64. Though the restrictions placed on commands you can and cannot run local debugging under Windbg (assuming I could get it to work) would render it basically useless IMHO -=bb=- Last edited by -=bb=-; 04-02-2015 at 19:16. Reason: Added more information |
#5
|
|||
|
|||
Thank you Syoma - I'll look into that over the break!
|
Thread Tools | |
Display Modes | |
|
|