#1
|
|||
|
|||
How to debug kernel Drivers??
hello,
I just want to debug a driver with softice, I've never done it before, anyone can told me if I can do it without having source, I know that softice can do it if you've got them, but dunno how to do it without.... anyone knows if it's possible to hide sice of compuware driverstudio 3.1 ( on FTP) icedump I found don't work for version 4.3.1 Thanks a lot,long life to exetools loman! |
#2
|
|||
|
|||
Hi,
When you have the driver loaded you can put in Softice: "driver drivername", then you will see the Dispatch routines addresses for that driver. Just set up a BPX in the routines addresses that you are interested to trace. Regards. |
#3
|
|||
|
|||
thanks, when I'll be at home, I'll try!
|
#4
|
|||
|
|||
Hi,
It would also be very useful to have the symbols set up for the driver...it will give you a lot of help..as well as the whole OS symbols, since the driver is likely to call other functions in the kernel. Best regards, Alex Ionescu http://www.relsoft.net |
#5
|
|||
|
|||
Best way!
Best way to debug kernel drivers, install target OS on VMWare,
install there debugger target components. And Debug it from host OS. I don't try WinDbg, but Driver Studio works fine. |
#6
|
|||
|
|||
I've never made softice work fine with vmware, but windbg was ok.
What should I attend to when I use softice under vmware? Last edited by fantast_xue; 06-13-2004 at 10:51. |
#7
|
||||
|
||||
Don't forget IDA + I2S(IDA2Softice) plug-in if you have no source for your target!
__________________
AKA Solomon/blowfish. |
#8
|
|||
|
|||
can you please tell me where to find IDA2Softice??
thanks loman |
#9
|
||||
|
||||
why not google it?
__________________
AKA Solomon/blowfish. |
#10
|
|||
|
|||
Searching? Nah. That's way too hard. Especially is one has to go all the way to the main page of Aaron's Home Page. It IS a TOOL site after all.
Regards,
__________________
JMI |
#11
|
|||
|
|||
I googled it ,
hxxp://www.google.com/search?sourceid=navclient&hl=it&ie=UTF-8&oe=UTF-8&q=IDA2Softice or hxxp://www.google.com/search?q=i2s+ida&hl=it&ie=UTF-8 but I wasn't able to find it, sorry |
#12
|
||||
|
||||
I2S is written by mostek.
hxxp://mostek.subcultural.com/
__________________
AKA Solomon/blowfish. |
#13
|
|||
|
|||
loman:
Did you, by any chance READ my post????????? Aaron has a TOOL SITE associated with this Forum. Its at: http://www.exetools.com (Well duh!) On the Home Page is a link to: "updated disassembler: IDA to SoftIce converter/loader v0.02i - added plugIn for IDA 4.19" which is linked to "http://mostek.subcultural.com/" where you will find the v0.03 of the software. Regards,
__________________
JMI |
#14
|
|||
|
|||
To Set the Record Straight:
loman PM'ed me to point out he had not understood my original post because of problems with English. I will say here what I said to him in my reply. I am also sorry that I did not recognize that English was the problem and recognize now that my earlier post was not that clear for a non-English speaking person. Reversing is difficult enough when done in one's own language and it is much much harder when trying to learn it in someother language. I have great respect for those who try that difficult task and admiration for those who succeed. My apologies to loman for misunderstanding the problem. Regards,
__________________
JMI |
#15
|
|||
|
|||
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
DriverBuddy:IDA plugin to assist with reverse engineering Windows kernel drivers | sh3dow | Source Code | 0 | 11-24-2016 02:49 |
IDA remote debug Linux Kernel | Sergey Nameless | General Discussion | 3 | 04-03-2012 04:12 |
Debug drivers -OllyDBG?SoftICE? | winndy | General Discussion | 6 | 12-15-2005 22:09 |