Author Topic: Ring 0 debugger  (Read 3940 times)

Magnum

  • Member
  • *****
  • Posts: 2367
Ring 0 debugger
« on: January 16, 2013, 09:07:36 AM »
I have been trying to learn how to use Windbg.

I have found it able to open more programs with fewer "imperial entanglements" than the Ring 3 ones like Ollydbg.

There aren't that many plugins for it.

I have been posted to some other groups, but have not found out how to get Windbg to use a local store of the symbol files.

It works fine using the online stores.



Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: Ring 0 debugger
« Reply #1 on: January 16, 2013, 09:12:23 AM »
it may only work with certain versions of LINK
some of the other guys can give you more details as to which versions

sinsi

  • Guest
Re: Ring 0 debugger
« Reply #2 on: January 16, 2013, 12:27:44 PM »
Easiest way is to set an environment variable, this will store them locally (downloads it once).
For your program symbols, use the /debug switch with link to make the pdb.

_NT_SYMBOL_PATH=srv*c:\asm\symbols*http://msdl.microsoft.com/download/symbols

Magnum

  • Member
  • *****
  • Posts: 2367
Re: Ring 0 debugger
« Reply #3 on: January 16, 2013, 01:14:22 PM »
Sinsi,

When "Reloading current modules" is showing, is there a way to see how it's doing ?


Andy

P.S. Anyone tried IceSword ?

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

sinsi

  • Guest
Re: Ring 0 debugger
« Reply #4 on: January 16, 2013, 01:37:34 PM »
I think it's something to do with "noisy mode". Try entering these commands:
!sym noisy
.reload