News:

Masm32 SDK description, downloads and other helpful links
Message to All Guests
NB: Posting URL's See here: Posted URL Change

Main Menu

Ring 0 debugger

Started by Magnum, January 16, 2013, 09:07:36 AM

Previous topic - Next topic

Magnum

I have been trying to learn how to use Windbg.

I have found it able to open more programs with fewer "imperial entanglements" than the Ring 3 ones like Ollydbg.

There aren't that many plugins for it.

I have been posted to some other groups, but have not found out how to get Windbg to use a local store of the symbol files.

It works fine using the online stores.



Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

it may only work with certain versions of LINK
some of the other guys can give you more details as to which versions

sinsi

Easiest way is to set an environment variable, this will store them locally (downloads it once).
For your program symbols, use the /debug switch with link to make the pdb.

_NT_SYMBOL_PATH=srv*c:\asm\symbols*http://msdl.microsoft.com/download/symbols
🍺🍺🍺

Magnum

Sinsi,

When "Reloading current modules" is showing, is there a way to see how it's doing ?


Andy

P.S. Anyone tried IceSword ?

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

sinsi

I think it's something to do with "noisy mode". Try entering these commands:
!sym noisy
.reload
🍺🍺🍺