|
how to make debug tools like Windbg or Sice?
1 Attachment(s)
here ,with win2k leak code,we can make more powerful debug tool with
easy way.. hm,,,even more power than olly and sice.. let's to the point.. first, u must have ddk and win2k leak code here, win2k leak code is placed in f:\win2k so,setenv after enter ddk setenv command: set BASEDIR=F:\win2k set MFC_LIBDIR=D:\NTDDK\lib\mfc set SDK_LIB_PATH=D:\NTDDK\lib set CRT_INC_PATH= set VCTOOLS=F:\win2k\private\windbg64 1.link base lib enter f:\win2k\win2k\private\windbg64\debugger\memlist build enter F:\win2k\win2k\private\windbg64\debugger\od build all above is basic abstract debug api 2.build main app enter F:\win2k\win2k\private\windbg64\debugger\tl\remote\gambit\shell build notes that tlloc.dll ,em.dll are copied into these dirtory. becauze lacked some headers, these .dll cannot be compiled ps:em.dll and dm.dll are api that's abstact funcs call such as unassemble,break point....u can look insight via code anyway,the follow is how to use these API: OSDInit(&Dbf); HModTL = LoadLibrary("tlloc.dll"); GetProcAddress(HModTL, "TLFunc"); HModEM = LoadLibrary("em.dll"); GetProcAddress(HModEM, "EMFunc"); OSDCreateHpid(OSDCallbackFunc, Hem, Htl, &HpidBase); OSDProgramLoad(HpidBase,"test.exe",NULL,NULL,"DBG:",ulfMultiProcess); .... OSDGo(HpidBase, HtidBase, &exop); OSDSingleStep(HpidBase, HtidBase, &exop); OSDUnassemble(HpidBase,HtidBase,&sdi); ... yep,any debug api is enveloped in ODNT.LIB and u can easy use these OSDXXX api to debug u code to do more sophicated thing, such as output call-times, "mov" times,jmp times...... so,next time... i will expand u how to uncompile file,not unassemble. attached is easy frame,u can change it to more complex style... |
| All times are GMT +8. The time now is 19:38. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX