Quote:
|
Satyric0n I have just tried what hobgoblin and Lunar_Dust suggested, using Symbol Retriever to get the ntoskrnl.exe symbols and loading them upon boot. I see no difference whatsoever to the way things worked previously for me; you still have to set the appropriate address context before setting a breakpoint, either using ADDR or ATTACH (preferred, and very easy for all you naysayers, since you only have to do this once per process name).
|
I've tried retriever on DS30Beta2 & Windows Server 2003 VLK En.
No difference found.
I think , this is
NOT A BUG of SI.
Maybe, it's because some reason of ths
OS & LDT & GDT etc.
Maybe, using SI on Windows NT/2K/XP/2003, we must use ADDR/ATTACH cmd.
Maybe, on Windows NT/2K/XP/2003, we can not set a bpx, break any process who hit it.
I'll study the manual of DS and something related.