here ,with win2k leak code,we can make more powerful debug tool with
easy way..
hm,,,even more power than olly and sice..
let's to the point..
first, u must have ddk and win2k leak code

here, win2k leak code is placed in f:\win2k
so,setenv after enter ddk setenv command:
set BASEDIR=F:\win2k
set MFC_LIBDIR=D:\NTDDK\lib\mfc
set SDK_LIB_PATH=D:\NTDDK\lib
set CRT_INC_PATH=
set VCTOOLS=F:\win2k\private\windbg64
1.link base lib
enter f:\win2k\win2k\private\windbg64\debugger\memlist
build

enter
F:\win2k\win2k\private\windbg64\debugger\od
build
all above is basic abstract debug api

2.build main app
enter
F:\win2k\win2k\private\windbg64\debugger\tl\remote\gambit\shell
build
notes that tlloc.dll ,em.dll are copied into these dirtory.
becauze lacked some headers, these .dll cannot be compiled

ps:em.dll and dm.dll are api that's abstact funcs call such as
unassemble,break point....u can look insight via code

anyway,the follow is how to use these API:
OSDInit(&Dbf);
HModTL = LoadLibrary("tlloc.dll");
GetProcAddress(HModTL, "TLFunc");
HModEM = LoadLibrary("em.dll");
GetProcAddress(HModEM, "EMFunc");
OSDCreateHpid(OSDCallbackFunc, Hem, Htl, &HpidBase);
OSDProgramLoad(HpidBase,"test.exe",NULL,NULL,"DBG:",ulfMultiProcess);
....
OSDGo(HpidBase, HtidBase, &exop);
OSDSingleStep(HpidBase, HtidBase, &exop);
OSDUnassemble(HpidBase,HtidBase,&sdi);
...

yep,any debug api is enveloped in ODNT.LIB
and u can easy use these OSDXXX api to debug u code
to do more sophicated thing, such as output call-times,
"mov" times,jmp times......

so,next time...
i will expand u how to uncompile file,not unassemble.

attached is easy frame,u can change it to more complex style...

Attached Files

frame.rar (3.1 KB, 12 views)