|
|
|
|
#1
03-09-2005, 19:50
|
|||
|
|||
|
if you are ruuning XP, latest windbg allows local kernel debugging.
Select Local tab in Kernel Debugging Dialog. Hope it helps Visu 
|
|
#2
03-09-2005, 20:30
|
|||
|
|||
|
well it is still stactic all you can do with local kernel debugging is watch
read and write to user and kernel memory that is all no dynamic commands like t,p,g , no break points bp etc are avl in xp too  that means it is of practically not much usefull well if that is what you would like to then livekd does that for you in w2k too and even older versions of windbg is sufficient 
|
|
#3
03-09-2005, 21:18
|
|||
|
|||
|
Thats right. However, I am just wondering, why livekd can offer debugging with one PC and Microsoft can't. Since livekd internally uses Microsoft kd or windbg, I am sure there has to be some (hidden??) interface for live debugging or probing. Anyone knows how livekd works?
Visu
|
|
#4
03-09-2005, 22:34
|
|||
|
|||
|
read some microsoft.public.kernel or microsoft.public.windbg
livekd instalss a driver and fools the os to think it as a crashdump file and fakes some context structures and redirects the ioctl to read the kernel memory and the ms guys picked it upon that idea and implemented it in xp as Local Kernel Debugging so it is a reversers contribution in some twisted context but in xp they dont fake context structures and such because they had the complete source code for thier os as well as russinovichs app
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Find method to Decompile .NET Core Single File | kiemdev05 | General Discussion | 5 | 07-11-2024 20:41 |
| Run Ring0 code in Vista 64bits | elephant | General Discussion | 0 | 10-02-2007 08:03 |
Hybrid Mode
