Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page How can I modify windbg is using ring0 on single pc?
Register Forum Rules FAQ Calendar Mark Forums Read

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 03-09-2005, 21:18
visu
 
Posts: n/a
Thats right. However, I am just wondering, why livekd can offer debugging with one PC and Microsoft can't. Since livekd internally uses Microsoft kd or windbg, I am sure there has to be some (hidden??) interface for live debugging or probing. Anyone knows how livekd works?

Visu
Reply With Quote
  #2  
Old 03-09-2005, 22:34
JuneMouse
 
Posts: n/a
read some microsoft.public.kernel or microsoft.public.windbg

livekd instalss a driver and fools the os to think it as a crashdump file
and fakes some context structures and redirects the ioctl to read the kernel memory

and the ms guys picked it upon that idea and implemented it in xp
as Local Kernel Debugging so it is a reversers contribution in some twisted
context

but in xp they dont fake context structures and such because they had the complete source code for thier os as well as russinovichs app
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Hybrid Mode Hybrid Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Find method to Decompile .NET Core Single File kiemdev05 General Discussion 5 07-11-2024 20:41
Run Ring0 code in Vista 64bits elephant General Discussion 0 10-02-2007 08:03


All times are GMT +8. The time now is 12:04.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )