WINDBG question

[ricnar456]

I start using windbg with vmware for cracking in kernel and user,and i think is a clean usage, but i have a question, if anyone use this method, how can be emulated the BPM comand of ollydbg, a breakpoint in a big range of memory.

I read all the help and i found windbg only has Hardware bpx and this have a range of 4 bytes maximum, but how is possible emulate the BPM command of ollydbg, for put a breakpoint in a big range of memory, changing the memory permission, there are a extension for this? Is possible?

Thanks

Ricardo Nrvaja

[Jon]

Well the way Ollydbg implmented Ranged breakpoints is simply actually tracing all the instructions one by one and check for your condition (this is why its so slow) i guess the only way you can implement it in kernel is like SoftICE for 9x worked which is hooking the Paging mechanisim of Windows and paging out the region you want ... well you get the point it's not that simple but yet not too complicated requires some driver coding .

-- Jon.

[OHPen]

Yes i agree with jon. Such functionality is not included in WinDbg. But as he said if you are up with driver development or writing your own debugger extension which is btw not that difficult.
I can give you the advise to read in the www.sysinternals.com forum to get more information about the topic. www.codeguru.com/forum is also a good place to ask such things.

good luck ric

regards

PAPiLLiON aka OHPen aka PiTcH_SiLoW

[ricnar456]

oh, i think when post, the posibility of a more easy solution, and a frequent user of windbg has solved yet.

The other option trace with condition is not added, i think windbg need one or two crackers in the programmer team, hehe.

thanks for the response

Ricardo