Category: Debugging

Debugging

Connect two Windows virtual machines over a virtual serial port on a Linux host

Software Linux Debian 8.x Windows 8 64 bit (Debugger) Windows 10 64 bit (Debuggee) WinDbg (Windows SDK) Setting up the Debugger WinDbg installation https://developer.microsoft.com/en-us/windows/downloads/windows-10-sdk Symbols add an environment variable, _NT_SYMBOL_PATH, value, SRVC:\Symbolshttps://msdl.microsoft.com/download/symbols. Shutdown VM Edit virtual machine settings -> Add… -> Serial Port -> -> Use socket (/tmp/com1) -> From: Client -> To: A Virtual …

Debugging, Edb-debugger, Reversing

edb-debugger on Debian

Dependencies sudo apt-get install libqt5svg5-dev libgraphviz-dev pkg-config cmakesudo apt-get install libqt5svg5-dev libgraphviz-dev pkg-config cmake sudo apt-get install \ cmake \ build-essential \ libboost-dev \ libqt5xmlpatterns5-dev \ qtbase5-dev \ qt5-default \ libgraphviz-dev \ libqt5svg5-devsudo apt-get install \ cmake \ build-essential \ libboost-dev \ libqt5xmlpatterns5-dev \ qtbase5-dev \ qt5-default \ libgraphviz-dev \ libqt5svg5-dev Capstone git clone –depth=50 …

Debugging, Disassembler, Disassembling, Reverse Engineering

Radare – a portable reversing framework

Radare is a portable reversing framework that can… Disassemble (and assemble for) many different architectures Debug with local native and remote debuggers (gdb, rap, webui, r2pipe, winedbg, windbg) Run on Linux, *BSD, Windows, OSX, Android, iOS, Solaris and Haiku Perform forensics on filesystems and data carving Be scripted in Python, Javascript, Go and more Support …

Debugging, Forensics

Debug processes using ptrace and python

python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python. Features * High level Python object API : PtraceDebugger and PtraceProcess * Able to control multiple processes: catch fork events on Linux * Read/write bytes to arbitrary address: take care of memory alignment and split bytes to …

Antivirus, Debugging, Kernel

Debug user-mode processes using a kernel debugger

When a user-mode process deploys various userland anti-debugging tricks, you can use kernel debugging to attach to the process and debug it easier. > Create a Windows 8.1 Vmware machine. > Follow this guide to enable kernel debugging through pipes. > Run Windbg as administrator on your host machine. > Open File->Kernel Debug… (Ctrl+K) > …

Debugging, Kernel, Rootkits

Faster Windows Kernel debugging with Virtual Machines

VirtualKD is a tool that improves your kernel debugging performance with VMWare and VirtualBox. It seamlessly integrates with WinDbg and dramatically reduces debugging latency. Compatible with Windows 10 and VirtualBox 5.x. Features Significantly improves kernel debugging performance with VMWare and VirtualBox. Supports Windows XP to Windows 10, 32-bit and 64-bit. Fixes truncated Driver Verifier load …

Debugging, Programming

Basic debugging using CDB

Î’asic debugging using the Microsoft Console Debugger (CDB). You need WDK installed. Launch an application for debugging cdb.exe file.execdb.exe file.exe   Debugging a User-Mode Process Attaching to a Running Process cdb.exe -p process_idcdb.exe -p process_id cdb.exe -pn process_namecdb.exe -pn process_name Attaching to a Running Process Noninvasively Observe running process without affecting it cdb -pv -p …

Debugging, Disassembling, Reverse Engineering

Reversing with DumpBin

The Microsoft COFF Binary File Dumper (DUMPBIN) displays information about Common Object File Format (COFF) binary files. You can use DUMPBIN to examine COFF object files, standard libraries of COFF objects, executable files, and dynamic-link libraries (DLLs). For more… DumpBin syntax DUMPBIN [options] files…DUMPBIN [options] files… Display Section Headers dumpbin.exe /HEADERS x:\path\to\object\filedumpbin.exe /HEADERS x:\path\to\object\file Disassembling …