Press "Enter" to skip to content

Posts published in “Debugging”

PyKD Tutorial – part 2

Sina Karvandi 0

The content of this post is the second part of PyKD Tutorials, so make sure to read this topic first, then continue reading this topic. Breakpoints Breakpoints are such useful things and can give you the power of analyzing programs in a better and easier way by using PyKD. In the API Reference they introduce setBp function in the following way : [crayon-5ed585ee3c711460004816/] As you can see, setBp can give a pointer as its first argument and a python function as the second…

PyKD Tutorial – part 1

Sina Karvandi 0

Using windbg script syntax is such annoying thing that almost all reverse engineers have problems dealing with it but automating debugging gives such a power that can’t be easily ignored. A good solution to solve this problem is using the power and simplicity of Python and Windbg together. If you aware, Windbg also supports c-like binaries as extensions so there is a praiseworthy tool called PyKD which does the hard thing and connects Python and Windbg together in a straight and usable…

Bochs Emulator – Debug & Instrument

Sina Karvandi 0

There is also another post about configuring and building Bochs on Windows & OS X if you have a problem compiling Bochs, take a look at here! In my opinion, Bochs is an amazing thing because it provides instrumentation in the lowest level of the Operating System. One of the advantages of the Boch is being able to instrument in kernel-mode, which is not available in other instrumenting tools like Intel’s pin tool. You can see how to interact with…

Fooling Windows about its internal CPU

Sina Karvandi 0

In this post, I’m gonna show you how you can fool windows about its internal structure and sometimes give it wrong information about its internal capabilities or internal information which can bring you a lot of fun. (At least for me !) But don’t do that it can hurt your system actually but this post is about how to change CPU Capacity measurement of Windows and see its result in user-mode programs. There is a good article here which gives you lots…

Exploring from User-Mode to Kernel-Mode

Sina Karvandi 0

There were times when I want to trace instructions from User Mode and continue tracing it into Kernel mode to reverse Windows’s internal implementation with my own supplied parameters from User Mode but there were a big problem and that was, How to access User Mode when you are in a Kernel Debugger or vice versa. Even if I knew about changing debugger context to specific process but there were other problems which cause reversing kernel in this case, impossible.…