Press "Enter" to skip to content

Posts published in “Kernel Mode”

How to get every detail about SSDT , GDT , IDT in a blink of an eye

Sina Karvandi 0

  In a few days ago I was looking for something to show me the SSDT and GDT (Which is really important in malware analyzing because most of rootkits are interested in hooking and changing this stuffs.) • SSDT (System Service Descriptor Table) • GDT (Global Descriptor Table) • IDT (Interrupt Descriptor Table) They’re really important table in OSes for example SSDT is something like IAT (Import Address Table) in user-mode applications which holds pointer to exported functions of all…

Kernel Mode Debugging by Windbg

Sina Karvandi 2

Hey there, Today I’m gonna show you how to make a kernel mode debugging using VMWare and Windbg and Windows. So why should you do this ?! It’s clear , everything such as Kernel Mode Driver Debugging , searching for zero days and understanding windows mechanism. There are other types of kernel debugging as described in Windows Internals by Mark Russinovich that I describe in future posts. So let’s start. First you need a Windbg and as I’m working in a…