All Questions
5 questions
1
vote
1
answer
1k
views
How to disassemble an entire function in Windbg?
I am trying to disassemble the function ExAcquireFastMutex using WinDbg but it gives me only 8 rows:
3: kd> u nt!ExAcquireFastMutex
nt!ExAcquireFastMutex:
fffff805`456e3820 4053 push ...
- 583
1
vote
0
answers
378
views
Windbg memory access error when trying to edit a string value of a button
So i was trying to edit the string value of a button as a debugging practice using windbg. I'm still a complete novice in reverse engineering and debugging, when i try to edit the string value using ...
- 21
1
vote
1
answer
373
views
How to call WinApi from a breakpoint in IDA Pro?
When I'm stepping through a debuggee process with IDA+WinDbg (as a debugger), I need to track one parameter by executing the following API (from within the breakpoint):
//C++ code
SCROLLINFO s;
s....
- 1,770
3
votes
3
answers
2k
views
How to debug ServiceMain function of a service?
I have a malware which is checking for keyboard type and locale information.
After that, it creates a service with BinaryPathName as malware's exe address. After creating a service, malware starts it ...
- 131
5
votes
3
answers
616
views
Is there a tool to see kernel space mapping of a Windows exe?
In Microsoft Windows, a 32bits process calc.exe has 0x0-0x80000000 (2GB) reserved as its user-space and the rest is kernel-space (2GB). So, a process has 2+2 = 4GB of virtual space. This ratio could ...
- 391