Windows Kernel Debugging Introduction
Вставка
- Опубліковано 10 лют 2024
- In this video I will demonstrate how you can debug the Windows Kernel.
Dependencies:
- VirtualBox: winget install virtualbox
- windbg: winget install Microsoft.WinDbg
Links:
- Official Guide: learn.microsoft.com/en-us/win...
- Unofficial Native API Docs: ntdoc.m417z.com/ - Наука та технологія
- I used Win7 in this video since I just had the disk around, but you can also grab the Win10 iso from the official Microsoft website and the same method from this video will work (I think it also works with Win11 but I haven't tried yet)
- Notice that after enabling debugging on the Windows boot settings, the machine will wait for a debugger connection each time it boots, you can bring it back to working normally by disabling debugging in bcdedit
- I recommend making a snapshot before starting - so you can just easily restore it to the beginning state
Thanks for the great video, but how to obtain a windows to run on a virtual machine ?
@@marouaniAymen I just installed from a physical installation disk of Windows 7 I have, you can also debug a physical computer
@@nirlichtman Thanks for your answer
Great video as always ! Keep going !
Wonderful. Hopefully many youtubers learn from you to make concise videos!
im curious as to why win 7 32bit was used. is it harder/not possible on modern versions?
Same
I think he mentioned that only because the number that he passed to the function shows as pair of 2 bytes or as 32 bits in the debugger.
Reason I chose Win7 32bit is because that is the newest Windows installation disk I have in my room and also it has low system requirements, but this process should work the same in modern versions as well (modern versions even support additional types of kernel debugging - more info in the official docs)
Arguments are passed differently between 32 and 64-bit processes. It is arguably easier to learn 32-bit first before moving on to 64-bit.
Thanks a lot for those videos about kernel debug!
I have a question though, where did you learn that stuff? Alone?
great content ✌
windows has a really good debugger
Agreed, windbg is very powerful and I like the GUI as well
Another great video !!
Nice 👍
mine stuck at debugge not connected.
i am trying to attach to win2016 server. i get connection established but it stuck at system up time and says debuggee not connected.
i tried to break but did not work.
thank you.
Is it possible to debug playstation kernel?
Which playstation model?
@@nirlichtman PS4
can we still install windows 7 in 2024? i wan't an iso man.
I installed from a physical Win7 disk I have
Yes, we can. And we will.
13 hours ago... wow
Last time I used windbg it offloaded the dump onto an innaccessible directory despite admin privelages. Lmao
It's all accessible when you know how. You may have to use something like Sysinternals PS tools to run a command prompt as system, but you probably only needed to take ownership and add read permissions.
Appreciate the video but it would have been better if it was for Windows 11
It's probably very similar.