WINDBG


WINDBG

Aaron Pierce
All flavors of MS-DOS ? , Windows 9x, Windows NT ? , Windows XP ? , and Windows Vista ? (beta). Tools MS DevStudio, VMWare Workstation, Compuware SoftIce, MS WinDbg, Compuware
http://www.piercetribe.org/Aaron/resume/Aaron_Pierce_Resume_Brief.pdf

Title: Bugger The Debugger
be prevented. Debuggers Our research was done on the Windows 2000 SP4 operating system, using the following three popular debuggers; OllyDbg Microsoft Visual C++ Debugger WinDbg Various
http://www.security-assessment.com/files/whitepapers/PreDebug.pdf

Debugging on Intel® Platforms
Xcode even helps keep your data secure by using an encrypted connection to the remote debugging session. Windows-Only Support The Windbg* ( http://www.microsoft.com/whdc/devtools/
http://assets.devx.com/goparallel/19402.pdf

Course sChedule
800.699.1932 or visit www.develop.com SOS "Son Of Strike" By: mark smith For those of you who are not familiar with SOS.DLL, it's a debugging extension used primarily with WinDBG, but
http://www.develop.com/downloads/DMwinter08US.pdf

Representative Project Summaries
The environment was Windows CE, C, Windbg. ? Developed an application for Palm PC , thru which a doctor could store the prescription and send it to a pharmacy or take a print out.
http://www.secf.com/data_sheets/FW_WAP_HH.pdf

Mastering .NET Debugging (Virtual) with John Robbins
.NET compared to previous environments and this section covers all the details so you can properly get a debugger attached no matter when an exception occurs . Introduction to WinDBG
https://www.wintellect.com/Registration/Downloads/Mastering%20NET%20Debugging%20(2008).pdf

Quality Assurance and Testing Services
Automatic testing (Windows Shell scripting). We perform Driver Testing at the professional level so we use the followings instruments: ? Windows Driver Verifier. ? WINDBG ? VMware
http://www.apriorit.com/downloads/QA_and_Testing.pdf

VProbes Programming Reference
file contains the exported kernel symbol definitions so the modules facility can dynamically link and bind loadable modules. To extract symbols from Windows guests, use the WinDbg
http://www.vmware.com/products/beta/ws/vprobes_reference.pdf

Reverse Engineering: Anti-Cracking Techniques
http://www.hex-rays.com/] - W32Dasm [http://www.google.com] (Old, but you will be amazed with some of its functions) - SoftICE (Stopped being supported from April 2006) - WinDbg [http
http://packetstormsecurity.org/papers/general/Reverse.Engineering.AntiCracking.Techniques.pdf

Windows IPC, Named Pipes, Shared Sections
www.isecpartners.com Discovering IPC mechanism use with WinDbg Possible but not ideal with WinDbg-informative though 1. Put a break point on the targeted IPC mechanism 1. bpkernel32
http://www.isecpartners.com/files/iSEC-Fuzzing_Win32IPC.BH2006.pdf

Breaking Forensics Software: Weaknesses in Critical Evidence ...
When issues were discovered, they were analyzed using GDB or WinDBG. We performed fuzzing of lesystem structures. To perform these tests we started witha lesystemthat was previously
http://www.isecpartners.com/files/iSEC-Breaking_Forensics_Software-Paper.v1_1.BH2007.pdf

Forensic analysis of the Windows registry in memory5
Ablogpostby Anand (2008) provides some more details, and gives an example of manually translating a cell index into a virtual address using WinDbg.
http://dfrws.org/2008/proceedings/p26-dolan-gavitt.pdf

Reverse Engineering Analysis of Vulnerabilities
Intel vs. ATT assembly [*] Intel is used in-Windows-IDA Pro-Ollydbg-Windbg [*] ATT is used in-GCC-GDB
http://ysts.org/files/v10/ystsv10-LuisMiras.pdf

Configuring Microsoft® Visual Studio Projects to Support the AMD64 ...
In addition to NTSD, Microsoft Windbg also supports debugging of 32-bit applications under 64-bit Microsoft Windows for AMD64 processors, as well remote debugging of 64-bit drivers.
http://www.amd.com/us-en/assets/content_type/DownloadableAssets/dwamd_VSProj_AMD64.pdf

Fuzzing Win32 Interprocess Communication Mechanisms
www.isecpartners.com WinDbg - The Windows Debugger ? Great multipurpose tool for working with binaries ? Available without charge from Microsoft ? Can intercept kernel32 calls
http://www.blackhat.com/presentations/bh-usa-06/BH-US-06-Burns.pdf

Windows Integrity Application Development Environments
that are available for porting Windows and SQL applications to Itanium-based systems. Cross-compile Native-compile IDE VisualStudio 2005 Team VisualStudio 2005 Pro, DDK/SDK, WinDbg
http://docs.hp.com/en/10019/WI-DevEnv-022107.pdf

Crash Data Collection: A Windows Case Study
Upon receipt of crash dumps, they are parsed using Microsoft's "Debugging Tools for Windows" (WinDbg), publicly available at http://www.micro soft.com/whdc/devtools/debugging/d efault
http://www.cs.berkeley.edu/~archanag/publications/dsn05_ganapathi.pdf

Writing WDM Kernel Mode Device Drivers for Windows (lecture only)
Building and Debugging Kernel Mode Drivers How WDM drivers are built using the DDK and debugged using WinDbg. The differences between the free and checked builds of Windows, and when
http://www.osr.com/printx.cfm?seminar=seminars_wkmddw2_3dl.cfm

Kernel Debugging for Windows (with lab)
Introduction to WinDBG WinDBG is the Windows debugger, used primarily for kernel mode debugging although it also can be used to debug applications.
http://www.osr.com/printx.cfm?seminar=seminars_kdw2_4dlwl.cfm

eEye Digital Security White Paper
I tend to use the SoftICE debugger from Compuware/Numega for almost all of my debugging, but when working with the trap frame states, WinDbg provides far better functionality and
http://research.eeye.com/html/papers/download/StepIntoTheRing.pdf

Windows Systems Programming (WSP)
A very important aspect of course, debugging using WinDbg exploits lots of windows internals. In particular, this course covers key operating system mechanisms, principles important
http://www.conceptssys.com/SyllabusPdf/wss.pdf

Course Title: Course Code: Course Instructor: Course Duration: Course ...
Target Students: Security Researchers, Security Professionals, Software Developers Student Prerequisite: Basic knowledge of assembly language and C ANSI Software Requirement: Windbg
http://www.coseinc.com/Training.Reverse.Engineering.pdf

Advanced PostgreSQL on Windows
Using windbg * Step 1 -attach to running backend * Figured out pid using previous methods
http://www.hagander.net/talks/Advanced%20PostgreSQL%20on%20Windows.pdf

Increase Your Sight
Prerequisites ?Windows Server 2003 Driver Development Kit ?Debugging Tools For Windows (w/ SDK)-Install to C: \windbg\ ?Detours (included pre-built)
http://metasploit.com/users/pusscat/Byakugan.pdf

Introduction to Reverse Engineering Win32 Applications
paper the reader will be (re)introduced to many concepts and tools essential to understanding and controlling na-tiveWin32 applications through the eyes of Windows Debugger (WinDBG
http://uninformed.org/?v=1&a=7&t=pdf

Memory Dump Analysis Anthology
WinDbg For GDB Users and Vice Versa .. 553 PART 8: Software Troubleshooting
http://www.dumpanalysis.org/MDAA/MDA-Anthology-V1-TOC.pdf

Introduction to WinDbg Scripts for C/C++ Users
Sample chapter from the book "Windows® Crash Dump Analysis " by Dmitry Vostokov] Introduction to WinDbg Scripts for C/C++ Users All debuggers from Debugging Tools for Windows
http://www.dumpanalysis.org/WCDA/WCDA-Sample-Chapter.pdf

CS221 Debugging with CodeView, Visual Studio, WinDbg
CS221 Debugging with CodeView, Visual Studio, WinDbg Debuggers are extremely useful tools to help you uncover errors in your program. There are different debuggers that come with
http://www.math.uaa.alaska.edu/%7Eafkjm/cs221/handouts/debugging.pdf

Common WinDbg Commands (Thematically Grouped) - By Robert Kuster
Common WinDbg Commands (Thematically Grouped) By RobertKuster, November 2007. All rights reserved. www.software.rkuster.com 1) Built-in help commands 9) Exceptions, events, and
http://www.software.rkuster.com/windbg/WinDBG_Cmds.pdf