Browse by Tags
All Tags »
Symbols (RSS)
A few weeks ago, during a laboratory with a customer, I found myself struggling to download the public symbol from a specific driver. Since driver is Kernel Mode if you get a User Mode dump from the application using the driver, you won’t be able to actually
Read More...
ln is a very useful command. It stands for list nearest. You provide an address as argumen t, and it gives you the closest symbol that matches the address. Of course, you have to be using the right symbols! Here is the syntax : ln [ address ] Example:
Read More...
dt is another command used almost all the time whenever you want to get the fields and type for a structure or class. For example, you may have a this pointer and use dt to get its fields and type. It’s a simple command with interesting variations that
Read More...
Very often I found myself scanning the stack or the entire virtual memory for the process to find information that may help me. This information may be strings, DWORDS, bytes, chars, etc… To accomplish this you should use the s command. Here I exemplify
Read More...
This is yet another command that has powerful capabilities. It’s very flexible, too. You can use different parameter s combinations; though, I recommend you look at or check the WinDbg documentation if you want to explore other variations. Again I’m going
Read More...
