Debugging LSASS ... oh what fun, it is to ride..

re: Debugging LSASS ... oh what fun, it is to ride..

Pavel Lebedinsky — Wed, 28 Dec 2005 03:37:24 GMT

Since normally there's only one instance of lsass running, it's easier to attach by name rather than by pid:

windbg -premote ... -pn lsass.exe

You can also add -pd option to make sure you don't accidentally kill the process on detach.

re: Debugging LSASS ... oh what fun, it is to ride..

Mike — Fri, 30 Jun 2006 21:11:18 GMT

I am quite fancy the last debugging method(via dbgsrv.exe), however, I always got an error
"Could not attach to process 280, Win32 error 5 Access is denied" (280 = PID of lsass). Any idea?

Thanks,

re: Debugging LSASS ... oh what fun, it is to ride..

Mike — Tue, 04 Jul 2006 12:55:46 GMT

Sorry, my fault.

I run dbgsrv.exe through TS (terminal service), that's why I got the error.

re: Debugging LSASS ... oh what fun, it is to ride..

James — Tue, 26 Sep 2006 11:50:42 GMT

Very Good! : )

College Fun Facts » Spat’s WebLog (Steve Patrick) : Debugging LSASS … oh what fun it is …

Mon, 31 Mar 2008 23:39:04 GMT

PingBack from http://collegefunfactsblog.info/spats-weblog-steve-patrick-debugging-lsass-oh-what-fun-it-is/

??????IAT hook??????windows?????????????????? | ??????’s Blog

??????IAT hook??????windows?????????????????? | ??????’s Blog — Sat, 24 May 2008 21:40:47 GMT

PingBack from http://huaidan.org/archives/2012.html

利用IAT hook实现windows通用密码后门

小辉 — Tue, 27 May 2008 05:01:04 GMT

来源：看雪学院

作者：clyfish windows有通用密码吗？

去问比尔大叔吧。先不管是不是真的有，我们可以自己实现一个这样的后门。先简单介绍一下windows登陆过程中...