PDA

View Full Version : Kernel Tracing


t321
September 17th, 2012, 11:01
Hi everyone,

I am pretty new to reversing and trying to fing a good kernel tracer.
Windbg trancing isnt good enough for me.
Any good tracers out there?


Thanks,
tu


SIG:
"12c4ba5f31189082c8ea6151196ec35a84de6629c0d03281dcd820ef72b45ef80e240e20859c71d51bdf9ec6"

Kayaker
September 17th, 2012, 15:57
I'd say, in order of preference, Windbg, Softice (in the majority of cases it should still work well under VMWare with XPsp3), or possibly Syser as an alternative to Softice.

Other possibilities:
http://www.woodmann.com/collaborative/tools/index.php/Category:Ring_0_Debuggers

They all have learning curves, so I don't know why Windbg wouldn't be the most practical choice.

In reality my personal first choice is usually Softice, for simplicity, but if you're in it for the long term I'd suggest you might as well focus your learning efforts on the "accepted" current kernel debugger, Windbg.