Page 6 of 6 FirstFirst 123456
Results 76 to 78 of 78

Thread: USB drivers for Win 7 on 8th generation Intel chipset

  1. #76
    Quote Originally Posted by blabberer View Post
    no absolutely not if you open notepad.exe on the same computer running windbg and if it breaks on ntdll!Kixxxstartyyy you are doing plain usermode debugging as if you are debugging it in ollydbg / x64dbg / whatever debug including visual-studio f5
    Thanks blabbs, I did get my feet wet, somewhat. I traced from the ntdll point where notepad stops well into ntdll and k32. I realize that is still user mode code.

    What would happen if I hit an entry point from ntdll into the kernel? Would it just stall, or kick me back to ntdll code after the kernel processes completed?

    Along the way, I experimented with the windows you suggested, changing the colours and fonts to suit. I had the code window setup with custom colours and the register window open.

    Takes a bit of getting used to with the 64-bit registers. I wondered if the leading zeros can be dumped when not in use.

    Could not find a flags register for imminent jumps. Have not looked hard yet.

    I wish the register windows could be arranged more horizontally than vertically. Maybe there's a way. Anyway, I began to feel quite comfortable stepping through the code with F8 and F10.

  2. #77
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,067
    Blog Entries
    5
    Quote Originally Posted by WaxfordSqueers View Post
    Takes a bit of getting used to with the 64-bit registers. I wondered if the leading zeros can be dumped when not in use.
    Blabberer probably has all kinds of interesting tricks, which is why I enjoy discussing this, I always learn something. I noticed that the Registers window is blank for me and gives the error message "Registers are not yet known". If you google that, it's a known problem in some situations and there's even an extension to address it:

    https://github.com/mbikovitsky/WingDbg

    Maybe you haven't come across that problem yet. Instead I use the Watch window and add the registers manually - @rip, @rax, @rbx, etc. If you use the 32 bit equivalents - @eip, @eax, etc. you'll get them as such without the higher order portion of the 64 bit address if you don't want to look at it. But I think that just adds to confusion because it's not immediately apparent if you're looking at a 64 bit address or a dword value.

  3. #78
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,472
    Blog Entries
    15
    sure register windows can be docked horizontally play with workspaces dock it to your taste and save the workspace layout

    register display can be customised to suit what one wants

    I don't use gui much I like kd and I prefer hitting r rather than lifting mouse

    but if and when I use gui I simply put eax below rax ebx below rbx and so on

    Name:  horreg.gif
Views: 5
Size:  119.4 KB
    Last edited by blabberer; March 23rd, 2019 at 03:34.

Similar Threads

  1. Key generation
    By rebx in forum The Newbie Forum
    Replies: 4
    Last Post: December 17th, 2011, 12:46
  2. License generation WLSCGEN
    By calvin in forum The Newbie Forum
    Replies: 0
    Last Post: March 2nd, 2010, 04:38
  3. how does certificate generation work ?
    By p_2001 in forum The Newbie Forum
    Replies: 15
    Last Post: March 17th, 2009, 11:57
  4. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 18th, 2001, 13:14
  5. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: June 15th, 2001, 05:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •