Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Phantom of XP Ring0 Tracer

Post Reply
User avatar
evaluator
Posts: 1539
Joined: Tue Sep 18, 2001 2:00 pm

Phantom of XP Ring0 Tracer

Post by evaluator »

yah, i want remember our old days. fighting for finding OEP, praying on magic tracing tools, Ring0 tracer.. i am lazy, but hope, i will force meself to write memos about it.. here i will try start draft :) video in attachment
Attachments
XPsp0R0TRACER.zip
(777.29 KiB) Downloaded 64 times
User avatar
evaluator
Posts: 1539
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

forming memo topics:
1. helping tsehp with RVtracer, installing this xp system..
2. fight with SYSENTER magic. but we can back to INT2E instead..
3. tsehp leaves scene.. 'amd jumps -20h'
4. discovering m$ SYSENTER trick
5 thus, INTEL not documented capability of DF?
6. writing tracer code inside BEEP.SYS with HIEW about half year. how work with tracer without program?! myKernel32 :)
7. cmon, lets start learn some masm using
8. tracer traces all, SYSENTER friendly smiles, as it should. why m$ did that?
9. after death breath from terminated process..
10. unexpected exception from debug regiters..
User avatar
Kayaker
Posts: 4179
Joined: Thu Oct 26, 2000 11:00 am

Post by Kayaker »

That raises questions. You were single step tracing in kernel mode? Why in beep.sys? How did you accomplish that? Logging trace?

Memo topics.
Softice Backtrace Buffer was good for tracing, buffer dumper better.
Remember beta-testing Revirgin Win95/98, 2001...led to deluge of asprotect dumping threads past the point of ad nauseam.
Kernel mode programming with Masm32, disappearing down a rabbit hole.
Bowing to Windbg.
Post Reply