-
-
Rr0d:RR0D is a ring 0 debugger by Teddy Rogers
-
发表于: 2006-4-20 17:02
-
FROM:Seek n Destroy
What's RR0D ?
RR0D is a ring 0 debugger. It offers the possibility to debug any kind of code (kernel/user/rasta land). Its philosophy is to be OS independent. That's why RR0D can today be installed on Linux, *BSD, Wind0ws. This has some disadvantages: RR0D is only designed to run on x86 (is this really a disadvantage?). Here is a presentation of Rr0d.
How the hell does this work ?
It works fine. Thanks. Actually, the goal is to keep the code low level enough to *not* use any kernel host code. RR0D is a sort of stand-alone module that installs hooks at each important point to realize such a dream. The only part that is OS dependent is the kernel module interface.
This kernel debugger has its own keybord driver (only PS2 keyboard). Rr0d has its own video drivers: The first one is a VGA driver that manipulates directly the VGA compatible mode of graphic cards (in console mode). Rr0d has a FrameBuffer video driver as well: it is used under X server (or with the Win desktop).
Rr0d hooks interruptions (0, 1, 3,..) on idt. If the interruption is managed by Rr0d (int 3, ...) iret is done. Else, Rr0d gives back hand to the OS. Rr0d has a little disasm engine (buGGy one to display disassembly. Rr0d handles pagination in order to set/clear bp or editing memory.
Note: During Rr0d rasta trace debugging sessions, rr0d loops. So hot processors: take care
FAQ:
Q: Hey man, your rr0d seems to be a soft-ice like?!
A: yea man, rr0d seems to have he same beautiful graphic interface as soft-ice.
Q: Hey man, is rr0d at least has a rasta mode?
A: yea man, Of course it has.
Q: Hey man, why rr0d and not KGDB?
A: man, KGDB is *not* a rasta debugger
Q: Hey man, how many functionalities rr0d has?
A: man, it has plenty rasta functionalities
Q: But man, why ring 0 debugger is more powerfull than ring-3?
A: man, because ring-0 0wnz ring-[1-3]
Q: Man, what about Apple users?! Will they never get this piece of tool?
A: man, keep rasta: we are today in relation with Apple developpers: They decided to forget Power PC and to base their main architecture on X86: be patient.
Q: Man, will it be possible to write plugins for rr0d?
A: man, yes: the symbol exporter is a sort of plugin. But a more interesting plugin system will be implemented such as a memory dumper, a process dumper, a tetris, a Frozen bubble, a FireStarter Crazy Zorg Revenge ...
Download Links:
http://cvs.droids-corp.org/cgi-bin/viewcvs.cgi/
http://rr0d.droids-corp.org/rr0d_snapshot.tar.gz
What's RR0D ?
RR0D is a ring 0 debugger. It offers the possibility to debug any kind of code (kernel/user/rasta land). Its philosophy is to be OS independent. That's why RR0D can today be installed on Linux, *BSD, Wind0ws. This has some disadvantages: RR0D is only designed to run on x86 (is this really a disadvantage?). Here is a presentation of Rr0d.
How the hell does this work ?
It works fine. Thanks. Actually, the goal is to keep the code low level enough to *not* use any kernel host code. RR0D is a sort of stand-alone module that installs hooks at each important point to realize such a dream. The only part that is OS dependent is the kernel module interface.
This kernel debugger has its own keybord driver (only PS2 keyboard). Rr0d has its own video drivers: The first one is a VGA driver that manipulates directly the VGA compatible mode of graphic cards (in console mode). Rr0d has a FrameBuffer video driver as well: it is used under X server (or with the Win desktop).
Rr0d hooks interruptions (0, 1, 3,..) on idt. If the interruption is managed by Rr0d (int 3, ...) iret is done. Else, Rr0d gives back hand to the OS. Rr0d has a little disasm engine (buGGy one to display disassembly. Rr0d handles pagination in order to set/clear bp or editing memory.
Note: During Rr0d rasta trace debugging sessions, rr0d loops. So hot processors: take care
FAQ:
Q: Hey man, your rr0d seems to be a soft-ice like?!
A: yea man, rr0d seems to have he same beautiful graphic interface as soft-ice.
Q: Hey man, is rr0d at least has a rasta mode?
A: yea man, Of course it has.
Q: Hey man, why rr0d and not KGDB?
A: man, KGDB is *not* a rasta debugger
Q: Hey man, how many functionalities rr0d has?
A: man, it has plenty rasta functionalities
Q: But man, why ring 0 debugger is more powerfull than ring-3?
A: man, because ring-0 0wnz ring-[1-3]
Q: Man, what about Apple users?! Will they never get this piece of tool?
A: man, keep rasta: we are today in relation with Apple developpers: They decided to forget Power PC and to base their main architecture on X86: be patient.
Q: Man, will it be possible to write plugins for rr0d?
A: man, yes: the symbol exporter is a sort of plugin. But a more interesting plugin system will be implemented such as a memory dumper, a process dumper, a tetris, a Frozen bubble, a FireStarter Crazy Zorg Revenge ...
Download Links:
http://cvs.droids-corp.org/cgi-bin/viewcvs.cgi/
http://rr0d.droids-corp.org/rr0d_snapshot.tar.gz
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
ring 0 很少玩
|
|
|
ring 0 is good!
|
|
|
|
|
|
|
|
|
林兄来个编译好的。这么多源码还要一个个下了再编译
|
|
|
正在邀请人编译.但有困难,
|
|
|
|
|
|
如果trw2k有做到现在,应该比它漂亮多了
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
最初由 heXer 发布 试用的目的. 每一个新的工具肯定的要首先试用,有问题就不采用. |
|
|
|
|
|
是的,,试用就是编译
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
