-
-
VistaLKD - 动态开启 vista 系统本机内核调试功能
-
2008-4-5 10:21
-
VistaLKD by 小喂
WinDbg 的本机内核调试是个很强大的功能,可以查看修改内核信息。但从 Vista 系统以后,缺省不能使用本机内核调试功能,只能修改启动项打开调试功能重启后才能使用。所以写了个 VistaLKD 小工具,可以动态打开本机内核调试功能,方便使用。
D:\WinDbg>kd -kl
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
OSVERSIONINFO(276,6,0,6000,2)
Local kernel debugging is disabled by default in Windows Vista, you must run "bcdedit -debug on" and reboot to enable it
.
Debuggee initialization failed, HRESULT 0x80004001
"<Unable to get error code text>"
D:\WinDbg>kd -kl
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
OSVERSIONINFO(276,6,0,6000,2)
Connected to Windows Vista 6000 x86 compatible target, ptr64 FALSE
Symbol search path is: srv*E:\WebSymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
*******************************************************************************
WARNING: Local kernel debugging requires booting with kernel
debugging support (/debug or bcdedit -debug on) to work optimally.
*******************************************************************************
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16584.x86fre.vista_gdr.071023-1545
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Sat Apr 5 07:32:21.600 2008 (GMT+8)
System Uptime: 0 days 0:05:36.475
lkd>
WinDbg 的本机内核调试是个很强大的功能,可以查看修改内核信息。但从 Vista 系统以后,缺省不能使用本机内核调试功能,只能修改启动项打开调试功能重启后才能使用。所以写了个 VistaLKD 小工具,可以动态打开本机内核调试功能,方便使用。
D:\WinDbg>kd -kl
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
OSVERSIONINFO(276,6,0,6000,2)
Local kernel debugging is disabled by default in Windows Vista, you must run "bcdedit -debug on" and reboot to enable it
.
Debuggee initialization failed, HRESULT 0x80004001
"<Unable to get error code text>"
D:\WinDbg>kd -kl
Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.
OSVERSIONINFO(276,6,0,6000,2)
Connected to Windows Vista 6000 x86 compatible target, ptr64 FALSE
Symbol search path is: srv*E:\WebSymbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
*******************************************************************************
WARNING: Local kernel debugging requires booting with kernel
debugging support (/debug or bcdedit -debug on) to work optimally.
*******************************************************************************
Windows Vista Kernel Version 6000 MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 6000.16584.x86fre.vista_gdr.071023-1545
Kernel base = 0x81c00000 PsLoadedModuleList = 0x81d11e10
Debug session time: Sat Apr 5 07:32:21.600 2008 (GMT+8)
System Uptime: 0 days 0:05:36.475
lkd>
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
顶起个fire
|
|
|
|
|
|
|
|
|
|
|
|
顶一下
|
|
|
|
|
|
|
