CNIT 126: 8: Debugging

Показать описание

A lecture for a Malware Analysis class

Sam Bowne
CCSF
Hacking
Security

Рекомендации по теме

Комментарии

My custom-developed Exodus OS allowed kernel mode debugging in the kernel. Used a Hercules graphics adapter at 0xb0000-b7fff in graphics mode, with a mouse and flashing cursor. Less than 128KB (64KB debugger, 64KB disassembler), written in MASM 6.11d back around the year 2000. All ring-0. A modified version allowed 80x25 text-mode debugging of the boot sector (that version was like CodeView 3.x for DOS). It loaded the 128KB into lower 640 KB at boot, setup interrupts, used BIOS only, and could literally step through the boot sector using a few loader instructions to load those sectors into RAM, a single CALL to set it all up, then INT 3 + INT 1 debugging thereafter. Very nice.

EnsignRho

Stop the political commentary, Sam. You're damaging your reputation. :-)

EnsignRho

CNIT 126: 8: Debugging

CNIT 126: 8: Debugging

CNIT 126 8 Debugging

CNIT 126: 8: Debugging

CNIT 126: 8. Debugging (Part 1)

CNIT 126: 8. Debugging (Part 2)

CNIT 126 - Practical Malware Analysis, September 11, 2018 Lecture

CNIT 126: 10: Kernel Debugging & 11: Malware Behavior

CNIT 126 - Practical Malware Analysis, September 25, 2018 Lecture

CNIT 126 10: Kernel Debugging with WinDbg

CNIT 126 - Practical Malware Analysis, October 30, 2018 Lecture

CNIT 126 - Practical Malware Analysis, October 9, 2018 Lecture

CNIT 126: 10. Kernel Debugging

CNIT 126 7: Analyzing Malicious Windows Programs (Part 1)

CNIT 126 10 Kernel Debugging with WinDbg

CNIT 126 Ch 11

CNIT 126 Ch 0-1 Basic Static Techniques (Part 1)

CNIT 126 0: Malware Analysis Primer & 1: Basic Static Techniques (Part 1)

CNIT 126 Ch 9

CNIT 126 Ch 10

CNIT 126 - Practical Malware Analysis, September 4, 2018 Lecture

CNIT 126 11: Malware Behavior

CNIT 126 - Practical Malware Analysis, August 21, 2018 Lecture

CNIT 126 Ch 0-1 Basic Static Techniques (Part 2)

CNIT 126: Assembly Language