http://kobyk.wordpress.com/2008/07/04/replacing-boot-load-drivers-with-the-windows-boot-debugger/ I don't have to put up with this shit... Fri, 09 Oct 2009 20:15:04 +0000 http://wordpress.com/ hourly 1 http://kobyk.wordpress.com/2008/07/04/replacing-boot-load-drivers-with-the-windows-boot-debugger/#comment-297 Ring 0 debugging and Windbg – part 1 « L0werring's Blog Sat, 29 Aug 2009 22:25:35 +0000 http://kobyk.wordpress.com/?p=25#comment-297 [...] Now let us look at a topic which requires a lot of spelunking when it comes to finding information. Bootdebuging referers to debugging components /applications which are loaded much before ntoskrnl.exe. I am going to focus on Windows Vista and forward since the design of boot components has had a major overhaul from Vista. . If you are looking at boot debugging for pre-Vista you could also refer to this well written blog here;: http://kobyk.wordpress.com/2008/07/04/replacing-boot-load-drivers-with-the-windows-boot-debugger/ [...] [...] Now let us look at a topic which requires a lot of spelunking when it comes to finding information. Bootdebuging referers to debugging components /applications which are loaded much before ntoskrnl.exe. I am going to focus on Windows Vista and forward since the design of boot components has had a major overhaul from Vista. . If you are looking at boot debugging for pre-Vista you could also refer to this well written blog here;: http://kobyk.wordpress.com/2008/07/04/replacing-boot-load-drivers-with-the-windows-boot-debugger/ [...]

]]> http://kobyk.wordpress.com/2008/07/04/replacing-boot-load-drivers-with-the-windows-boot-debugger/#comment-289 Suresh Tue, 26 May 2009 11:50:20 +0000 http://kobyk.wordpress.com/?p=25#comment-289 Hi, Interesting article!!! I used ntldr from winddk 2003 debug folder but system failed to boot with an error ntldr is corrupt. I could not find the winxp ddk kit to get the respective ntldr. Could you please share debug version of ntldr from winddk xp? Hi,
Interesting article!!!
I used ntldr from winddk 2003 debug folder but system failed to boot with an error ntldr is corrupt. I could not find the winxp ddk kit to get the respective ntldr. Could you please share debug version of ntldr from winddk xp?

]]> http://kobyk.wordpress.com/2008/07/04/replacing-boot-load-drivers-with-the-windows-boot-debugger/#comment-178 Jack Manger Fri, 25 Jul 2008 11:27:13 +0000 http://kobyk.wordpress.com/?p=25#comment-178 Thank you for this wonderful service. It's so appreciated in this day when every web site is geared toward the material reward they get when they sell something that probaly belongs to the American people. Drivers of course don't and for that reason you're going in my Favorites file. Thank you for your time and attention. Jack Manger Thank you for this wonderful service. It’s so appreciated in this day when every web site is geared toward the material reward they get when they sell something that probaly belongs to the American people.
Drivers of course don’t and for that reason you’re going in my Favorites file. Thank you for your time and attention.
Jack Manger

]]> http://kobyk.wordpress.com/2008/07/04/replacing-boot-load-drivers-with-the-windows-boot-debugger/#comment-168 Shay Barak Fri, 04 Jul 2008 21:13:27 +0000 http://kobyk.wordpress.com/?p=25#comment-168 Once I had to debug a system's boot sector. That's almost as early as it gets. I was using QEMU, a Pentium emulator that's surprisingly speedy. QEMU can provide a gdb interface so you can debug the machine starting at the first instruction that is read from the virtual disk drive. I guess if you're entirely out of luck, you can always debug using this technique. However if you prefer windbg over gdb (and who wouldn't) then you're in a mess. Your best bet would be to write a proxy that intercepts the traffic coming in and going out of the debug port/pipe and translate between windbg-ish and gdb-ish and vice versa. If performance is not an issue, you can actually do it in Python. I don't know what windbg's debug protocol looks like, but according to the documentation the gdb protocol is fairly straightforward. Heck, they might even look very much alike for all I know. Once I had to debug a system’s boot sector. That’s almost as early as it gets.
I was using QEMU, a Pentium emulator that’s surprisingly speedy. QEMU can provide a gdb interface so you can debug the machine starting at the first instruction that is read from the virtual disk drive.
I guess if you’re entirely out of luck, you can always debug using this technique. However if you prefer windbg over gdb (and who wouldn’t) then you’re in a mess. Your best bet would be to write a proxy that intercepts the traffic coming in and going out of the debug port/pipe and translate between windbg-ish and gdb-ish and vice versa. If performance is not an issue, you can actually do it in Python.
I don’t know what windbg’s debug protocol looks like, but according to the documentation the gdb protocol is fairly straightforward. Heck, they might even look very much alike for all I know.

]]>