Home page logo

basics logo Security Basics mailing list archives

RE: Windows debugging/vulnerability analysis
From: "Krpata, Tyler" <tkrpata () bjs com>
Date: Mon, 31 Jul 2006 10:37:52 -0400

Thanks for the reply. Since my original post, I did a little more
research and read up on remote kernel debugging using Windbg and MS
Virtual PC (both free), and emulating the serial connection through a
named pipe. It seems to give me pretty much what I was looking for. Does
SoftICE give me any advantages over this setup?

-----Original Message-----
From: Rob klein Gunnewiek [mailto:rob.kleingunnewiek () gmail com] 
Sent: Monday, July 31, 2006 5:42 AM
To: Krpata, Tyler
Cc: security-basics () securityfocus com
Subject: Re: Windows debugging/vulnerability analysis

On 7/27/06, Krpata, Tyler <tkrpata () bjs com> wrote:

I am looking for some resources on analyzing vulnerabilities in 
Windows drivers and/or the kernel. Specifically I am interested in the

flaw in srv.sys as detailed in MS06-035. I'm really looking for 
details on how to get useful information out of a debugger at that 
level, not being a Windows person myself. Can anyone recommend some
reading material?

I hope you have experience in userspace vulnerability analysis before
you go into the kernel-based stuff. Do you know about SoftICE? It is a
Windows debugger capabable of debugging kernel-based code. There should
be a lot of information to be found on Google.

Good luck.

Rob klein Gunnewiek

This list is sponsored by: Norwich University

The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]