Sunday, 16 July 2017

Practical Reverse Engineering Exercise Solutions: LiveKd / WinDbg Cheat Sheet

Here are a couple of commands I regularly use for reverse engineering:

uf <function>: Unassemble function
dt nt!_ktss: Show the definition of the data structure _ktss
?? sizeof(_ktss): Show the size the data structure _ktss occupies in memory
.hh uf: Show help for the function uf
x nt!*createfile*: Search all functions having the string "createfile" in its name
!vtop <PDPT-pointer> <virtualAddress>: Compute physical address of given virtual address and the pointer to the page directory pointer table

No comments:

Post a comment