[Note] Windbg cheetsheet
https://github.com/hugsy/defcon_27_windbg_workshop/blob/master/windbg_cheatsheet.md
.hh: view help file
dds poi(nt!KeServiceDescriptorTable) L poi(nt!KeServiceDescriptorTable+8)
d*: display command
x: examine symbols
x nt!KeServiceDescriptor*
!process 0 0
.process /p
lm u: list dll
!chkimg -d -v ntdll.dll
lm a [addr]: which modules an addr belongs to
s 0 L?80000000/2 38 13 37 13: search hex bytes
.reload /f /i /a: reload all symbols
!heap -s: list all process heaps
dt ntdll!_DPH_BLOCK_INFORMATION 00000214`9f9acf90 #with pageheap enabled
http://geekswithblogs.net/.NETonMyMind/archive/2006/03/14/72262.aspx
.hh: view help file
dds poi(nt!KeServiceDescriptorTable) L poi(nt!KeServiceDescriptorTable+8)
d*: display command
x: examine symbols
x nt!KeServiceDescriptor*
!process 0 0
.process /p
lm u: list dll
!chkimg -d -v ntdll.dll
lm a [addr]: which modules an addr belongs to
s 0 L?80000000/2 38 13 37 13: search hex bytes
.reload /f /i /a: reload all symbols
!heap -s: list all process heaps
dt ntdll!_DPH_BLOCK_INFORMATION 00000214`9f9acf90 #with pageheap enabled
bu annots+0003B193 ".if (@ecx==0xD0E0058) {} .else{gc}"
bu annots+0003B193 ".printf \"ECX: %x\\n\",@ecx; g"
bu annots+0003B193 ".printf \"ECX: %x\\n\",@ecx; g"
Comments
Post a Comment