windbg.info
Home Search
 You are here: arrow Home Forum

Search Our Site

www.windbg.info
Welcome, Guest
Please Login or Register.    Lost Password?
tracking malicious code with windbg
(1 viewing) 1 Guest
Go to bottom
TOPIC: tracking malicious code with windbg
#89
ictsecurity0 (User)
Posts: 2
User Offline

tracking malicious code with windbg 14 Feb 2011 - 08:11
Dear all,

Sorry if this is dummy question. Just have the idea that, i success to setup the windbg remote debugging through vmware guest windows xp. Im planning to use windbg to monitoring/tracking the malware activities. my idea is:

windbg (Host) ----> vmware (guest windows xp running malware)

my question is:
1. possible if we set the break point of malware.exe in guest windows xp? using which command?
2. possible using 'wt' to trace what malware.exe doing?

thanks,
from ictsecurity0
 
  Logged IP
  The administrator has disabled public write access.
#152
Csaba Varszegi (User)
Posts: 3
User Offline

Re: tracking malicious code with windbg 17 Mar 2012 - 13:24
Hi,

Once you have the kernel debug session established you can use ntsd -d to debug the malware via the connection. You can also use breakin to break into the user mode code.

Cs.
 
  Logged IP
  The administrator has disabled public write access.
Go to top
  up top of page up  
 

Copyright © 2017 WinDbg.info. All Rights Reserved.
Page generated in 0.0006 seconds.