WinDbg tricks
WinDbg tricks This section is intended to describe the various tricks WinDbg . Some of them are useful, some are very useful. Most I use for dynamic analysis of different rootkits, however, do not forget that the WinDbg debugger can be used as user mode applications. Debugger itself has a tremendous number of commands, but uses a very small part of them. Therefore, we assume that this section I'm writing for myself as a reference, not to forget. This page will be updated at least how I remember that I must write here :) The story will be in the form of questions and answers. And someday I'll break it all on the sub, but not now (this offer will disappear in the case of sales). Q: How do I set the path to the symbols from Microsoft? A: Being in WinDbg, press Ctrl-S and paste c: \ symserver; SRV * c: \ symserver * http://msdl.microsoft.com/download/symbols Q: To check something quickly, such as an offset or gain an undocumented structure necessary to ...