Thủ Phủ Hacker Mũ Trắng Buôn Ma Thuột

Chương trình Đào tạo Hacker Mũ Trắng Việt Nam tại Thành phố Buôn Ma Thuột kết hợp du lịch. Khi đi là newbie - Khi về là HACKER MŨ TRẮNG !

Hacking Và Penetration Test Với Metasploit

Chương trình huấn luyện sử dụng Metasploit Framework để Tấn Công Thử Nghiệm hay Hacking của Security365.

Tài Liệu Computer Forensic Của C50

Tài liệu học tập về Truy Tìm Chứng Cứ Số (CHFI) do Security365 biên soạn phục vụ cho công tác đào tạo tại C50.

Sinh Viên Với Hacking Và Bảo Mật Thông Tin

Cuộc thi sinh viên cới Hacking. Với các thử thách tấn công trang web dành cho sinh viên trên nền Hackademic Challenge.

Tấn Công Và Phòng Thủ Với BackTrack / Kali Linux

Khóa học tấn công và phòng thủ với bộ công cụ chuyên nghiệp của các Hacker là BackTrack và Kali LINUX dựa trên nội dung Offensive Security

Sayfalar

Showing posts with label WinDbg. Show all posts
Showing posts with label WinDbg. Show all posts

[Windbgshark] Windbg extension for VM traffic manipulation and analysis

10:03 PM  , , , , ,  



This project includes an extension for the windbg debugger as well as a driver code, which allow you to manipulate the virtual machine network traffic and to integrate the wireshark protocol analyzer with the windbg commands.

The motivation of this work came from the intention to find a handy general-purpose way to debug network traffic flows under the Windows OS for the purposes of dynamic software testing for vulnerabilities, for reverse engineering of software and just for fun.

Theory of operation

The main idea is to rely on the Windows Filtering Platform capability to inspect traffic at the application level of OSI (however, the method works well on any level introduced by the WFP API). This gives us a way to intercept and modify any data, which goes through the Windows TCP/IP stack (even the localhost traffic), regardless of the application type and transport/network protocol. Modification and reinjection also work excellent: the operating systems does all the dirty work, reconstructing the transport and network layer headers, for example, as if we were sending the data from the usermode winsock application.

This tool needs a virtualized enviroment (it works fine with VMWare Workstation now) with windbg connected to the virtual machine as a kernel debugger. Installation is done in two steps: driver installation and extension loading in windbg. Driver intercepts network traffic, allows the windbg to modify it, and then reinjects packets back into the network stack. The extension on its turn implements simple interface for packet edit and also uses Wireshark to display data flows. The extension is executed on the host machine, while the driver is located on the virtual machine. To interact with its driver, windbg extension sets the corresponding breakpoints with its own callbacks right inside the driver code. Every time a packet comes in or out, a breakpoint is hit and the windbgshark extracts the app-level payload of the current packet, constructs a new pcap record and sends it to Wireshark. Before the packet is reinjected back, user may modify it, and the Wireshark will re-parse and show the modified record.

Read More

[WinDbg v6.12.2.633] Debugging Tools for Windows

6:53 PM  , , , , ,  


WinDbg is a graphical debugger from Microsoft. It is actually just one component of the Debugging Tools for Windows package, which also includes the KD, CDB, and NTSD debuggers. Its claim to fame is debugging memory dumps produced after a crash. It can even debug in kernel mode. For downloads and more information.

This contains the 32-bit and 64-bit MSI's for Debugging Tools for Windows 6.12.2.633.


Highlights in Version 6.12.2.633

This is the current version of Debugging Tools for Windows 6.12.2.633 and is available in the Windows SDK from http://www.microsoft.com/whdc/DevTools/Debugging/default.mspx. This release of Debugging Tools for Windows contains many bug fixes and new enhancements. The debuggers are stable and more reliable than previous releases and we recommend that you upgrade to this version.

Here are some of the key changes in this version of Debugging Tools for Windows:

1. Several bug fixes in extensions to only use public symbols

2. General BugCheck Analysis Updates including:

• Bug Check 0x9F Update – Added logic to diagnose bugcheck 0x9F minidumps using new data in Windows 7 added to the 0x9F minidumps by the Kernel and Networking Teams.

Data includes:
- All Kernel ExWorkerThreads that process Power IRPs
- IRPs Associated with any ExWorkerThread
- IRPs Associated with PnP Completion Queue
- All Kernel Power IRPs
- Device Stacks for all IRPS
- NTTRIAGEPOWER Structure
- NTTRIAGEPNP structure

• BugCheck 0xFE Update - Add logic to diagnose bugcheck 0xFE minidumps using new to Windows 7 callback data added by the USB team.

3. Fixed user-mode minidump generation problem.

4. Fixed buffer overrun in schannel transport.

5. Fixed several kernel debugger transport issues.

6. Fixed problem with debugger reporting incorrect FPO information.

7. Allowed stack dumps deeper than 65535 if specified explicitly.

8. Changed ".outmask /a" and ".outmask /d" to be set only instead of or/xor.

9. The old ADPlus.vbs is being replaced by ADPlus.exe which requires the .Net Framework 2.0. For those cases where the .Net Framework isn't available we are still shipping the older version renamed to adplus_old.vbs. For detailed documentation of the new ADPlus.exe as well as for its new companion ADPlusManager.exe please see adplus.doc located in the same folder as adplus.exe.



Read More
Subscribe to: Posts (Atom)