RE: Windows debugging/vulnerability analysis

["Krpata, Tyler" <tkrpata () bjs com>]

Thanks for the reply. Since my original post, I did a little more
research and read up on remote kernel debugging using Windbg and MS
Virtual PC (both free), and emulating the serial connection through a
named pipe. It seems to give me pretty much what I was looking for. Does
SoftICE give me any advantages over this setup?

-----Original Message-----
From: Rob klein Gunnewiek [mailto:rob.kleingunnewiek () gmail com] 
Sent: Monday, July 31, 2006 5:42 AM
To: Krpata, Tyler
Cc: security-basics () securityfocus com
Subject: Re: Windows debugging/vulnerability analysis

On 7/27/06, Krpata, Tyler <tkrpata () bjs com> wrote:
> Hi,
>
> I am looking for some resources on analyzing vulnerabilities in 
> Windows drivers and/or the kernel. Specifically I am interested in the

> flaw in srv.sys as detailed in MS06-035. I'm really looking for 
> details on how to get useful information out of a debugger at that 
> level, not being a Windows person myself. Can anyone recommend some
reading material?

I hope you have experience in userspace vulnerability analysis before
you go into the kernel-based stuff. Do you know about SoftICE? It is a
Windows debugger capabable of debugging kernel-based code. There should
be a lot of information to be found on Google.

Good luck.

--
Regards,
Rob klein Gunnewiek



---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------