SlideShare a Scribd company logo

Debugging TV Frame 0x06

Dmitry Vostokov
Dmitry Vostokov

This episode discusses value passing and register reuse, breakpoint execution commands, WinDbg pseudo-registers and scripting, passing data between breakpoints, platform independent commands, logging window messages and module load events.

1 of 8
Download to read offline
Frame 0x06 Presenter: Dmitry Vostokov Sponsors Debugging.TV
• Value passing and register reuse • Breakpoint execution commands • WinDbg pseudo-registers and scripting • Passing data between breakpoints • Platform independent commands • Logging window messages • Module load events Topics © 2012 DumpAnalysis.org + TraceAnalysis.org
BOOL WINAPI GetMessage ( __out LPMSG lpMsg, // RCX __in_opt HWND hWnd, // RDX __in UINT wMsgFilterMin, // R8d __in UINT wMsgFilterMax // R9d ); GetMessage © 2012 DumpAnalysis.org + TraceAnalysis.org
typedef struct tagMSG { HWND hwnd; // 64 UINT message; // 64 WPARAM wParam; // 64 LPARAM lParam; // 64 DWORD time; // 32 POINT pt; // 32, 32 } MSG, *PMSG, *LPMSG; MSG © 2012 DumpAnalysis.org + TraceAnalysis.org
0:000> ub 00000000`ff2d1064 notepad!WinMain+0xf5: [...] 00000000`ff2d1051 488d4c2440 lea rcx,[rsp+40h] 00000000`ff2d1056 4533c9 xor r9d,r9d 00000000`ff2d1059 4533c0 xor r8d,r8d 00000000`ff2d105c 33d2 xor edx,edx 00000000`ff2d105e ff1524b40000 call qword ptr [notepad!_imp_GetMessageW (...)] * bp 0 0:000> u 00000000`ff2d1064 notepad!WinMain+0x182: 00000000`ff2d1064 413bc4 cmp eax,r12d * bp 1 00000000`ff2d1067 0f84b2060000 je notepad!WinMain+0x18b (00000000`ff2d171f) [...] 0:000> bl 0 e 00000000`ff2d105e 0001 (0001) 0:**** notepad!WinMain+0x17c "r $t0 = rcx; g" 1 e 00000000`ff2d1064 0001 (0001) 0:**** notepad!WinMain+0x182 ".printf "hwnd: %p message: %p wParam: %p lParam: %p", poi(@$t0), poi(@$t0+@$ptrsize), poi(@$t0+2*@$ptrsize), poi(@$t0+3*@$ptrsize); .echo; g" Event State Management © 2012 DumpAnalysis.org + TraceAnalysis.org
.logopen kv u ub bp bl g r dp Commands and pseudo-registers © 2012 DumpAnalysis.org + TraceAnalysis.org .printf .echo poi $t0 $ptrsize bc dd .logclose
!Ad Hardcore Technical Support Training © 2012 DumpAnalysis.org + TraceAnalysis.org Advanced Windows Memory Dump Analysis Accelerated Windows Memory Dump AnalysisJanuary 18-23, 2012: January 13, 2012: Training Schedule Accelerated .NET Memory Dump AnalysisJanuary 26-27, 2012:
Debugging.TV

Recommended

Machinekit - The Python Machinetalk Bindings
Machinekit - The Python Machinetalk BindingsMachinekit - The Python Machinetalk Bindings
Machinekit - The Python Machinetalk Bindings
Alexander Rössler
 
Introduction to Sublime text 2
Introduction to Sublime text 2Introduction to Sublime text 2
Introduction to Sublime text 2
Mahmoud Alqam
 
MazuV-Debug-System
MazuV-Debug-SystemMazuV-Debug-System
MazuV-Debug-System
feathertw
 
Workshop@naha_val3
Workshop@naha_val3Workshop@naha_val3
Workshop@naha_val3
Shusaku Fukumine
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Saeid Zebardast
 
Lisa14
Lisa14Lisa14
Lisa14
Dan Lambright
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersCilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Thomas Graf
 
LCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS RoadmapLCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS Roadmap
Linaro
 

Recommended

Machinekit - The Python Machinetalk Bindings
Machinekit - The Python Machinetalk BindingsMachinekit - The Python Machinetalk Bindings
Machinekit - The Python Machinetalk Bindings
Alexander Rössler
 
Introduction to Sublime text 2
Introduction to Sublime text 2Introduction to Sublime text 2
Introduction to Sublime text 2
Mahmoud Alqam
 
MazuV-Debug-System
MazuV-Debug-SystemMazuV-Debug-System
MazuV-Debug-System
feathertw
 
Workshop@naha_val3
Workshop@naha_val3Workshop@naha_val3
Workshop@naha_val3
Shusaku Fukumine
 
Introduction to Redis
Introduction to RedisIntroduction to Redis
Introduction to Redis
Saeid Zebardast
 
Lisa14
Lisa14Lisa14
Lisa14
Dan Lambright
 
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersCilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Thomas Graf
 
LCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS RoadmapLCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS Roadmap
Linaro
 
PWM based motor speed control using LPC 1768
PWM based motor speed control using LPC 1768PWM based motor speed control using LPC 1768
PWM based motor speed control using LPC 1768
Omkar Rane
 
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
Omkar Rane
 
Qemu net netdev - nic
Qemu net netdev - nicQemu net netdev - nic
Qemu net netdev - nic
Chia-An Lee
 
MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103
Linaro
 
Decoding LoRaWAN Packet
Decoding LoRaWAN PacketDecoding LoRaWAN Packet
Decoding LoRaWAN Packet
Radiojitter Concepts Lab LLP
 
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
R3
 
Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18
Roy Wasse
 
Proof of x
Proof of xProof of x
Proof of x
Mikal Villa
 
Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
Sylvain Afchain
 
Advanced Evasion Techniques by Win32/Gapz
Advanced Evasion Techniques by Win32/GapzAdvanced Evasion Techniques by Win32/Gapz
Advanced Evasion Techniques by Win32/Gapz
Alex Matrosov
 
Linux SD/MMC device driver
Linux SD/MMC device driverLinux SD/MMC device driver
Linux SD/MMC device driver
艾鍗科技
 
Remote code execution in restricted windows environments
Remote code execution in restricted windows environmentsRemote code execution in restricted windows environments
Remote code execution in restricted windows environments
Borja Merino
 
Beginning direct3d gameprogramming01_20161102_jintaeks
Beginning direct3d gameprogramming01_20161102_jintaeksBeginning direct3d gameprogramming01_20161102_jintaeks
Beginning direct3d gameprogramming01_20161102_jintaeks
JinTaek Seo
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
Sylvain Afchain
 
Vectorization on x86: all you need to know
Vectorization on x86: all you need to knowVectorization on x86: all you need to know
Vectorization on x86: all you need to know
Roberto Agostino Vitillo
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
CODE BLUE
 
Debugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vosDebugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vos
Gluster.org
 
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
DefconRussia
 
jcmd #javacasual
jcmd #javacasualjcmd #javacasual
jcmd #javacasual
Yuji Kubota
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Alex Matrosov
 
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days
 
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролеріJS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JSFestUA
 

More Related Content

What's hot

PWM based motor speed control using LPC 1768
PWM based motor speed control using LPC 1768PWM based motor speed control using LPC 1768
PWM based motor speed control using LPC 1768
Omkar Rane
 
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
Omkar Rane
 
Qemu net netdev - nic
Qemu net netdev - nicQemu net netdev - nic
Qemu net netdev - nic
Chia-An Lee
 
MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103
Linaro
 
Decoding LoRaWAN Packet
Decoding LoRaWAN PacketDecoding LoRaWAN Packet
Decoding LoRaWAN Packet
Radiojitter Concepts Lab LLP
 
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
R3
 
Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18
Roy Wasse
 
Proof of x
Proof of xProof of x
Proof of x
Mikal Villa
 

What's hot (8)

PWM based motor speed control using LPC 1768
PWM based motor speed control using LPC 1768PWM based motor speed control using LPC 1768
PWM based motor speed control using LPC 1768
 
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
CAN interfacing on LPC1768 (ARM Cortex M3 based Micro controller)
 
Qemu net netdev - nic
Qemu net netdev - nicQemu net netdev - nic
Qemu net netdev - nic
 
MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103MOVED: The challenge of SVE in QEMU - SFO17-103
MOVED: The challenge of SVE in QEMU - SFO17-103
 
Decoding LoRaWAN Packet
Decoding LoRaWAN PacketDecoding LoRaWAN Packet
Decoding LoRaWAN Packet
 
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
DevDay: CordaCoin A Permissionless Cryptocurrency on Corda, R3
 
Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18Crypto talk OpenValue meetup 20-3-18
Crypto talk OpenValue meetup 20-3-18
 
Proof of x
Proof of xProof of x
Proof of x
 

Similar to Debugging TV Frame 0x06

Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
Sylvain Afchain
 
Advanced Evasion Techniques by Win32/Gapz
Advanced Evasion Techniques by Win32/GapzAdvanced Evasion Techniques by Win32/Gapz
Advanced Evasion Techniques by Win32/Gapz
Alex Matrosov
 
Linux SD/MMC device driver
Linux SD/MMC device driverLinux SD/MMC device driver
Linux SD/MMC device driver
艾鍗科技
 
Remote code execution in restricted windows environments
Remote code execution in restricted windows environmentsRemote code execution in restricted windows environments
Remote code execution in restricted windows environments
Borja Merino
 
Beginning direct3d gameprogramming01_20161102_jintaeks
Beginning direct3d gameprogramming01_20161102_jintaeksBeginning direct3d gameprogramming01_20161102_jintaeks
Beginning direct3d gameprogramming01_20161102_jintaeks
JinTaek Seo
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
Sylvain Afchain
 
Vectorization on x86: all you need to know
Vectorization on x86: all you need to knowVectorization on x86: all you need to know
Vectorization on x86: all you need to know
Roberto Agostino Vitillo
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
CODE BLUE
 
Debugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vosDebugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vos
Gluster.org
 
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
DefconRussia
 
jcmd #javacasual
jcmd #javacasualjcmd #javacasual
jcmd #javacasual
Yuji Kubota
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Alex Matrosov
 
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days
 
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролеріJS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JSFestUA
 
Kernel Recipes 2015: Anatomy of an atomic KMS driver
Kernel Recipes 2015: Anatomy of an atomic KMS driverKernel Recipes 2015: Anatomy of an atomic KMS driver
Kernel Recipes 2015: Anatomy of an atomic KMS driver
Anne Nicolas
 
Building a QT based solution on a i.MX7 processor running Linux and FreeRTOS
Building a QT based solution on a i.MX7 processor running Linux and FreeRTOSBuilding a QT based solution on a i.MX7 processor running Linux and FreeRTOS
Building a QT based solution on a i.MX7 processor running Linux and FreeRTOS
Fernando Luiz Cola
 
Anatomy of ROCgdb presentation at gcc cauldron 2022
Anatomy of ROCgdb presentation at gcc cauldron 2022Anatomy of ROCgdb presentation at gcc cauldron 2022
Anatomy of ROCgdb presentation at gcc cauldron 2022
ssuser866937
 
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
David Gómez García
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and Network
Caio Pereira
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debugging
Anne Nicolas
 

Similar to Debugging TV Frame 0x06 (20)

Skydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integrationSkydive, real-time network analyzer, container integration
Skydive, real-time network analyzer, container integration
 
Advanced Evasion Techniques by Win32/Gapz
Advanced Evasion Techniques by Win32/GapzAdvanced Evasion Techniques by Win32/Gapz
Advanced Evasion Techniques by Win32/Gapz
 
Linux SD/MMC device driver
Linux SD/MMC device driverLinux SD/MMC device driver
Linux SD/MMC device driver
 
Remote code execution in restricted windows environments
Remote code execution in restricted windows environmentsRemote code execution in restricted windows environments
Remote code execution in restricted windows environments
 
Beginning direct3d gameprogramming01_20161102_jintaeks
Beginning direct3d gameprogramming01_20161102_jintaeksBeginning direct3d gameprogramming01_20161102_jintaeks
Beginning direct3d gameprogramming01_20161102_jintaeks
 
Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
 
Vectorization on x86: all you need to know
Vectorization on x86: all you need to knowVectorization on x86: all you need to know
Vectorization on x86: all you need to know
 
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
[cb22] Tracking the Entire Iceberg - Long-term APT Malware C2 Protocol Emulat...
 
Debugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vosDebugging with-wireshark-niels-de-vos
Debugging with-wireshark-niels-de-vos
 
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
Mateusz 'j00ru' Jurczyk - Windows Kernel Trap Handler and NTVDM Vulnerabiliti...
 
jcmd #javacasual
jcmd #javacasualjcmd #javacasual
jcmd #javacasual
 
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...Проведение криминалистической экспертизы и анализа руткит-программ на примере...
Проведение криминалистической экспертизы и анализа руткит-программ на примере...
 
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
Positive Hack Days. Матросов. Мастер-класс: Проведение криминалистической экс...
 
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролеріJS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
JS Fest 2018. Володимир Шиманський. Запуск двіжка JS на мікроконтролері
 
Kernel Recipes 2015: Anatomy of an atomic KMS driver
Kernel Recipes 2015: Anatomy of an atomic KMS driverKernel Recipes 2015: Anatomy of an atomic KMS driver
Kernel Recipes 2015: Anatomy of an atomic KMS driver
 
Building a QT based solution on a i.MX7 processor running Linux and FreeRTOS
Building a QT based solution on a i.MX7 processor running Linux and FreeRTOSBuilding a QT based solution on a i.MX7 processor running Linux and FreeRTOS
Building a QT based solution on a i.MX7 processor running Linux and FreeRTOS
 
Anatomy of ROCgdb presentation at gcc cauldron 2022
Anatomy of ROCgdb presentation at gcc cauldron 2022Anatomy of ROCgdb presentation at gcc cauldron 2022
Anatomy of ROCgdb presentation at gcc cauldron 2022
 
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
Midiendo la calidad de código en WTF/Min (Revisado EUI Abril 2014)
 
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and Network
 
Embedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debuggingEmbedded Recipes 2019 - Introduction to JTAG debugging
Embedded Recipes 2019 - Introduction to JTAG debugging
 

More from Dmitry Vostokov

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slides
Dmitry Vostokov
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
Dmitry Vostokov
 
Debugging TV Frame 0x1C
Debugging TV Frame 0x1CDebugging TV Frame 0x1C
Debugging TV Frame 0x1C
Dmitry Vostokov
 
Debugging TV Frame 0x1A
Debugging TV Frame 0x1ADebugging TV Frame 0x1A
Debugging TV Frame 0x1A
Dmitry Vostokov
 
Debugging TV Frame 0x34
Debugging TV Frame 0x34Debugging TV Frame 0x34
Debugging TV Frame 0x34
Dmitry Vostokov
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
Dmitry Vostokov
 
Debugging TV Frame 0x31
Debugging TV Frame 0x31Debugging TV Frame 0x31
Debugging TV Frame 0x31
Dmitry Vostokov
 
Debugging TV Frame 0x25
Debugging TV Frame 0x25Debugging TV Frame 0x25
Debugging TV Frame 0x25
Dmitry Vostokov
 
Debugging TV Frame 0x24
Debugging TV Frame 0x24Debugging TV Frame 0x24
Debugging TV Frame 0x24
Dmitry Vostokov
 
Debugging TV Frame 0x21
Debugging TV Frame 0x21Debugging TV Frame 0x21
Debugging TV Frame 0x21
Dmitry Vostokov
 
Debugging TV Frame 0x20
Debugging TV Frame 0x20Debugging TV Frame 0x20
Debugging TV Frame 0x20
Dmitry Vostokov
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
Dmitry Vostokov
 
Debugging TV Frame 0x18
Debugging TV Frame 0x18Debugging TV Frame 0x18
Debugging TV Frame 0x18
Dmitry Vostokov
 
Debugging TV Frame 0x17
Debugging TV Frame 0x17Debugging TV Frame 0x17
Debugging TV Frame 0x17
Dmitry Vostokov
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16
Dmitry Vostokov
 
Debugging TV Frame 0x15
Debugging TV Frame 0x15Debugging TV Frame 0x15
Debugging TV Frame 0x15
Dmitry Vostokov
 
Debugging TV Frame 0x14
Debugging TV Frame 0x14Debugging TV Frame 0x14
Debugging TV Frame 0x14
Dmitry Vostokov
 
Debugging TV Frame 0x13
Debugging TV Frame 0x13Debugging TV Frame 0x13
Debugging TV Frame 0x13
Dmitry Vostokov
 
Debugging TV Frame 0x12
Debugging TV Frame 0x12Debugging TV Frame 0x12
Debugging TV Frame 0x12
Dmitry Vostokov
 
Debugging TV Frame 0x11
Debugging TV Frame 0x11Debugging TV Frame 0x11
Debugging TV Frame 0x11
Dmitry Vostokov
 

More from Dmitry Vostokov (20)

Accelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slidesAccelerated Windows Debugging 3 training public slides
Accelerated Windows Debugging 3 training public slides
 
Accelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slidesAccelerated .NET Memory Dump Analysis training public slides
Accelerated .NET Memory Dump Analysis training public slides
 
Debugging TV Frame 0x1C
Debugging TV Frame 0x1CDebugging TV Frame 0x1C
Debugging TV Frame 0x1C
 
Debugging TV Frame 0x1A
Debugging TV Frame 0x1ADebugging TV Frame 0x1A
Debugging TV Frame 0x1A
 
Debugging TV Frame 0x34
Debugging TV Frame 0x34Debugging TV Frame 0x34
Debugging TV Frame 0x34
 
Debugging TV Frame 0x33
Debugging TV Frame 0x33Debugging TV Frame 0x33
Debugging TV Frame 0x33
 
Debugging TV Frame 0x31
Debugging TV Frame 0x31Debugging TV Frame 0x31
Debugging TV Frame 0x31
 
Debugging TV Frame 0x25
Debugging TV Frame 0x25Debugging TV Frame 0x25
Debugging TV Frame 0x25
 
Debugging TV Frame 0x24
Debugging TV Frame 0x24Debugging TV Frame 0x24
Debugging TV Frame 0x24
 
Debugging TV Frame 0x21
Debugging TV Frame 0x21Debugging TV Frame 0x21
Debugging TV Frame 0x21
 
Debugging TV Frame 0x20
Debugging TV Frame 0x20Debugging TV Frame 0x20
Debugging TV Frame 0x20
 
Debugging TV Frame 0x19
Debugging TV Frame 0x19Debugging TV Frame 0x19
Debugging TV Frame 0x19
 
Debugging TV Frame 0x18
Debugging TV Frame 0x18Debugging TV Frame 0x18
Debugging TV Frame 0x18
 
Debugging TV Frame 0x17
Debugging TV Frame 0x17Debugging TV Frame 0x17
Debugging TV Frame 0x17
 
Debugging TV Frame 0x16
Debugging TV Frame 0x16Debugging TV Frame 0x16
Debugging TV Frame 0x16
 
Debugging TV Frame 0x15
Debugging TV Frame 0x15Debugging TV Frame 0x15
Debugging TV Frame 0x15
 
Debugging TV Frame 0x14
Debugging TV Frame 0x14Debugging TV Frame 0x14
Debugging TV Frame 0x14
 
Debugging TV Frame 0x13
Debugging TV Frame 0x13Debugging TV Frame 0x13
Debugging TV Frame 0x13
 
Debugging TV Frame 0x12
Debugging TV Frame 0x12Debugging TV Frame 0x12
Debugging TV Frame 0x12
 
Debugging TV Frame 0x11
Debugging TV Frame 0x11Debugging TV Frame 0x11
Debugging TV Frame 0x11
 

Recently uploaded

Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
XfilesPro
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
Remote DBA Services
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
Alberto Brandolini
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
TheSMSPoint
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
sjcobrien
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
Peter Muessig
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
Marcin Chrost
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
TaghreedAltamimi
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Peter Muessig
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
Sven Peters
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
Peter Muessig
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
Rakesh Kumar R
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
Rakesh Kumar R
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
SOCRadar
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
VALiNTRY360
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Envertis Software Solutions
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
Bert Jan Schrijver
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Łukasz Chruściel
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
Remote DBA Services
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Julian Hyde
 

Recently uploaded (20)

Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
Everything You Need to Know About X-Sign: The eSign Functionality of XfilesPr...
 
Oracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptxOracle Database 19c New Features for DBAs and Developers.pptx
Oracle Database 19c New Features for DBAs and Developers.pptx
 
Modelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - AmsterdamModelling Up - DDDEurope 2024 - Amsterdam
Modelling Up - DDDEurope 2024 - Amsterdam
 
Transform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR SolutionsTransform Your Communication with Cloud-Based IVR Solutions
Transform Your Communication with Cloud-Based IVR Solutions
 
Malibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed RoundMalibou Pitch Deck For Its €3M Seed Round
Malibou Pitch Deck For Its €3M Seed Round
 
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s EcosystemUI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
UI5con 2024 - Keynote: Latest News about UI5 and it’s Ecosystem
 
Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !Enums On Steroids - let's look at sealed classes !
Enums On Steroids - let's look at sealed classes !
 
Lecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptxLecture 2 - software testing SE 412.pptx
Lecture 2 - software testing SE 412.pptx
 
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsUI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
 
Microservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we workMicroservice Teams - How the cloud changes the way we work
Microservice Teams - How the cloud changes the way we work
 
UI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design SystemUI5con 2024 - Bring Your Own Design System
UI5con 2024 - Bring Your Own Design System
 
How to write a program in any programming language
How to write a program in any programming languageHow to write a program in any programming language
How to write a program in any programming language
 
What next after learning python programming basics
What next after learning python programming basicsWhat next after learning python programming basics
What next after learning python programming basics
 
socradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdfsocradar-q1-2024-aviation-industry-report.pdf
socradar-q1-2024-aviation-industry-report.pdf
 
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfTop Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdf
 
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative AnalysisOdoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
Odoo ERP Vs. Traditional ERP Systems – A Comparative Analysis
 
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
J-Spring 2024 - Going serverless with Quarkus, GraalVM native images and AWS ...
 
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Need for Speed: Removing speed bumps from your Symfony projects ⚡️
Need for Speed: Removing speed bumps from your Symfony projects ⚡️
 
Oracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptxOracle 23c New Features For DBAs and Developers.pptx
Oracle 23c New Features For DBAs and Developers.pptx
 
Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)Measures in SQL (SIGMOD 2024, Santiago, Chile)
Measures in SQL (SIGMOD 2024, Santiago, Chile)
 

Debugging TV Frame 0x06

  • 1. Frame 0x06 Presenter: Dmitry Vostokov Sponsors Debugging.TV
  • 2. • Value passing and register reuse • Breakpoint execution commands • WinDbg pseudo-registers and scripting • Passing data between breakpoints • Platform independent commands • Logging window messages • Module load events Topics © 2012 DumpAnalysis.org + TraceAnalysis.org
  • 3. BOOL WINAPI GetMessage ( __out LPMSG lpMsg, // RCX __in_opt HWND hWnd, // RDX __in UINT wMsgFilterMin, // R8d __in UINT wMsgFilterMax // R9d ); GetMessage © 2012 DumpAnalysis.org + TraceAnalysis.org
  • 4. typedef struct tagMSG { HWND hwnd; // 64 UINT message; // 64 WPARAM wParam; // 64 LPARAM lParam; // 64 DWORD time; // 32 POINT pt; // 32, 32 } MSG, *PMSG, *LPMSG; MSG © 2012 DumpAnalysis.org + TraceAnalysis.org
  • 5. 0:000> ub 00000000`ff2d1064 notepad!WinMain+0xf5: [...] 00000000`ff2d1051 488d4c2440 lea rcx,[rsp+40h] 00000000`ff2d1056 4533c9 xor r9d,r9d 00000000`ff2d1059 4533c0 xor r8d,r8d 00000000`ff2d105c 33d2 xor edx,edx 00000000`ff2d105e ff1524b40000 call qword ptr [notepad!_imp_GetMessageW (...)] * bp 0 0:000> u 00000000`ff2d1064 notepad!WinMain+0x182: 00000000`ff2d1064 413bc4 cmp eax,r12d * bp 1 00000000`ff2d1067 0f84b2060000 je notepad!WinMain+0x18b (00000000`ff2d171f) [...] 0:000> bl 0 e 00000000`ff2d105e 0001 (0001) 0:**** notepad!WinMain+0x17c "r $t0 = rcx; g" 1 e 00000000`ff2d1064 0001 (0001) 0:**** notepad!WinMain+0x182 ".printf "hwnd: %p message: %p wParam: %p lParam: %p", poi(@$t0), poi(@$t0+@$ptrsize), poi(@$t0+2*@$ptrsize), poi(@$t0+3*@$ptrsize); .echo; g" Event State Management © 2012 DumpAnalysis.org + TraceAnalysis.org
  • 6. .logopen kv u ub bp bl g r dp Commands and pseudo-registers © 2012 DumpAnalysis.org + TraceAnalysis.org .printf .echo poi $t0 $ptrsize bc dd .logclose
  • 7. !Ad Hardcore Technical Support Training © 2012 DumpAnalysis.org + TraceAnalysis.org Advanced Windows Memory Dump Analysis Accelerated Windows Memory Dump AnalysisJanuary 18-23, 2012: January 13, 2012: Training Schedule Accelerated .NET Memory Dump AnalysisJanuary 26-27, 2012: