Hi all,
I have 2 Questions in my mind from so many Days :
Thanks,
Satish K.S
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
With the right tools , it is possible to “debug” anything. But in your case , examining Hal.dll or disk.sys is smells like reverse engineering , not debugging. For this , there are better tools
than debuggers. Dissasemblers. Theyll provide you a much better insight than a debugger.
Live debugging is only needed to understand a very small fraction of the code. A good knowledge of the target platform ASM and system architecture is required.
----- Original Message -----
From: Satish
To: File Systems Developers
Sent: Wednesday, April 25, 2001 11:52 AM
Subject: [ntfsd] Driver Debugging
Hi all,
I have 2 Questions in my mind from so many Days :
You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
I have just considered those 2 files as Examples :).
"Live debugging " ???
Other then Debugger how to understand those codes without tracing the Instructions ?
Regards,
Satish K.S
----- Original Message -----
From: danp
To: File Systems Developers
Sent: Wednesday, April 25, 2001 2:49 PM
Subject: [ntfsd] Re: Driver Debugging
With the right tools , it is possible to “debug” anything. But in your case , examining Hal.dll or disk.sys is smells like reverse engineering , not debugging. For this , there are better tools
than debuggers. Dissasemblers. Theyll provide you a much better insight than a debugger.
Live debugging is only needed to understand a very small fraction of the code. A good knowledge of the target platform ASM and system architecture is required.
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
Dead listing. An dissasembler will spit out assembly code from a binary file. The quality of this listing greatly depends by the abiltitys of the tool you use. For good resulst , a interactive dissasambler (which allows you to manualy correct disasembly mistakes) , with navigation capabilites trough the listing (follow jumps , calls )is required. The ultimate tool in this area is IDA( www.datarescue.com ) . They have a good freware version , which outperforms (almost ?) all commercial dissasemblers I know. The profesional retail is abt 500$ , but it can dissasemble almost anything you can think at , and beyound this.
As I said , Dead listing analyisis will provide you with better insight than any live tracing , mostly because you have all the code of the module under your eyes and you can easily spot the whole picture. Take my word for it. If you are good enough with target platform ASM and you are familiar with the asm constructs the compiler generates , is like having access to the source code. It sounds simple , but it aint. It requires a lot of knowledge about target OS internals , fluency in ASM code , a minimal knowledge abt compilers and code generation and is a time consuming activity. And it requires skill too , for you can easily misinterpret code sequences , or fail to corectly reconstruct involved data structures . And understanding things wrong is worse than knowing nothing .
----- Original Message -----
From: Satish
To: File Systems Developers
Sent: Wednesday, April 25, 2001 12:30 PM
Subject: [ntfsd] Re: Driver Debugging
I have just considered those 2 files as Examples :).
"Live debugging " ???
Other then Debugger how to understand those codes without tracing the Instructions ?
Regards,
Satish K.S
----- Original Message -----
From: danp
To: File Systems Developers
Sent: Wednesday, April 25, 2001 2:49 PM
Subject: [ntfsd] Re: Driver Debugging
With the right tools , it is possible to “debug” anything. But in your case , examining Hal.dll or disk.sys is smells like reverse engineering , not debugging. For this , there are better tools
than debuggers. Dissasemblers. Theyll provide you a much better insight than a debugger.
Live debugging is only needed to understand a very small fraction of the code. A good knowledge of the target platform ASM and system architecture is required.
You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
I feel I dont find any difficulty in Debugging the Binaries If Debugger lodes and We can under stand the Binary by using IDA Disassembler some times. But Some times We must go using Live Tracing to understand the Logic part in Binary.
I have One Method to Load the DLL under Debugger( But I can say we can success 50% at least. Used to debug the MTX Virus ). I am searching any other Best method.
But i dont have any idea in Debugging the Driver ( .sys file under NT ) of Others.
Regards,
Satish K.S
----- Original Message -----
From: danp
To: File Systems Developers
Sent: Wednesday, April 25, 2001 4:30 PM
Subject: [ntfsd] Re: Driver Debugging
Dead listing. An dissasembler will spit out assembly code from a binary file. The quality of this listing greatly depends by the abiltitys of the tool you use. For good resulst , a interactive dissasambler (which allows you to manualy correct disasembly mistakes) , with navigation capabilites trough the listing (follow jumps , calls )is required. The ultimate tool in this area is IDA( www.datarescue.com ) . They have a good freware version , which outperforms (almost ?) all commercial dissasemblers I know. The profesional retail is abt 500$ , but it can dissasemble almost anything you can think at , and beyound this.
As I said , Dead listing analyisis will provide you with better insight than any live tracing , mostly because you have all the code of the module under your eyes and you can easily spot the whole picture. Take my word for it. If you are good enough with target platform ASM and you are familiar with the asm constructs the compiler generates , is like having access to the source code. It sounds simple , but it aint. It requires a lot of knowledge about target OS internals , fluency in ASM code , a minimal knowledge abt compilers and code generation and is a time consuming activity. And it requires skill too , for you can easily misinterpret code sequences , or fail to corectly reconstruct involved data structures . And understanding things wrong is worse than knowing nothing .
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
I mostly agree and also like IDA. Note it isn’t so expensive, there are two
commercial versions which differ only in number of supported processors. For
x86 standard version is quite sufficient and the cost is about $300.
Freeware version is good but current commercial is incredible.
I agree disassember gives better insight but sometimes live debugging is
also necessary. Currently, I’m trying to solve ugly deadlock problem in w9x
vfat.vxd and use both methods at once.
Best regards,
Michal Vodicka
Veridicom
(RKK - Skytale)
[WWW: http://www.veridicom.com , http://www.skytale.com]
From: danp[SMTP:danp@jb.rdsor.ro]
Reply To: File Systems Developers
Sent: Wednesday, April 25, 2001 1:00 PM
To: File Systems Developers
Subject: [ntfsd] Re: Driver DebuggingDead listing. An dissasembler will spit out assembly code from a binary
file. The quality of this listing greatly depends by the abiltitys of the
tool you use. For good resulst , a interactive dissasambler (which allows
you to manualy correct disasembly mistakes) , with navigation capabilites
trough the listing (follow jumps , calls )is required. The ultimate tool
in this area is IDA( www.datarescue.com ) . They have a good freware
version , which outperforms (almost ?) all commercial dissasemblers I
know. The profesional retail is abt 500$ , but it can dissasemble almost
anything you can think at , and beyound this.
As I said , Dead listing analyisis will provide you with better insight
than any live tracing , mostly because you have all the code of the module
under your eyes and you can easily spot the whole picture. Take my word
for it. If you are good enough with target platform ASM and you are
familiar with the asm constructs the compiler generates , is like having
access to the source code. It sounds simple , but it aint. It requires a
lot of knowledge about target OS internals , fluency in ASM code , a
minimal knowledge abt compilers and code generation and is a time
consuming activity. And it requires skill too , for you can easily
misinterpret code sequences , or fail to corectly reconstruct involved
data structures . And understanding things wrong is worse than knowing
nothing .----- Original Message -----
From: Satish
To: File Systems Developers
Sent: Wednesday, April 25, 2001 12:30 PM
Subject: [ntfsd] Re: Driver DebuggingI have just considered those 2 files as Examples :).
"Live debugging " ???
Other then Debugger how to understand those codes without tracing
the Instructions ?Regards,
Satish K.S----- Original Message -----
From: danp
To: File Systems Developers
Sent: Wednesday, April 25, 2001 2:49 PM
Subject: [ntfsd] Re: Driver DebuggingWith the right tools , it is possible to “debug” anything.
But in your case , examining Hal.dll or disk.sys is smells like reverse
engineering , not debugging. For this , there are better tools
than debuggers. Dissasemblers. Theyll provide you a much
better insight than a debugger.
Live debugging is only needed to understand a very small
fraction of the code. A good knowledge of the target platform ASM and
system architecture is required.
You are currently subscribed to ntfsd as: danp@jb.rdsor.ro
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: xxxxx@rkk.cz
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com
You are currently subscribed to ntfsd as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntfsd-$subst(‘Recip.MemberIDChar’)@lists.osr.com