... 
0001100100110111110001011101100001000001010100110011011000011110111011110101110101001101010011110001000100110000100001000010011110
1001100010101111001101001011100110111100111100111011011100000110110001010011010001001111011111000100000101010110100101011000000101
1101011101011000001011010101001011010110100001001010010111000100101011101011011001011110110111101110010110101110101111100011001111
1001011111010000000011010101111111011000011101010111000001010110100000111101111110100110010111100111010100111001011101110000000000
0001110011010010100000001011001000010100001110001111111010000000011000010101000000111010011110010110100111010111111101010000101101
1010111000110101011100010000100010010101100110000101000000010011000000011101100101001001011111001111100011100000101101001111011100
1010000000010100000111110100101001011011011111100100101101001001011010001110000001100101010010111111101101101010010100011101111001
1011110000101010011100100101110001101110111001010110000110111000010000001000000101000111100100111011000001110110001000010001010100
1111001111000001111101110111100011000000000000110001001011010001001100010100100100001111101011010000101010001110101000011000011100
1110101111100011000010000101101101101110001110101000000100000011100011000111011011010110011001010101111101010010110100011011010010
0100010011010011100101101111000110001000011001101111001111011000011001001011111101110010000100010101000110110100101100110100001010
0010111101001000010011111101000100100001011111001100101000000010101000101011010110100111001000101111001001001110011110101001111010
RE
RE-Tools
Security
Operating Systems
Development Tools
Digital Art
Didatic Materials
Virtualization
zines...
"... i don't understand the world... i wont understand the world... i don't belive that someone in sometime... said what? sorry i don't understand... rakish"

Tuesday, February 12, 2008

Learning how Windows NT work

Done, i'd made a decision, there is a lot of documents around internet about windows, really i'm not going to write the same thing here, and even if i write about the kernel, first, i'll need to explain things that we need to know before we go(that blog is not intent to "experts" as you see, i give my attention for who is starting), so if i think that is necessary write somethings, i'll do.

So, anyway here is a simple guide that i tested on windows xp sp2 for install the MS debugging tools, the first step for who is learning how OS work, is start at "startup process".

http://en.wikipedia.org/wiki/Windows_NT_startup_process

The tools that you can use for look how the OS work on NT:

-MS Virtual PC
-Debugging tools for windows
------------------------------------------------------------------------------------


First - Installation


Install MS Virtual PC Link: Click here to download


Install Microsoft SDK Link:Click here to download


------------------------------------------------------------------------------------


Second - the Settings


Note: the target to debug here is a Microsoft Windows XP into one VM(we are using MS Virtual PC)

1.Install the Windows XP on your VM(Virtual Machine), after it edit the boot.ini file, you can do it just following some steps, open the properties of


My Computer" >> Advanced [Startup and Recovery] >> Settings >> Edit.

Now you should see something like this:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


Copy it to one line below it, but add some little things like /DEBUGPORT=COM1 /BAUDRATE=115200

Should look like:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /DEBUGPORT=COM1 /BAUDRATE=115200


Now, go shutdown the VM and set up others configurations: in Virtual PC Console choose your VM, go to it settings in COM1 for example and add in Name Pipe:
\\.\pipe\kd That's a IPC that we going to use for debug from the kernel side.
Done it you can start VM if you want, if you do it, choose the second line that you added to the boot.ini(i mean the line that specify the parameters to debug)
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /DEBUGPORT=COM1 /BAUDRATE=115200

Configuring the WinDbg
After you do the previous things do the following:
1.make a .bat file with some contents that i will write below.

if you got the "Windows Symbol Packages" from the microsoft website and unpacked them to c:\windows\symbols...

windbg -y C:\WINDOWS\Symbols -k com:pipe,port=\\.\pipe\kd,resets=0,reconnect

else
windbg -y SRV*c:\websymbols*http://msdl.microsoft.com/download/symbols -k com:pipe,port=\\.\pipe\kd,resets=0,reconnect


later, be sure that VM is running and all settings are done, you can verify the pipe made by VM using follow tool:


Link:Click here to download Run it from prompt(console mode).


Do you see the name kd?

If you see you can go on.


------------------------------------------------------------------------------------


Third - Testing


Now, go to the host window, execute the .bat file that you had created to run windbg,
if you see "Opened \\.\pipe\kd Waiting to reconnect...", go to:


Debug >> Kernel Connection >> Cycle Initial Break.

Now, restart the VM and you get it waiting for your commands. :)


------------------------------------------------------------------------------------


Complementary study

Virtualization(related to MS Virtual PC)
http://en.wikipedia.org/wiki/Virtualization
Reverse Engineering(related to WinDbg)
http://en.wikipedia.org/wiki/Reverse_engineering

------------------------------------------------------------------------------------

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)