From: BobS0327 on 20 Oct 2009 19:14 How would I debug a userland api call such as CreateFile to trace its calling of the native NtCreateFile? I'm assuming I can do this using kd.exe.
From: Kerem Gümrükcü on 21 Oct 2009 02:11 Hi Stranger (Whats your name?), well from where do you want to intercept the call, from usermode or from kernelmode, e.g. do you run your debugger in usermode or in kernelmode? Generally you set a breakpoint for the function call, see the WinDbg Documentation for the Topic "Using Breakpoints". If you do not run WinDbg, then your debugger mostly will have the same option to set a breakpoint on some function you want to catch,... Regards Kerem -- ----------------------- Beste Gr�sse / Best regards / Votre bien devoue Kerem G�mr�kc� Latest Project: http://www.pro-it-education.de/software/deviceremover Latest Open-Source Projects: http://entwicklung.junetz.de ----------------------- "BobS0327" <BobSut48(a)ptdprolog.net> schrieb im Newsbeitrag news:hblg72$u48$1(a)aioe.org... > How would I debug a userland api call such as CreateFile to trace its > calling of the native NtCreateFile? > > I'm assuming I can do this using kd.exe. > > >
From: Le Chaud Lapin on 2 Nov 2009 22:44 On Oct 20, 5:14 pm, "BobS0327" <BobSu...(a)ptdprolog.net> wrote: > How would I debug a userland api call such as CreateFile to trace its > calling of the native NtCreateFile? > > I'm assuming I can do this using kd.exe. 1. Write tiny program that invokes CreateFile(). 2. Set breakpoint at invocation of CreateFile(). 3. Run program. 4. When break point hits, go into assembly-language mode. 5. Enjoy. :) -Le Chaud Lapin-
|
Pages: 1 Prev: 86 Opinion Dsiconsolas.com Next: IEEE1284 / USB converter |