https://soffensive.github.io/tags/windbg/Recent content in Windbg on soffensive blogHugoenSun, 16 Jul 2017 05:45:00 -0700https://soffensive.github.io/posts/practical-reverse-engineering/2017-07-16-practical-reverse-engineering-exercise-solutions-livekd-windbg-cheat-sheet/Sun, 16 Jul 2017 05:45:00 -0700https://soffensive.github.io/posts/practical-reverse-engineering/2017-07-16-practical-reverse-engineering-exercise-solutions-livekd-windbg-cheat-sheet/<p>Here are a couple of commands I regularly use for reverse engineering:</p> <ul> <li><code>uf &lt;function&gt;</code>: Unassemble function</li> <li><code>dt nt!_ktss</code>: Show the definition of the data structure <code>_ktss</code></li> <li><code>?? sizeof(_ktss)</code>: Show the size the data structure <code>_ktss</code> occupies in memory</li> <li><code>.hh uf</code>: Show help for the function <code>uf</code></li> <li><code>x nt!*createfile*</code>: Search all functions having the string <code>createfile</code> in its name</li> <li><code>!vtop &lt;PDPT-pointer&gt; &lt;virtualAddress&gt;</code>: Compute physical address of given virtual address and the pointer to the page directory pointer table</li> </ul>