|
|
|
|
#1
04-21-2004, 03:44
|
|||
|
|||
|
auroras:
I don't think "contributing" a certain number of posts means dividing your response into 3 posts and posting part of it every two minutes. That is called padding your post count. I've made one post out of your comments and deleted the other two. Regards,
__________________
JMI Last edited by JMI; 04-21-2004 at 09:18. 
|
|
#2
04-21-2004, 06:07
|
|||
|
|||
|
Look for "Debugging Applications" by John Robbins. "Inside MS Windows 2000" by David A. Solomon and Mark E. Russinovich may help you.
|
|
#3
04-21-2004, 15:59
|
|||
|
|||
|
SICE's core is a driver
|
|
#4
04-21-2004, 16:31
|
|||
|
|||
|
so then if SICE core is kernel driver i think that it can run under ring0 privileges
by u can find some useful thing about Ring mode in very useful virus ezines from 29A labs  http://29a.host.sk/
|
|
#5
04-21-2004, 16:34
|
|||
|
|||
|
Look for mamaich's BlindStudio debugger with sources on Elicz's site
|
|
#6
04-21-2004, 19:02
|
|||
|
|||
|
Quote:
I don't think it is about whether it is a kernel driver, but rather about when SoftICE loads. SoftICE seems to always start first, and can actually debug other kernel drivers when they load. Just wondering how they manage to do that.... Re: BlindStudio Thanks a lot! Last edited by auroras; 04-21-2004 at 19:15.
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
