Книга: Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
Назад: Drivers and Kernel Code
Дальше: Using WinDbg
shows a Windows boot.ini with a line added to enable kernel debugging..Check the box labeled Yield CPU on poll.
.
Check the box labeled Yield CPU on poll.
.
If the virtual machine is running, the debugger should connect within a few seconds. If it is not running, the debugger will wait until the OS boots, and then connect during the boot process. Once the debugger connects, consider enabling verbose output while kernel debugging, so that you’ll get a more complete picture of what is happening. With verbose output, you will be notified each time a driver is loaded or unloaded. This can help you identify a malicious driver in some cases.
Назад: Drivers and Kernel Code
Дальше: Using WinDbg
Войти в систему
Войти с помощью соц. сетей:
