We added a fflush(stdout) to enforce the output in an eager mode and before each printf() statement, there are five integer operations to allow us insert additional machine code later.įigure 2 shows the assembly of the compiled code.Clearly,the 'MOV, 0' instructions between 0x4010BA and 0x4010D6 correspond to the integer assignments "int a=0" etc. The output of the program should be "AAAABBBB". The C++ source of the program is shown in the following. In the following, we demonstrate some of the interesting behaviors of Int 2d using a simple program Int2dPrint.exe. This is because WinDbg stops its running, Simply type " g" (standing for "go") in the WinDbg window, and let the XP Guest continue. You might notice that currently you are not able to access your XP Guest. Windbg -b -k com:pipe,port=\\.\pipe\com_11 You should be able to get a window as shown in Figure 1. Change directory to "c:\Program Files\Debugging Tools for Windows(x86)" and type the following. Now in the host machine, launch the "Windows SDK 7.1" command window coming with WinDbg. Start your XP guest in the debug mode (2nd option). It consists of two steps: (1) manually add a COM port in Control Panel and (2) manually configure COM1 as the port number. ![]() You can follow jorgensen's tutorial on " How to Add a Serial Port in Windows XP and 7 Guest" (follow the XP part). In some versions of XP, COM ports have to be manually configured. Multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="DEBUGGED VERSION" /noexecute=optin /fastdetect /debug /debugport=com1 /baudrate=115200 ![]() Multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Note that we set COM1 as the debug port.ĭefault=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS The file is shown as below, you can modify yours correspondingly. This is to set up a second booting option for the debug mode. We need to further configure the XP guest to make it work. The installation of WinDbg on the host machine can follow the instructions on MSDN. ![]() In the following we assume that the pipe path on the host machine is \\.\pipe\com_11 and the guest OS is using COM1. Pay special attention to Seciton 3.1 (how to set up the serial port of the XP Guest). If you have not installed the guest VM, please follow the instructions of Tutorial 1. Before we proceed, we need to configure it properly on the host machine and the guest XP. In addition the the immunity debugger, we are going to use WinDbg in this tutorial. In the following, we use an experimental approach to explore the possible ways to make a program behave differently when running in a virtual machine and debugged environment. The behavior of int 2d instructions may be affected by many factors, e.g., the SEH handler installed by the program itself, whether the program is running under a ring 3 debugger, whether the OS is running in the debugged mode, the program logic of the OS exception handler (KiDispatch), the value of registers when int 2d is requested (determining the service that is requested). Find out as many ways as possible to make a program run differently in a debugged environment from a regular execution (using int 2d)?.Basic control flow constructs in x86 assembly.Debugging and modification of binary executable programs.Explore the behavior difference of debuggers on int 2dh.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |