PyKD Tutorial – part 2

  Breakpoints Breakpoints are such useful things and can give you the power of analyzing programs in a better and easier way by using PyKD. In the API Reference they introduce setBp function in the following way :

As you can see, setBp can give a pointer as its first argument and a python function as the […]

Change User-Mode application’s virtual address through Kernel Debugging

Well, it’s somehow an odd topic but sometimes it could be really helpful in some situations. So what are the situations? Imagine sometimes you need to access windows stuffs that aren’t available from user-mode debuggers like ollydbg or through user-mode debugging (e.g memory after 0x7fffffff). In my experience I see some conditions that protectors make […]

Assembly Challenge : Jump to a non-relative address without using registers

During developing a dispatch table for some instructions in binaries, one of the challenging problem which I faced, was changing the registers state in a way that doesn’t affect the program flow! So it might seem simple at first glance but what makes it complex is that I can’t use relative jumps or relative calls […]