2018年6月18日 · I'm trying to reverse the Dbgv.sys (x86 kernel driver) for the DbgView tool. It has this sub_10D4A function that is called almost at the beginning of the driver's DriverEntry function. It goes as such: The relevant piece of disassembly:

2013年3月29日 · \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\DBGV *** ERROR: Module load completed but symbols could not be loaded for Dbgv.sys Driver object (ffbd6248) is for: \Driver\DBGV DriverEntry: f6d89185 Dbgv DriverStartIo: 00000000 DriverUnload: 00000000 AddDevice: 00000000 Dispatch routines: [00] IRP_MJ_CREATE f6d87168 Dbgv+0x1168 [01] …

2014年3月26日 · The driver analysed here is the driver loaded by dbgview (dbgv.sys) from SysInternals. This control code checks for an incompatible version of driver loaded in memory. Follow through can be practiced with the specific driver and specific version: (4.75) build time Thu Aug 07 04:51:27 2008 EDIT

2024年9月8日 · Trying to understand this construct in Dbgv.sys driver for DbgView tool I'm trying to reverse the Dbgv.sys (x86 kernel driver) for the DbgView tool. It has this sub_10D4A function that is called almost at the beginning of the driver's DriverEntry function.

Trying to understand this construct in Dbgv.sys driver for DbgView tool I'm trying to reverse the Dbgv.sys (x86 kernel driver) for the DbgView tool. It has this sub_10D4A function that is called almost at the beginning of the driver's DriverEntry function.

2018年1月5日 · Trying to understand this construct in Dbgv.sys driver for DbgView tool I'm trying to reverse the Dbgv.sys (x86 kernel driver) for the DbgView tool. It has this sub_10D4A function that is called almost at the beginning of the driver's DriverEntry function.

2022年11月16日 · [1] Consider modern Linux. If whatever you found would allow a rootless container (think Podman) to read/write kernel memory of the hosting kernel, that'd be a huge issue and most certainly be considered a vulnerability.

The stack is for data storage, not code. I figured it out. It looks like the sub statement is allocating space for the entire program rounded to the nearest qword.

Trying to understand this construct in Dbgv.sys driver for DbgView tool. Awarded Jun 19, 2024 at 14:17. MikeF.