Hervé Poussineau b9852e83d2 [NTOS:EX] HACK: on livecd, disable security features in NtSystemDebugControl ...

WinDBG can do some local debugging using 'windbg -kl'. In that case,
WinDBG tries to directly use NtSystemDebugControl. If this function
returns an error, WinDBG extracts a driver from its resources.
WinDBG will send IOCTLs to this driver, and this driver will call
KdSystemDebugControl.

However, on livecd (where %SYSTEMROOT% is read-only), WinDBG is unable
to extract the driver from its resources, and can't use the driver to
call KdSystemDebugControl.

As a work-around, allow all control classes in NtSystemDebugControl
in case of livecd.
WinDBG local debugging now also works on livecd (windbg -kl).

2025-01-28 22:00:56 +01:00

14 KiB

Raw Permalink Blame History

View Raw