blabberer
November 30th, 2011, 03:37
i started reversing and during my first few days i somehow installed softice 4.05 which never worked in windows 2000 then i got to know about ollydbg that was version 1.04 then and it has been my favourite since then
but ollydbg is a ring 3 debugger and at times when you needed to know what is happening on the other side i felt handicapped
i didnt want to use softice and windbg needed two machines which was not feasible
then i used the Poor man's Kernel Debugger livekd from sysinternals
then i got to know about microsoft virtual pc and i was quiet happy to use it for kernel debugging
connected to the physical machine using NamedPipe
if you notice my statements you will find all the software i used were freeware i never had to
patch or use keygens or scour the net for warez
but on and off i would be in a situation where my physical host being xp wasnt able to kernel debug some old app in an old os
like windows 98
in situations like this it was softice in say 98 vm which i disliked
so on and off i was trying to connect two virtual machines and use windbg
but i never succeded in connecting two virtual machine on a single physical host using
microsoft virtual pc
vmware was known to me but vmware was either 30 day trial or an endless scouring on bottomless net
vmware in the meantime released thier player which was freeware but when i looked at it then
it didnt have the ability to create a vm
recently i needed to debug some win98 app and i started searching the net for any pointers
while searching i got to know about vmware player 4.01 which is a freeware and which had the ability to create a vm
my interest was thus aroused
and i downloaded the vmware player 4.01 and installed it and started playing with it to create a guest os
and there by i got to know that vmware has a convertor wherby i can use my old virtual hard disks made by microsoft virtual pc
so i downloaded the vmware vcenter convertor and installed it
fed it with a win98.vmc
and it happily converted the .vmc into a .vmx file and .vhd file into a .vmkd file
and it loaded perfectly well into vmware (vmware says supported guest os starts from NT )
after some found newhardware restart routine (omg how many restarts win98 needs
)
i was able to play loderunner on this win98
)
now moving on to the real purpose
i fed the convertor another win98se.vmc and got it converted to vmkd and started this too
i used old ms vpc vhds because i already had lots of craps installed inside them including RTERM98 and WDEB386
while i fruitlessly tried to use them earlier
now i had two vms running side by side on a single physical host
one vm win98 was installed with win98se os and had windows98ddk installed on it
i had edited the system.ini located in c:\windows
and added the following in
on the other vm i had a win98se os and in that i had RTERM98 open connected to comport 1
on both vmware player i added a serial port
asked vmware to use named pipe \\.\pipe\com_1 on both vms
assigned one end as server and other end as virtual machine in first vm
assigned one end as cilent and other end as virtual machine in second vm
and restarted the first vm which had WDEB98 installed and kept the finger crossed
but to my surprise rterm98 on the other vm sprang to life and started spouting up
the time was well spent i can now set a int 3 in some .com file or LE or NE or VXD and stop in kernel debugger
and all freeware at that
i post below a few screen shots for clarity and some debug spew from rterm
i opened up my fav iczelion tut 02 msgbox.exe plopped an int aka 0xcc at 0x401000
double clciked it and got it trapped in wdeb386 see screen shotserialport_firstvmmod.jpg (22.4 KB)serialport_secondvmmod.jpg (24.6 KB)wdeb_vmwareplayer.jpg (41.1 KB)
but ollydbg is a ring 3 debugger and at times when you needed to know what is happening on the other side i felt handicapped
i didnt want to use softice and windbg needed two machines which was not feasible
then i used the Poor man's Kernel Debugger livekd from sysinternals
then i got to know about microsoft virtual pc and i was quiet happy to use it for kernel debugging
connected to the physical machine using NamedPipe
if you notice my statements you will find all the software i used were freeware i never had to
patch or use keygens or scour the net for warez
but on and off i would be in a situation where my physical host being xp wasnt able to kernel debug some old app in an old os
like windows 98
in situations like this it was softice in say 98 vm which i disliked
so on and off i was trying to connect two virtual machines and use windbg
but i never succeded in connecting two virtual machine on a single physical host using
microsoft virtual pc
vmware was known to me but vmware was either 30 day trial or an endless scouring on bottomless net
vmware in the meantime released thier player which was freeware but when i looked at it then
it didnt have the ability to create a vm
recently i needed to debug some win98 app and i started searching the net for any pointers
while searching i got to know about vmware player 4.01 which is a freeware and which had the ability to create a vm
my interest was thus aroused
and i downloaded the vmware player 4.01 and installed it and started playing with it to create a guest os
and there by i got to know that vmware has a convertor wherby i can use my old virtual hard disks made by microsoft virtual pc
so i downloaded the vmware vcenter convertor and installed it
fed it with a win98.vmc
and it happily converted the .vmc into a .vmx file and .vhd file into a .vmkd file
and it loaded perfectly well into vmware (vmware says supported guest os starts from NT )
after some found newhardware restart routine (omg how many restarts win98 needs
)i was able to play loderunner on this win98
) now moving on to the real purpose
i fed the convertor another win98se.vmc and got it converted to vmkd and started this too
i used old ms vpc vhds because i already had lots of craps installed inside them including RTERM98 and WDEB386
while i fruitlessly tried to use them earlier
now i had two vms running side by side on a single physical host
one vm win98 was installed with win98se os and had windows98ddk installed on it
i had edited the system.ini located in c:\windows
and added the following in
Code:
[386en] section
Device= c:\windows\wdeb98.exe
DebugPort = 1
DebugBaud = 115200
DebugSym="full path to sym file" viz "c:\sym\krnl386.sym" "etc etc "
"
"
"
on the other vm i had a win98se os and in that i had RTERM98 open connected to comport 1
on both vmware player i added a serial port
asked vmware to use named pipe \\.\pipe\com_1 on both vms
assigned one end as server and other end as virtual machine in first vm
assigned one end as cilent and other end as virtual machine in second vm
and restarted the first vm which had WDEB98 installed and kept the finger crossed
but to my surprise rterm98 on the other vm sprang to life and started spouting up
the time was well spent i can now set a int 3 in some .com file or LE or NE or VXD and stop in kernel debugger
and all freeware at that
i post below a few screen shots for clarity and some debug spew from rterm
i opened up my fav iczelion tut 02 msgbox.exe plopped an int aka 0xcc at 0x401000
double clciked it and got it trapped in wdeb386
see screen shotserialport_firstvmmod.jpg (22.4 KB)serialport_secondvmmod.jpg (24.6 KB)wdeb_vmwareplayer.jpg (41.1 KB)