Kayaker
January 15th, 2005, 21:27
Hi All
I came upon what looks to be a very promising kernel debugger on a Chinese forum. There is an active thread discussing it here:
http://www.driverdevelop.com/forum/html_61514.html?1105821078
There appears to be 2 download packages, I had some problems with CRC corrupt rar files for both packages, but was finally able to d/l a clean copy of the 2nd.
One with an .msi installer (5.4MB):
ftp://soft:mysoft@www.zndev.com/syserinstall.rar
and the other without (1.9MB):
http://link.coolala.net/temp/syser.rar
SyserMgr.exe
wisp.dat
wispsyser.sys
From another link I found pictures of the debugger:
http://link.coolala.net/temp/debug1.jpg
http://link.coolala.net/temp/debug2.jpg
It has a *very* impressive subset of the usual Softice commands, as well as many interesting new ones ("Set Debug Register DR7" anyone?). It supports windows 2000 server, windows xp, windows xp sp1, 2003 server.
I've only begun to look at it, but it seems to run well even under VMWare. It seems like it is supposed to be compatible with Softice in some fashion, but I've found conflicts. I'm not sure if it's a ring3 debugger with a kernel component (something I've been expecting as a natural progression for a long time...), or whether it can also trace ring0 code.
I tried its I1HERE ON option to break on an INT 1 in my own kernel driver, to see if it would trace in kernel code, and under VMWare it went BSOD. If it can trace ring0 it could be extremely useful, if not it may still have a few nice extended capabilities as a ring3 debugger.
There is a lot of exploring to do here. Since there is neither source nor a help file, any analysis of it here would be interesting. That also includes if anyone has the language capabilities to decipher any of the active thread and report anything useful... did I see the name Sephiroth?
After loading the sys driver, attach to a process. You can toggle into a command window with Ctrl-2 and type 'help' for a list of commands.
Regards,
Kayaker
I came upon what looks to be a very promising kernel debugger on a Chinese forum. There is an active thread discussing it here:
http://www.driverdevelop.com/forum/html_61514.html?1105821078
There appears to be 2 download packages, I had some problems with CRC corrupt rar files for both packages, but was finally able to d/l a clean copy of the 2nd.
One with an .msi installer (5.4MB):
ftp://soft:mysoft@www.zndev.com/syserinstall.rar
and the other without (1.9MB):
http://link.coolala.net/temp/syser.rar
SyserMgr.exe
wisp.dat
wispsyser.sys
From another link I found pictures of the debugger:
http://link.coolala.net/temp/debug1.jpg
http://link.coolala.net/temp/debug2.jpg
It has a *very* impressive subset of the usual Softice commands, as well as many interesting new ones ("Set Debug Register DR7" anyone?). It supports windows 2000 server, windows xp, windows xp sp1, 2003 server.
I've only begun to look at it, but it seems to run well even under VMWare. It seems like it is supposed to be compatible with Softice in some fashion, but I've found conflicts. I'm not sure if it's a ring3 debugger with a kernel component (something I've been expecting as a natural progression for a long time...), or whether it can also trace ring0 code.
I tried its I1HERE ON option to break on an INT 1 in my own kernel driver, to see if it would trace in kernel code, and under VMWare it went BSOD. If it can trace ring0 it could be extremely useful, if not it may still have a few nice extended capabilities as a ring3 debugger.
There is a lot of exploring to do here. Since there is neither source nor a help file, any analysis of it here would be interesting. That also includes if anyone has the language capabilities to decipher any of the active thread and report anything useful... did I see the name Sephiroth?

After loading the sys driver, attach to a process. You can toggle into a command window with Ctrl-2 and type 'help' for a list of commands.
Regards,
Kayaker