psyCK0
July 5th, 2004, 17:44
Hey all,
Well, an hour ago I sat and played with SIce and found an interesting feature - when you stop at a breakpoint it shows you where you came from (previous EIP). So I did a quick search on Google and found some info on module specific registers (MSRs) that are available in kernel mode and that allow you to get this info (among other). So I was thinking it would be pretty neat to implement this feature in a plugin for Olly. My idea is writing a kernel-mode driver that the plugin can communicate with. What do you think? Is there some other nifty way of doing it or will I for once have to use SIce for its intended purpose - debugging kernel-mode drivers that I myself have built? I know all this sounds vague, but thats because I have absolutely zero experience with ring0 stuff... So I really need some comments from more knowledgeable people (you there focht? =) ).
Well, an hour ago I sat and played with SIce and found an interesting feature - when you stop at a breakpoint it shows you where you came from (previous EIP). So I did a quick search on Google and found some info on module specific registers (MSRs) that are available in kernel mode and that allow you to get this info (among other). So I was thinking it would be pretty neat to implement this feature in a plugin for Olly. My idea is writing a kernel-mode driver that the plugin can communicate with. What do you think? Is there some other nifty way of doing it or will I for once have to use SIce for its intended purpose - debugging kernel-mode drivers that I myself have built? I know all this sounds vague, but thats because I have absolutely zero experience with ring0 stuff... So I really need some comments from more knowledgeable people (you there focht? =) ).