PDA

View Full Version : using syser, annoyed with threads


peterius
07-30-2008, 07:50 PM
Hi,
I'm trying to reverse a network protocol and I heard syser is sort of the new softice so I downloaded it and I'm okay with it so far except that its doing this thing that I don't remember softice doing.

Maybe I'm offbase here and I don't have the kernel one installed just the free app one, but it keeps pulling me out of the app into the kernel thread code. Its incredibly annoying and I don't remember softice doing that, I thought it kept some module stored someplace and checked that before it stepped out as the threads changed.

So honestly I haven't done this in a few years, but I'm wondering if anyone knows how to tell syser to only walk through one module, if there's some "table" command for that or something or if what I'm trying to do isn't possible or if I need to have the full kernel debugger installed before it will ignore thread changes.

Thanks.

peterius
07-30-2008, 09:09 PM
Okay, I should have known this. I thought the free win32 debugger on the website was too good to be true and I couldn't quite convince myself of how it was working, now I realize that, of course, it can't handle the changing threads and I installed the trial version of the kernel debugger and things work as I expect except for some BSODs, but anyway, nevermind.