WinDbg - security and forensics usage wiki

windows
forensics
offdev
Tags: #<Tag:0x00007f533874f990> #<Tag:0x00007f533874f6c0> #<Tag:0x00007f533874f3a0>

#1

WinDbg is power

##Summary:

SwishDbgExt - swish through memory

This is a very useful debugging extension for Malware Analysis and Memory Forensics.

Corelan's Mona - exploit development helper

For me it works on Windows 8.1. I needed to register the msdia90.dll for 64 bit as well.

Microsoft Bang exploitable on Windows 8.1+

The installation is straight forward. You can just drop the DLL somewhere.

I put it in C:\windbg\msec.dll to be able to remember the path to load the DLLs.

If you are missing the appropriate Visual C++ dependencies the .load command will fail for !exploitable.

0:000> !load C:\windbg\MSEC.dll
The call to LoadLibrary(C:\windbg\MSEC.dll) failed, Win32 error 0n126
"The specified module could not be found."

Themes for WinDbg

I am a grey theme person, as you might be able to guess by surfing my web site. Like newspaper… easy on the eyes and proven for centuries.

Kamel Messaoudi has kindly exported his settings. I tweak mine to be similar to the Coding Horror 2010 style.

Version history

19.05.2017 - just moved the draft to the public wiki