Another lie, probably put in place from MS marketing team to force the hand and make more people purchase Windows 10/11 Professional licenses: Hyper-V and Windows Sandbox can be installed on Windows 10/11 Home Edition, not just...
How to use WinDbgX workspaces to make debugging even easier. Workspaces WinDbgX workspaces (suffixed .debugTargets) are nothing more than XML files that instructs WinDbgX how to process with the current debugging session. Saved workspaces can be...
How to use Hyper-V to debug using KdCOM from 2 VMs, one debugging the other. Debuggee Follow the setup here to setup a BCD profile for KdCom in the VM. Shutdown the VM and in a privileged prompt on the host (here assigned to COM1): Set-VMComPort...
This is tiny Post-It post to remind of different ways to enumerate processes from KD: using nt!PsActiveProcessHead dx Debugger.Utility.Collections.FromListEntry( *(nt!_LIST_ENTRY*)&(nt!PsActiveProcessHead), "nt!_EPROCESS", "ActiveProcessLinks")...
Here's a simple trick that I learned from the amazing @scanlime to quickly (and universally) visualize the distribution of byte of any binary file, using the Portable Graymap Format (PGM) format. On Windows: C:\> echo P5 512 4096 255 >...