search

vitoplantamura / BugChecker

SoftICE-like kernel debugger for Windows 11
GNU Lesser General Public License v2.1
928 stars 126 forks source link

Does this even work anymore? #12

Open KYFHO22 opened 4 months ago

KYFHO22 commented 4 months ago

I was extremely excited to see that softice had a younger sibling (just found this today). I went through all of the documentation and everything and was unable to get this even remotely close to working. Is it due to new versions of Windows 10? I am not a hardcore coder, but was able to play with SI back in the day with minimal issues.

Attached are some of the screenshots of what I have been seeing. 2024-06-04_18-57-50 2024-06-04_18-58-05 2024-06-04_18-58-16

Any help is greatly appreciated (just looking to understand if this does still work with the latest build of Windows 10, and if not, what I need to do to get it potentially working again)

vitoplantamura commented 4 months ago

hi,

It should work with the latest versions of Windows 10 and 11.

As the message suggests, have you registered MSDIA140.DLL?

Vito

KYFHO22 commented 4 months ago

Thanks for the quick reply Vito. I did not register the MSDIA140.dll before sending the email as I thought it was automatic. It does look like I've did everything, and I can get the debugger to load. The only question I have, if you are willing to answer, is how do I load the address space for a particular app? I've tried the ADDR command, but cannot seem to get it to focus on the app that I am trying to debug. ADDR will not assimilate with the PID for the specific app, nor will it work by trying to use the exe name that is running in task manager.

You've done a stellar job in making something that is SOOOOOO close to SI. I commend you for that!

On Wed, Jun 5, 2024 at 12:40 AM Vito Plantamura @.***> wrote:

hi,

It should work with the latest versions of Windows 10 and 11.

As the message suggests, have you registered MSDIA140.DLL?

Vito

— Reply to this email directly, view it on GitHub https://github.com/vitoplantamura/BugChecker/issues/12#issuecomment-2148899123, or unsubscribe https://github.com/notifications/unsubscribe-auth/BANUPMCUQEAP7K5DOL557JTZF2QDVAVCNFSM6AAAAABIZT2F3CVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNBYHA4TSMJSGM . You are receiving this because you authored the thread.Message ID: @.***>

vitoplantamura commented 4 months ago

Thank you :-)

Unfortunately MSDIA140.DLL is not redistributable, so I couldn't register it automatically.

Regarding your question, the ADDR command requires a pointer to the EPROCESS. To get this pointer, you can use the PROC command, where you can specify a search string for the process name, for example.

Vito