2. Setup the Debugging Symbols<\/p>\n\n\n\n
- computer – properties – advanced system settings – emvironmental variables<\/li>
- create a sys variable<\/li>
- Variable Name: _NT_SYMBOL_PATH<\/strong><\/li>
- Variable Value: SRV*C:\\Symbols*https:\/\/msdl.microsoft.com\/download\/symbols<\/em><\/li><\/ul>\n\n\n\n
3. Enable Debugging in BCD<\/p>\n\n\n\n
Run CMD as administrator and type the followings<\/p>\n\n\n\n
- bcdedit \/copy<\/strong> {current} \/d “Win7Dbg”<\/li>
- bcdedit \/debug {…………} on <\/li>
- bcdedit \/dbgsettings<\/li><\/ul>\n\n\n\n
4. Create the Debugee VM<\/p>\n\n\n\n
- power of the debugger VM<\/li>
- create a linked clone<\/li><\/ul>\n\n\n\n
5. Enable Serial Ports on Vmware <\/p>\n\n\n\n
- go to Library, right click, press Option, edit the config file<\/li><\/ul>\n\n\n\n
Add Device – Serial Port<\/p>\n\n\n\n
** note that I use VMware Fusion on my mac and you can edit the config file by clicking the Option key with right click in VMware library<\/p>\n\n\n\n
- serial0.present = “TRUE”<\/li>
- serial0.fileType = “pipe”<\/li>
- serial0.fileName = “\/tmp\/serial”<\/li>
- serial0.pipe.endPoint = “server”<\/li><\/ul>\n\n\n\n
<\/p>\n\n\n\n
- serial0.present = “TRUE”<\/li>
- serial0.fileType = “pipe”<\/li>
- serial0.fileName = “\/tmp\/serial”<\/li>
- serial0.pipe.endPoint = “client”<\/li><\/ul>\n\n\n\n
![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/debugger-vmx.png\")
<\/figure>\n\n\n\n6. Start the Debugger Machine<\/p>\n\n\n\n
Debugger machine – start normally (without the debugger mode)
Go to WinDBG – File – kernel debug – COM<\/p>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/Screenshot-2021-12-20-at-16.25.41.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/Screenshot-2021-12-20-at-16.26.13.png\")
<\/figure>\n\n\n\n7. Start the Debuggee Machine<\/p>\n\n\n\n
Choose Win7DBG – debugger enabled
Check the debugger machine again for such screen<\/p>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/Screenshot-2021-12-28-at-16.02.15-1024x602.png\")
<\/figure>\n\n\n\nHit Break button to get an interactive >kd prompt<\/p>\n\n\n\n
let’s check if the symbols were loaded correctly:<\/p>\n\n\n\n
!sym noisy
.reload<\/p>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/Screenshot-2021-12-28-at-16.04.27-1024x536.png\")
<\/figure>\n\n\n\n8. Download HEDV and OSR Driver Loader<\/p>\n\n\n\n
Load the driver on debugee VM
\u2022 choose the driver path
\u2022 set Service start: Automatic
\u2022 Register Service
\u2022 Start Service<\/p>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/Screenshot-2021-12-28-at-16.09.43.png\")
<\/figure>\n\n\n\nCheck on the debugger machine to see if the driver is loaded<\/p>\n\n\n\n
lm m H*<\/p>\n\n\n\n
![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/Screenshot-2021-12-28-at-16.40.07.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/areyou1or0.it\/wp-content\/uploads\/2022\/05\/Screenshot-2022-04-14-at-17.44.46-1024x540.png\")
<\/figure>\n","protected":false},"excerpt":{"rendered":"There will be few setup steps we need to follow before we jump into the Kernel Exploitation: Install Windows x86 in VM Install WinDBG 2. Setup the Debugging Symbols computer – properties – advanced system settings – emvironmental variables create a sys variable Variable Name: _NT_SYMBOL_PATH Variable Value: SRV*C:\\Symbols*https:\/\/msdl.microsoft.com\/download\/symbols 3. Enable Debugging in BCD Run CMD as… Continue reading HEVD Windows Kernel Exploitation 1 \u2013 Setup the Environment<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[21],"tags":[],"_links":{"self":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/226"}],"collection":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/comments?post=226"}],"version-history":[{"count":4,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/226\/revisions"}],"predecessor-version":[{"id":255,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/posts\/226\/revisions\/255"}],"wp:attachment":[{"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/media?parent=226"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/categories?post=226"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/areyou1or0.it\/index.php\/wp-json\/wp\/v2\/tags?post=226"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
- go to Library, right click, press Option, edit the config file<\/li><\/ul>\n\n\n\n
- Variable Value: SRV*C:\\Symbols*https:\/\/msdl.microsoft.com\/download\/symbols<\/em><\/li><\/ul>\n\n\n\n