muzlightbeer

The Windows Debugger (WinDbg) for Linux users

The following provides commands for getting started with WinDbg if you've come from a Linux only background and have only used GDB and LLDB.

VMware Fusion and VHD images

Some Windows operating system trials come as virtual hard disk (VHD) images, that state Hyper-V is required to use them. With macOS and VMware Fusion (at the time of writing, VMware Fusion 12.1.2), you can drag the executable files into VMware (the same as with ISO images) and install them normally. No subscriptions are required to obtain access to a DVD or ISO image if you do not have a system that uses Windows as the base operating system.

Microsoft symbols

muzlightbeer

Setting Breakpoints without Symbols

Address Space Layout Randomisation and PIE can change where an application is loaded into memory each time it is run. If you do not have symbols, this makes it harder to set breakpoints as you will not know the addresses (such as for a crash in a particular function) ahead of time because they will have changed since the last run.

On macOS, disable SIP before proceeding, otherwise debugging will not work.

As an example, a user in a Linux guest may perform a hypothetical action that results in the following hypothetical vulnerability in the VMware vmware-vmx process that is running on the host operating system:

Process 642 stopped

muzlightbeer

Findings Bugs with SystemTap

SystemTap lets you view and modify a running Linux kernel. For in-depth information, refer to Don Domingo's Red Hat Enterprise Linux SystemTap Beginners Guide.

Installation

On Fedora 33:

sudo dnf install systemtap systemtap-runtime kernel-devel