This repository contains the materials created for the workshop "Tips & Tricks for better debugging with WinDbg", at REcon 2024.
The workshop materials aims to provide useful features for WinDbg, when debugging in kernel-mode, but whose concepts can very well be applied to user-mode debugging.
To easily setup a KdNet environment, it is possible to:
bcdedit /dbgsettings
Enable-WindowsOptionalFeature -All -Online -LimitAccess -FeatureName Microsoft-Hyper-V # optional
Enable-WindowsOptionalFeature -All -Online -FeatureName Containers-DisposableClientVM # optional
CmDiag.exe DevelopmentMode -On
CmDiag.exe Debug -on net hostip $LocalHostIP key 1.2.3.4
bcdedit /set {current} debug on
)The slides from the workshop are available here:
A WinDbg cheatsheet can also be found here:
The folder Demos
hold some code developed as part of and illustrated during the workshop.
The workshop finished on a challenge, containing a TTD trace which can be opened using WinDbg. The task consisted in discovering what was being done during the TTD session, and answering (among others) to the following questions:
All steps can (should) be entirely under WinDbg.
The solution script can be found in the same folder.
This repository will be left on Github, but archived. If you have questions, feel free to reach out to me on Twitter/X, or Discord