WinDbg

WinDbg¶

Kernel Commands¶

List Modules:

!lm

Map Physical to Virtual Address:

!pte fffff805627ea000

Patch Error for Mapping non IO space when debugger is active:

#Dissacemble MiShowBadMapper function
> u MiShowBadMapper L20
# Find mov bl,byte ptr [nt!MiState+0x1eda] and write to the pointer 
!eb fffff8010a2dc8da 2

Process Comands¶

Read from memory:

!db  fffff805627ea000

dtx nt!_IMAGE_DOS_HEADER