Pouyaaa Posted December 17, 2011 Posted December 17, 2011 (edited) Hi guys .... I've started analyzing the Duqu's Driver which is gonna lead to the most of the its skeleton ... so I have no problem with static analysis but I want to debug it under windbg or IDA... so I've setup a virtual lab with vmware just like always and configured it for kernel debugging but I cannot set a Breakpoint at DriverEntry ..... so I got a nice range of memory address which is being repeated everytime but how can I set a BP on them so that I can hit it ? bu command just not working.... I have tried "on access memory bp" so ain't Any good suggestion ? Thanks Edited December 18, 2011 by Pouyaaa
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now