How to view the GDTR's value ?

Posted by Mehdi Asgari on Stack Overflow See other posts from Stack Overflow or by Mehdi Asgari
Published on 2010-05-05T10:58:24Z Indexed on 2010/05/05 11:48 UTC
Read the original article Hit count: 139

Filed under:

WinDbg

|

kernel

|

debugging

Hi In the book "Rootkit Arsenal" page 84 (Chapter 3) mentions:

..., we can view the contents of the target machine's descriptor registers using the command with the 0x100 mask: kd> rM 0x100

and a paragraph below:

Note that the same task can be accomplished by specifying the GDTR components explicitly: kd> r gdtr ....

I run Windbg on my Win XP (inside VMWare) and choose the Kernel Debug -> Local. My problem is in case of first command, windbg errors with:

lkd> rM 0x100 ^ Operation not supported in current debug session 'rM 0x100'

and in the second command:

lkd> r gdtr ^ Bad register error in 'r gdtr'

Can anyone guide me ?

© Stack Overflow or respective owner

Related posts about WinDbg

WinDbg .for loop

as seen on Stack Overflow - Search for 'Stack Overflow'
I am having trouble getting the WinDbg .for command to work. I would like to dump an array of c++ structs. ?? gpTranData->mpApplCodes[0] works for a single entry but I would like to loop through n of these. .for ($t0=0;$t0<(gpTranData->miApplCodeCount);$t0++){ ?? &gpTranData->mpApplCodes[$t0]… >>> More
How to break WinDbg in an anonymous method?

as seen on Stack Overflow - Search for 'Stack Overflow'
Title kinda says it all. The usual SOS command !bpmd doesn't do a lot of good without a name. Some ideas I had: dump every method, then use !bpmd -md when you find the corresponding MethodDesc not practical in real world usage, from what I can tell. Even if I wrote a macro to limit the dump… >>> More
Comparing two Object addresses in WinDbg

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there a way to know if two addresses, which are references to two objects are connected ? By connected I mean whether one of the objects holds a reference to the other object. >>> More
WinDbg remote debugger protocol

as seen on Stack Overflow - Search for 'Stack Overflow'
I'd like to build a client for dbgsrv.exe. I'd like to know if there's a spec on the protocol that it uses and if there are any (open source?) libraries that are able to communicate with it for a remote debugging session. >>> More
Silverlight SOS (Son of Strike) documenation

as seen on Stack Overflow - Search for 'Stack Overflow'
Is there any microsoft or even non-official documentation for SOS for Silverlight. Other than a few web posts I have seen zero documentation for it on MSDN. Even official documentation for the CLR version of SOS seems hard to find, this ancient article mentions a sos.htm file that is included in… >>> More

Related posts about kernel

Can't install kernel-uek-headers for currently running kernel

as seen on Server Fault - Search for 'Server Fault'
I have just created a VM in VMWare and installed a minimal install of Oracle Enterprise Linux 6.3. # cat /etc/oracle-release Oracle Linux Server release 6.3 It is running with the UEK kernel. # uname -r 2.6.39-200.24.1.el6uek.x86_64 When I try and install VMWare Tools, I get the following error… >>> More
Why does my laptop resume immediately after suspend?

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I seem to be having some problem with suspend mode. Every time I try to suspend my laptop, it just locks the screen. Or maybe it successfully suspends just to resume only an instant after. What could cause such a behaviour? I'm running 32-bit Ubuntu 12.04 with the 3.2.0-25 kernel on a HP dv5-1178er… >>> More
Fedora error log file

as seen on Server Fault - Search for 'Server Fault'
I am running a java application using this wrapper service yajsw. The problem it just stopped without any error in its logs file. So I was wondering will there be any system log file which will indicate the cause of it going down? Partial of the log file. Apr 6 00:12:20 localhost kernel: imklog… >>> More
External USB drive is failing

as seen on Super User - Search for 'Super User'
I have an external USB 2.0 drive WD My Book Mirror Edition, running in RAID 1 (mirroring) mode. A while ago the hard drive started to fail: it stops responding (directories are not listed returning an error after a big timeout). Sometimes it works for weeks before a failure, sometimes – few hours… >>> More
Problem with RAID5 (mdadm) - disk detached

as seen on Server Fault - Search for 'Server Fault'
Having these lines in /var/log/syslog Apr 18 16:53:05 Server kernel: [4487878.816036] ata4: EH in SWNCQ mode,QC:qc_active 0x1 sactive 0x1 Apr 18 16:53:05 Server kernel: [4487878.816058] ata4: SWNCQ:qc_active 0x1 defer_bits 0x0 last_issue_tag 0x0 Apr 18 16:53:05 Server kernel: [4487878… >>> More