Setting user mode break points from KD aka .process /i vs .process /r /p

debug When performing KD(Kernel Debugging) in Windows with Windbg if you have to set a break point in a user mode process we should always use .process /i address; g; .reload /user. Lot of good content is written on the internet on this command, but nothing seemed to explain why this command should be used instead of the familiar .process /r /p address. I would like to shed some light on this. Before reading any further I would strongly encourage you to read about it from above link. In this article I assume some basic knowledge on how kernel debugging is done with Windbg. Also, I would like to start with the following question.

If the debugger has read/write access to the user mode process via .process /r /p why cannot it insert int 3 in user mode process when performing KD? Why do we have to make the user mode process the current process context by running .process /i ?

Read on →

How does breakpoints work in debuggers?

debugIt’s been a while, I have got a chance to blog about low-level stuff. In this article, I am going to explain how breakpoints work in debuggers. I am assuming the reader is already familiar with “what a breakpoint is?” and how to set it in your debugger of choice. The goal of this post is to explain the interplay between Debugger, Debuggee, Operating System and the CPU.
Read on →

A newbie’s introduction to compilers and reverse engineering

gccegg-65Compilers are surely the complex programs of all times. Even today, writing a compiler with minimum set of tools is considered to be challenging. This tutorial scratches the surface of different compiler phases involved in translating a given source code to executable and also shows how this information is useful in context of reverse engineering. I tried my best not to confuse the reader with too much of jargon, and help any newbie to get up to the speed.
Read on →

What does it take to write an emulator in Java?

I am proud, This weekend I did some productive work. I was able to code Chip 8 emulator in Java over a night 😉 I have always been fascinated by them and finally I was able to get the damn thing to work! For those of you who are not familiar with software emulator, It is a software which can emulate the functionality of other hardware or software components. Notable examples are video game emulators(Dosbox/NES Emulator), general purpose software emulators(QEmu)

Read on →

The rationale behind Java Lambda/Closures

courtesy of blog.takipi.com

In this article I would like to talk about the design choices behind Java’s most awaited language feature Lambdas/Closures. Its no secret that Java 8 now provides the support for lambda functions more precisely closures. But interestingly the implementation and usage of Java closures differs significantly compare to other modern programming languages. There is already a ton of information written on the this subject. So in particular, I would like to provide some thoughts on
Read on →

Why does Java support multiple inheritance only with interfaces?

As many of us know Java does not support inheriting from multiple classes and it does support inheriting from multiple interfaces. The less known fact is, what made Java designers to make this choice. In this article I would like to provide my understanding of the issues encountered and the trade offs taken when multiple inheritance is allowed at class level.
Read on →

How to configure QEMU and Linaro toolchain for ARM development?

qemu-logo-thumbFundamental to any kind of development are compilers and the underlying platform. Compiler  transforms our code into underlying platform and the platform itself is to run the compiled executables. This is also true in case of embedded development. But unlike normal desktop environment we cannot develop a program on an embedded development device because of various limitations of the device. Instead, What we do is write the program on our desktop(X86) and cross compile it for the required target platform. This effectively accomplishes the job of first component, But to run the cross compiled binary we do need the second component, that is, the target platform itself. Earlier, embedded developers had no choice other than using the real developement devices to test their cross compiled binaries. But with the help of QEMU, now we can emulate, most of todays popular target platforms.  The main theme of this post is to set up the above said components for ARM developement.   

Read on →