Debugging Nt!KiSystemStartup Using IDA, WinDbg, and VMware
KiSystemStartup is the entry function of the kernel module nt. If you want to debug this function, simply using WinDbg and VMware won’t work (or I don’t know how to do it). Below, I will introduce how to use IDA’s GDB debugging feature in conjunction with WinDbg to debug KiSystemStartup. (Only for X64 environment) 1. … Read more