How to debug Windows services with Windbg

Hi all, If you want to know how to debug a Windows service, the following article will be of great assistance: How to debug Windows services. I suggest you read this article before you continue reading this post. Also, you should have Debugging Tools for Windows installed in your machine; the tools I’ll mention (windbg.exe, cdb.exe,…

1

How to trace CryptoAPI calls (2)

Hi, welcome back, Let’s try to understand a bit better what’s going on my CryptoAPI Tracer script.  Let’s take a look to one of the most important breakpoints I set on a CryptoAPI function: bm Advapi32!CryptAcquireContextW “.printf \”\\n>>>>>>>>>>>>>>>>>>>>>>\\n\\nCryptAcquireContextW (%#x)\\n\”, @$tid;    .echo;.echo IN;    .echo pszContainer; .if(poi(@esp+8)=0) {.echo NULL} .else {du poi(@esp+8)};    .echo;.echo pszProvider; .if(poi(@esp+c)=0) {.echo NULL} .else…

2

CryptoAPI Tracer script

Hi, welcome back, As I promised in my previous post, How to trace CryptoAPI calls, I’m posting the complete script I’m developing to trace all CryptoAPI calls being made by an application. This script shows the In & Out parameters being passed to the API, the result of calling the API, and in case of error,…

4

How to trace CryptoAPI calls

Hi, welcome back, An application may use CryptoAPI without us developers realizing it. Security classes in .NET Framework use CryptoAPI behind the scenes. CAPICOM.dll uses it, too. The issue appears when the API returns an error which can help us to find the real cause of the issue, but the code calling it captures the…

0