Hello gentlemen, first I would like to introduce myself. I have been learning about kernel development through school and have been looking for a decent community to be with, and this one looks pretty promising. I will try my best to always put forth educated material here and try to be somewhat of a contribution.
So I would like to say thanks to those of you in charge of this forum for creating a place for us to collaborate, share and learn.
I would like to open with a question, I am currently looking for a known method in WinDbg to find the thread id or even CID of a thread that caused an exception, an int3 to be precise.
Too get over this issue I have been writing a nasty trampoline hook to jump to my driver and retrieve the thread ID from the TEB.. but I need a real non hackerish method.
I am currently analyzing how sc.exe loads a driver into the system, so I have a breakpoint set up on NtLoadDriver (in ntoskrnl, not usermode ntdll of course). How can I see and or figure out the ID of the thread that hits here, I only know of !threads.. which enumerates all user and executive threads.
Thank you. :shock:
So I would like to say thanks to those of you in charge of this forum for creating a place for us to collaborate, share and learn.
I would like to open with a question, I am currently looking for a known method in WinDbg to find the thread id or even CID of a thread that caused an exception, an int3 to be precise.
Too get over this issue I have been writing a nasty trampoline hook to jump to my driver and retrieve the thread ID from the TEB.. but I need a real non hackerish method.
I am currently analyzing how sc.exe loads a driver into the system, so I have a breakpoint set up on NtLoadDriver (in ntoskrnl, not usermode ntdll of course). How can I see and or figure out the ID of the thread that hits here, I only know of !threads.. which enumerates all user and executive threads.
Thank you. :shock:
