i didn't even know you were allowed to debug the kernel that easily nice video!

@jedimasternoob

8 күн бұрын

Yea, this is pretty spicy info! I can see it being used for some not so good uses.

I don't think I've ever seen such a concise and easy to follow explanation of low-level stuff like this. Very, very cool!

If I remember correctly, osdev may also mention about a specific byte sequence you send or read from ps/2 keyboard in order to initiate system reboot, which is often used in hobby kernels and I guess I've even seen it in linux somewhere

@0xfadead

15 күн бұрын

Do you mean Ctrl-Alt-Delete? That was used to reboot computers in the DOS days

@komram4396

15 күн бұрын

@@0xfadead nah, there is a keycode for reboot, i have an 90s keyboard with such key and it works in modern operating systems.

@nathanielcleland6566

15 күн бұрын

@@0xfadead No, in the old days the RESET line of the x86 CPU was connected to the 8042 keyboard controller. Ctrl+Alt+Delete is just a sequence of key presses given special meaning in the OS. But if you poll port 0x64 until the controller is ready, then write 0xFE, it resets the CPU to its initial state, rebooting the system. Although this is actually how you switched out of 16 bit protected mode back into real mode on the 80286 as well (as memory stays powered, you can hook into the reset handler and skip system initialization). void reboot() { uint8_t good = 0x02; while (good & 0x02) good = inb(0x64); outb(0x64, 0xFE); halt(); }

@0xfadead

15 күн бұрын

@@nathanielcleland6566 Ah lol, didn't know about that. It makes much more sense. Thanks for the swift response!

@ktheveg

11 күн бұрын

Linux has something called "Magic SysRQ". For modern devices, you can press & hold ALT, then tap PrintScreen. This activates the SysRQ, then while holding down ALT, press B to reboot.

Reminds me when I used to do assembly in DOS. I used this port to detect a keypress instead of using the BIOS int 16h keyboard services

Very nice demonstration of debugging a remote Windows machine :)

@milk-it

10 күн бұрын

Absolutely gorgeous elucidation.

@xfxpositions

5 күн бұрын

@@milk-it indeed

Bless you man! You explained how to connect and debug Windows in 10 minutes! Always fantastic! 🥳😀

Why did they add the padding to the functions?

Nooo, windbg😢. Haha lol, its almost amazing how the app became a meme. Jokes aside, this is actually a very good video. You have earned a new subscriber.❤

thanks bro, really nice demonstration of windows driver debbuging, love it !!!!

Thanks for yet another educational vid, Nir!

As always , concise video debugging low-level code , I am really curious how have you come about learning "low-level computing" and how have yoi built the experience ? was it Computer architecture courses at Uni orworking somewhere where you were involved in that field ?

this is what we need in this community!!

Thanks for this, TIL OS dev wiki.

I would recommend making a video about hypervisor internals

Smart.... Brains.... (Bugs Bunny reference 😄). Awesome work! Cheers🥂

That's awesome! I'm wondering though why when the cmp instruction was set the address jumped from ...64 to ...68? It doesn't seem like the instruction is using any large values to fill up what I presume is 32 bytes (ig each address can store 8 bytes but please correct me if I'm wrong).

@b4ttlemast0r

15 күн бұрын

I think each address just refers to a single byte (the address itself is what's 64-bits)

@ahmadshami5847

15 күн бұрын

@@b4ttlemast0r yeah idk maybe that could something related to the OS kernel or maybe even the hardware itself. But still even then it doesn't make sense for me that a compare instruction would require 4 bytes if that's the case.

@nirlichtman

15 күн бұрын

The cmp instruction took in total 4 bytes even though we are in 64 bit, since the jump in this case is relative and not absolute so the machine code doesn't need to store the entire 8 bytes of the memory address

@ahmadshami5847

15 күн бұрын

hmmm... okay, I must say I'm still kinda new to low level machine stuff, but that's fascinating. So what I understood is that the cmp instruction could make use of those 4 addresses but it didn't so it just skipped them, right?

@nirlichtman

15 күн бұрын

@@ahmadshami5847 could you elaborate what exactly you mean?

Awesome video bro

this is cool

You can create enigma codes with this.

fantastic!

subscribed forever

I did engineering work where I had to do alot of copying and pasting, well the ctrl+c failed alot and didnt know if I copied or not.. so made a program that would listen to my keyboard and show green in taskbar if I pressed ctrl+c or ctrl+v(paste) lol... and it helps.. well I student at university I was reminded him saying that they make ctrl difficult to press as in previous gaming it could be pressed with other buttons that disrupt the gaming so you really need to press it hard, my current laptop didnt needed a hard ctrl press but now it does for copy and paste what a shame... and if the manifacturers are really doing that to people do stop that garbage and make the press easier even for ctrl...

This is super fascinating! I have a bit of experience with x64 assembly but I don't really know how drivers work. I always wondered what the kernel debugging was for and if we can use it. Can we also debug the kernel of an installation on itself without a VM?

@nirlichtman

11 күн бұрын

Local kernel debugging is possible but it won't have all the abilities that you have when you do remote kernel debugging ( learn.microsoft.com/en-us/windows-hardware/drivers/debugger/performing-local-kernel-debugging ), BTW you can also debug another physical computer, it doesn't have to be a VM

@teamredstudio7012

10 күн бұрын

@@nirlichtman Wow! Thanks! I'm gonna have some fun with this!

Neat! Maybe cleaner to jne over the increment and have them both use the same ret, no? xD

@nirlichtman

10 күн бұрын

Nice, thats a good idea :)

I hear "screw up" - I watch video until the end🗿

This is next level shit. I love it.

Is there a point to it ? No. Does it make it more interesting? Yes

1:02 whats the other driver then?

@Hallilo

15 күн бұрын

the ps2 keyboard driver is responsible for reading the hardware level data from the I/O port, kbdclass is a higher level driver that communicates with the ps2 driver and gives some consistency to the os with abstraction (correct me if im wrong)

Something tells me the peanuts in MS support aren't exactly diving this deep into your issue when you call Microsoft for support 🤣

it's a good video with simple explanation but i hope that you do a video about the execution flow and the pe/mz format it's weird format to me. elf is easy understandable. but windows has weird executables they store charachters as if they were 16bit not 8bit and things like that....

@mikeuk1927

9 күн бұрын

It's just UTF-16, it's not that bad. Buy yeah, PE is kind of weird, too complex for my liking

you don't see this type of content anywhere on youtube

cool - i wonder if malware could abuse windows Debugging on a windows VM

How to remap Copilot key to R Ctrl key on newer windows laptops? Custom drivers or registry hacks? PowerToys works but doesn't work on all apps.

@mertemr

15 күн бұрын

you can use autohotkey.

@fluffball1415

10 күн бұрын

Can remap it in the registry, that'll work in administrator level applications.

I’ve noticed one thing, you seem to press pretty danged hard on keys and buttons every now and again.

Screw up some linux stuff next, please.

@_lun4r_

15 күн бұрын

The screwed up keyboard for Linux already exists, check the videos

@gokul2003g

15 күн бұрын

@@_lun4r_ ooh 👍

@vlc-cosplayer

10 күн бұрын

You can't scam people into getting tech support if you break Linux!

yay, i am first

Can you stop ending 99% of sentences with a high note?