Windows Debugger (windbg.exe)
Installation Instructions :
Copy the correct version (x86 or x64) to your Windows Debugger winext sub-directory
You may need to explicitly load the MSEC DLL. If you installed it to the winext sub-directory, you can load
it with !load winext\msec.dll
Gives an analysis, including a proposed bug title
Gives a verbose analysis
Gives the same output as -v, but formatted for easy machine parsing
Use the JIT Exception Record to determine the exception
!ror [-n <Rotation Count> [-c] <Value>
Get the API name for hash value <Value> using rotation count <Rotation Count>. Use -c to do a reverse lookup from an API name to a hash value. Run !ror without options for examples.
!xoru [-b] <addr> [<length>] <key>
Do the Xor transformation on the buffer from address <addr> to address <addr> + <length> using the key <key> and disassemble the buffer. Use -b to leave the transformed buffer in memory. Run !xoru without options for examples. You can do other types of transformation using xora, xorui, xorua, suba, subu, adda, addu, rola, or rolu.}
End of format preservation}
The instruction set is known to be incomplete.
KERNELMODEEXCEPTIONNOTHANDLED / KERNELMODEEXCEPTIONNOTHANDLED_M does not currently differentiate between read and write access violations.