[NTOS:EX] HACK: on livecd, disable security features in NtSystemDebugControl

WinDBG can do some local debugging using 'windbg -kl'. In that case, WinDBG tries to directly use NtSystemDebugControl. If this function returns an error, WinDBG extracts a driver from its resources. WinDBG will send IOCTLs to this driver, and this driver will call KdSystemDebugControl. However, on livecd (where %SYSTEMROOT% is read-only), WinDBG is unable to extract the driver from its resources, and can't use the driver to call KdSystemDebugControl. As a work-around, allow all control classes in NtSystemDebugControl in case of livecd. WinDBG local debugging now also works on livecd (windbg -kl).
2024-11-23 03:23:34 +08:00 · 2024-09-22 21:43:25 +02:00 · 2024-09-22 21:43:25 +02:00 · 199d6ac256
commit 199d6ac256
parent 032e4407fa
1 changed files with 11 additions and 1 deletions
--- a/ntoskrnl/ex/dbgctrl.c
+++ b/ntoskrnl/ex/dbgctrl.c
@ -261,7 +261,17 @@ NtSystemDebugControl(
            case SysDbgWriteBusData:
            case SysDbgCheckLowMemory:
                /* Those are implemented in KdSystemDebugControl */
-                Status = STATUS_NOT_IMPLEMENTED;
+                if (InitIsWinPEMode)
+                {
+                    Status = KdSystemDebugControl(Command,
+                                                  InputBuffer, InputBufferLength,
+                                                  OutputBuffer, OutputBufferLength,
+                                                  &Length, PreviousMode);
+                }
+                else
+                {
+                    Status = STATUS_NOT_IMPLEMENTED;
+                }
                break;

            case SysDbgBreakPoint: