Contents

The Windows Boot Loader ] 78

Initializing the Executive 181

The Session Manager 182

Wininit.exe 1 84

Winlogon.exe 184

Boot Process Recap 185

4.8 Design Decisions 186

Hiding in a Crowd: Type 0 188

Active Concealment: Type I and Type II 188

Jumping Out of Bounds: Type III 190

The Road Ahead 191

Chapter 5 Tools of the Trade ........ .. . . ... . 193

5.1 Development Tools 193

Diagnostic Tools 194

Disk-Imaging Tools 195

For Faster Relief: Virtual Machines 196

Tool Roundup 197

5.2 Debuggers 198

Configuring CDB.exe 201

Symbol Files 201

Windows Symbols 202

Invoking CDB.exe 203

Controlling CDB.exe 204

Useful Debugger Commands 205

Examine Symbols Command (x) 206

List Loaded Modules (Im and !Imi) 207

Display Type Command (dt) 209

Unassemble Command (u) 209

Display Commands (d*) 210

Registers Command (r) 212

5.3 The KD. exe Kernel Debiigger 212

Different Ways to Use a Kernel Debugger 212

Physical Host-Target Configuration 215

Preparing the Hardware 215

Preparing the Software 218

Launching a Kernel-Debugging Session 219

ix