====== Windows Software ======

==== Windbg + Mona ====


<code bash>
Program Files (x86)\Common Files\microsoft shared\VC>regsvr32 msdia90.dll
\Windbg86>symchk /r c:\windows\system32\ntdll.dll /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
</code>

<code bash>
.load pykd.pyd
!py mona modules
!py mona config -set workingfoler c:\_c\mona

!py mona.py find -s '\xff\xe4' -m 
# ffe4 -> jmp esp

mona.py stackpivot -distance 2221,2800
# 0x0044adec : {pivot 2260 / 0x8d4} :  # MOV DWORD PTR FS:[0],ECX # ADD ESP,8D4 # RETN    ** [DevManBE.exe] **   |  startnull {PAGE_EXECUTE_READ}

</code>

==== !Exploitable ====

[[https://archive.codeplex.com/?p=msecdbg]]
[[https://blog.didierstevens.com/2018/07/17/exploitable-crash-analyzer-statically-linked-crt/]]