locked
SMB Winbdg investigation RRS feed

  • Question

  • I'm interested in learning the internals of the CIFS and SMB protocols. In conjunction with the debug target I'm capturing filtered network traffic. Upon hitting one of the above bp. How can I investigate the parameters to the method? Should i be looking at the esp or should I step in to the execution on the processor on the the ebp points to the address of the method?

    I have searched NT Debug blog but there are no really detailed demo's of the CIFS/SMB internal via windbg. 


    dblk

    Tuesday, December 10, 2013 5:25 AM

Answers