Skip to content

ReverseWarrior/IUM-Debugger

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
IUM-Debugger
IUM-Debugger
 
 
LiveCloudKd.v3.2.0.20260304-release
LiveCloudKd.v3.2.0.20260304-release
 
 
images
images
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

The IUM Debugger

I created this tool to be able to debug processes running in the Isolated User Mode of VTL 1.

Instructions

  1. Download the latest version of LiveCloudKd (Included in the repository).
  2. Install WinDbg, then copy all files from LiveCloudKd to C:\Program Files (x86)\Windows Kits\10\Debuggers\x64
  3. Install the VC runtime library x64 version
  4. Register the ExdiHvSrv.dll library from LiveCloudKd regsvr32 "C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\ExdiHvSrv.dll"
  5. Execute Set-VMProcessor -VMName YourVMName -ExposeVirtualizationExtensions $true
  6. Copy the file C:\Windows\System32\securekernel.exe from the virtual machine to: C:\Program Files (x86)\Windows Kits\10\Debuggers\x64 and the same directory as the IUM-Debugger executable.
  7. After the virtual machine has started, launch the IUM-Debugger. If the base address of securekernel.exe is displayed, the process completed successfully.

Debugging the LsaIso.exe process

About

Patching the Secure Kernel to enable debugging of VTL1 Isolated User Mode

Resources

Readme
Activity

Stars

6 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages