print eax,ecx,edx,byte ptr ds:[eax],hex 403000
.print eax,ecx .next command (.ti,.to,.si,.so,.run)
added one more command loaddll on the commandline type loaddll "your_dll" (dll should be in search path) or loadlll fully qualified path to your dll (path length <= MAX_PATH) to load any dlls in debugees process space a sample usage attaching piotr banias efilter.dll to an arbitrary process 10000000 Module C:\WINDOWS\DESKTOP\EFILTER.DLL 10001234 Debug string: [*] Efilter by Piotr Bania <http://pb.specialised.info> is now loading 1000125F Debug string: [*] Efilter: Attached to WIN.EXE - pid: 0xFFF8C575 10001266 Debug string: --------------------------------------------------------------------- BFEE0000 Module C:\WINDOWS\SYSTEM\NTDLL.DLL 00401000 Program entry point Loaded c:\windows\desktop\efilter.dll
There are 31,320 total registered users.
[+] expand
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}