Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have used both, and the win32 API, debugging or otherwise, have often left me baffled and short-changed. Our argument will ultimately break down to source code and its availability. There is also the difference in uses of debugging on win32 vs unix: one is often adversarial while the other is cooperative. It's easy to debug a willing process on Unix and get all the information you want, while in Windows it's easy to debug any process and get as much information as you could.

I know ptrace is horribly broken, and so is the entire GNU debugging chain, down to libopcodes. I haven't touched it since '02 when I went full Lisp, but I had many a nightmare debugging a process that forked other children. The mess got worse with LinuxThreads.

As for rootkits on Unix, you're the security guy, I will let you pretend removing a Unix rootkit is the same as removing a win32 one :-)

And finally, remember that it wasn't long ago that any good Windows debugger had to load under the OS. And by a good debugger I don't mean Immunity or Olly :-)



So basically your whole argument just unraveled.

Immunity is Olly.

No Unix debugger as powerful as SoftICE exists that doesn't run "under" the OS; that's the point of SoftICE.

Normal people don't debug with SoftICE. Even kernel developers use kd to debug driver code. You done much kernel debugging with gdb? Oh, here's a fun one: debug a running OpenBSD 2.x kernel. Hope you enjoy /dev/kmem.

You're the whatever-you-are. I'll let you pretend that disinfecting a compromised running kernel is feasible anywhere.

Sorry. I'm sure you're a great guy and you've had lots of experience doing interesting things, but I think you're just dead wrong here, and --- all due respect --- now you're just blowing smoke to cover it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: