windbg remote dbg

a.Find the PID for LSA via tlist.exe

b. C:\Program Files\Debugging Tools for Windows>dbgsrv.exe -t tcp:port=1234,password=spat

c.Run this command to attach to LSA on the remote machine.

I:\debugger>windbg.exe -premote tcp:server=192.168.1.102,port=1234,password=spat -p 596 — where 596 = PID of LSASS

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s