Thursday, February 15, 2007

Where to look in the registry for exe started after boot

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\Reinstall

Wednesday, February 7, 2007

_asm int 3 and __debugbreak() and DebugBreak();

C++ hardcoded debug breakpoints on Windows:

  • _asm int 3
    Not supported on Windows 64 bits architecture


  • __debugbreak(); or DebugBreak();
    Use this on Windows 64 bits


  • .