0

During my research on the random number generation API in Windows 10, I found answear by user Anders. I really like his experimental results. I expected that he use some kind of a program to obtain this information. I tried to get similar informations using windbg preview and GDB for MinGW-W64 x86_64, v.9.2. But I couldn't get anything like that. Can anyone describe or advise me how to obtain such information?

I tried to work with these APIs: CryptGenRandom, BcryptGenRandom and RtlGenRandom on Windows 10 via C language.

Marek1639
  • 11
  • 3
  • You can use WinDbg Preview https://www.microsoft.com/en-us/p/windbg-preview/9pgjgd53tn86 and/or IDA pro (there's a Free version https://www.hex-rays.com/ida-free/) – Simon Mourier Apr 25 '21 at 19:50

1 Answers1

0

As far as I can tell from reading that answer the information was obtained by taking any program that calls the APIs in question then simply stepped into the API call and then stepped into further call instructions examining the call stack each time.

I suspect you would get much better results using windbg (or likely even better with visual studio) so long as your debugger is configured to download symbol files on an as-needed basis.

Note that I have experienced times with VS where the simply step-into htkey does not work for functions that don't have source available, that I had to use the right-click menu and select the function from the "Step into specific" sub-menu.

SoronelHaetir
  • 14,104
  • 1
  • 12
  • 23
  • That's exactly what i was trying to do. Problem is i don't have option "Step into specific" after right-click on function (VS 2019). Also i downloaded and loaded .pdb symbols from MS symbol server but still no success. After all i also try to see call hierarchy of function and all calls from api is not accessible with words "The function definition could not be lacated" ... Any ideas? – Marek1639 Apr 26 '21 at 18:45
  • @Marek1639 - *call hierarchy of function* - something like [this](https://i.imgur.com/2NsR2bB.png) ? – RbMm Apr 26 '21 at 19:16
  • @RbMm exactly that i want... but i can't get it in my case and still don't know why. – Marek1639 Apr 27 '21 at 16:04