NTSD

A windows command-line debugger: ntsd. It is very handy as a tool for hacker. http://fenchose.pixnet.net/blog/trackback/4625323c54/3239458 To attach a process to ntsd debuger: > ntsd -p PID Once that process is attached to ntsd, if you want the process to continue run after breakpoint, type: > g (Meaning GO) To see the opcode for the corresponding assembly language, type: > u (Meaning UNASSEMBLE!) Where you can look up PID for a particular process by typing: > tasklist That is about it :)