CFOtech Australia - Technology news for CFOs & financial decision-makers
Australia
Guides
#
artificial intelligence
#
data analytics
#
digital transformation
#
fintech
#
healthtech
Search
Story image
#
DevOps
#
APM
#
Software Development

Delving into windows CE, part 3: Introducing Team82’s open-source debugger

Thu, 10th Apr 2025
By Tomer Goldschmidt

This is part 3 of Team82's four-part series on our analysis of the Windows CE attack surface. CE is a legacy OS still found in many operational technology environments. In part 1 of this series, we wrote about simple Windows CE application development, which helped us understand the OS and further our research. In part 2, we examined Windows CE's debugger constructs.

Executive overview

Team82's vulnerability research on critical applications and devices is usually focused on commercially available, production-ready applications. This contrasts the research in part 1 of our series on the Windows CE attack surface where we developed a simple Windows CE application and debugged it.

Researching closed-source applications presents a major challenge for us when it comes to debugging; Visual Studio 2005 was the only debugger we found for Windows CE environments, however it was not built for debugging close-source applications. In part 2 of our series, for example, we provided a breakdown of the debugging constructs utilized when debugging with Visual Studio 2005. With our understanding of the constructs, we arrived at the conclusion that we are actually capable of introducing our own debugging tools that will utilize these remote debugging protocols.

In this blog, we will present our open-source debugger that allows researchers and developers to debug any Windows CE application from the comfort of your host machine. This debugger is focused on the essential components that allow a security researcher to debug and test an application for analysis and vulnerability hunting.

We invite you to download and use the debugger here.

Why use Team82's windows CE debugging client

  • It seems that as a legacy platform, Visual Studio—the main Windows CE application development environment—is also the main utility applicable for application testing. And so as we drilled down into testing such applications, we needed to invest in building a setup for our vulnerability research. We learned this is not an especially accessible platform for eager vulnerability researchers that want to test an application. Two main hurdles consumed much of our valuable research time:
    • First, was setting up an emulator/device and a Windows virtual machine capable of running older versions of Visual Studio.
    • Second was that debugging an executable without having its source code required us to patch-in a breakpoint into the tested application to enable debugging

Our debugger client enables researchers to dynamically anaylse Windows CE applications and test for security issues in them in a much easier, and more flexible manner.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Oracle's cloud boosts efficiency for construction giants
Gridsight secures $7.5m to drive global energy shift
Primer & Cleeng join forces to optimise global payments
Exclusive: AI needs developers not just data - Google Cloud
From dreams to reality: My journey into IT
Top stories
Fast moves, big change: Google Cloud on AI enabling business
EcoOnline wins top product award for sustainability tool
Money20/20 launches global fintech awards programme
Federation University enhances classrooms with Sennheiser tech
ConnectID & Caresquare partner to combat NDIS fraud