search

bootleg / ret-sync

ret-sync is a set of plugins that helps to synchronize a debugging session (WinDbg/GDB/LLDB/OllyDbg2/x64dbg) with IDA/Ghidra/Binary Ninja disassemblers.
GNU General Public License v3.0
2.02k stars 256 forks source link

IDA+windbg: mod request has no match for ntkrnlmp.exe #120

Open spokeex opened 4 months ago

spokeex commented 4 months ago

Connection between windbg extension and ida plugin is made successfully. Cannot set breakpoints, because "idb isn't enabled".

The only warning/error message I see in IDA, is "[sync] << broker << dispatcher msg: mod request has no match for ntkrnlmp.exe"

I'm attempting to debug a driver that has ntoskrnl imports, so maybe it has something to do with that.

Using IDA home 8.4.

EDIT: I'm able to start a session with ntoskrnl.exe idb loaded. Then retsync seems to work. I'm still wondering how I can also load the driver Im interested in, into IDA and have that work. I still have to try https://hex-rays.com/blog/several-files-in-one-idb/.

luke0x90 commented 2 months ago

Have a look at the readme: https://github.com/bootleg/ret-sync/blob/master/README.md?plain=1#L179

[ALIASES]
ntoskrnl_vuln.exe=ntkrnlmp.exe