search

dshikashio / Pybag

Python module for Windbg's dbgeng plus additional wrappers.
MIT License
59 stars 16 forks source link
dbgeng debugging debugging-tool python reverse-engineering windbg windows

readme

Pybag

Python bindings for Microsoft DbgEng

Pybag provides helper functions on top of Python bindings for Microsoft Debug Engine to facilitate Windows native debugging.

Build Master

Installation

Windows:

Install the Debugging Tools from the Windows SDK here: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/ Note that neither of the versions of WinDbg from the Microsoft App Store nor the stand-alone installer are currently supported.

python setup.py install

Usage example

Use Python's repl as a command shell if desired. Ctrl-c will break-in to the debugger if you are in a wait() call.

Local user debugging

from pybag import *

def handler(bp, dbg):
    print("*********** BREAK")
    return DbgEng.DEBUG_STATUS_GO

dbg = UserDbg()
dbg.create("notepad.exe")
dbg.bp("Kernel32!WriteFile", handler)
dbg.go()

Remote user debugging

from pybag import *

def handler(bp, dbg):
    print("*********** BREAK")
    return DbgEng.DEBUG_STATUS_GO

dbg = UserDbg()
d.connect("tcp:server=192.168.1.10,port=5555")
dbg.create("notepad.exe")
dbg.bp("Kernel32!WriteFile", handler)
dbg.go()

Remote kernel debugging

from pybag import *

k = KernelDbg()
k.attach("net:port=50000,key=1.2.3.4")

Release History

Meta

Distributed under the MIT license. See LICENSE for more information.

https://github.com/dshikashio