search

rizinorg / rizin

UNIX-like reverse engineering framework and command-line toolset.
https://rizin.re
GNU Lesser General Public License v3.0
2.71k stars 361 forks source link

Support remote connection to the WinDbg user mode #590

Open XVilka opened 3 years ago

XVilka commented 3 years ago

Currently Rizin supports remote connection to the KD interface through winkd://. There is also a support for DbgEng but only for Windows and locally.

The missing piece is the ability to connect to the remote WinDbg instance for the user mode, e.g. from Linux or MacOS machine into the Windows VM.

See https://book.rizin.re/debugger/windbg.html

s0i37 commented 2 years ago

I have tested with last commit:

rizin 0.4.0-git @ linux-x86-64
commit: 52825a7a027c47e4da5335330c9755d77ab64ca8, build: 2022-02-11__12:37:08

On remote machine:

cdp -p 1234
.server tcp:port=5005

It is doesn't work:

/rizin -a x86 -b 32 -d winkd://10.0.0.64:5005:1.2.3.4
...
Opened kdnet 10.0.0.64:5005:1.2.3.4 with fd 0x5596607bd6b0

./rizin -D winkd winkd://10.0.0.64:5005:1.2.3.4 ... Opened kdnet 10.0.0.64:5005:1.2.3.4 with fd 0x56459548f080


Each time rizin hangs. After pressing "ctrl-c" it send to remote side:

U 10.0.0.1:5005 -> 10.0.0.64:5005 #13 MDBG...x..2.h....Hp.X'i.E.......f..x..



Why rizin use UDP instead of TCP?
s0i37 commented 2 years ago

Also I've checked winkd with pipe:

qemu ... -chardev socket,id=serial0,path=/tmp/serial0,nowait,server -serial chardev:serial0

cdb.exe -p PID
.server com:port=com1
chmod 777 /tmp/serial0
rizin -a x86 -b 32 -D winkd winkd:///tmp/serial0
r2 -a x86 -b 32 -D winkd winkd:///tmp/serial0

In each case rizin/r2 hangs

XVilka commented 2 years ago

@GustavoLCR could you please take a look when you have time?