porting windbglib

[mrexodia]

x64dbgpylib

Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.

This is a work in progress, see the issues or contact us to find out how you can help.

The original code of windbglib is around 1800 lines. This means that the effort of a full rewrite should be small, except in cases where the underlying functionality is not yet exposed by x64dbg. Contact me if you stumble across missing functionality. I will not work on the porting myself since I have no interest in doing so. I am however available if you need assistance.

Here follows an overview of the things that have to be ported (essentially a summary of the code):

Utility functions

• [x] getOSVersion
• [x] getArchitecture
• [ ] getNtHeaders
• [x] clearvars
• [x] getPEBInfo
• [x] getPEBAddress
• [x] getTEBInfo
• [x] getTEBAddress
• [x] bin2hex
• [x] hexptr2bin
• [x] hexStrToInt
• [x] addrToInt
• [x] isAddress
• [x] intToHex
• [x] toHexByte
• [x] hex2bin
• [x] getPyKDVersion
• [x] isPyKDVersionCompatible
• [x] checkVersion
• [x] getModulesFromPEB
• [x] getModuleFromAddress

Debugger (class)

• [x] setKBDB
• [x] getKBDB
• [x] remoteVirtualAlloc
• [x] rVirtualAlloc
• [x] rVirtualProtect
• [ ] getAddress
• [x] getCurrentTEBAddress

AsmCache

• [x] fillAsmCache

Knowledge

• [x] addKnowledge
• [x] getKnowledge
• [x] readKnowledgeDB
• [x] listKnowledge
• [x] cleanKnowledge
• [x] forgetKnowledge
• [x] cleanUp

Placeholders

• [x] analysecode
• [x] isAnalysed

LOGGING

• [x] toAsciiOnly
• [x] createLogWindow
• [x] log
• [x] logLines
• [x] updateLog
• [x] setStatusBar
• [x] error

Process stuff

• [x] getDebuggedName
• [x] getDebuggedPid

OS stuff

• [x] getOsRelease
• [x] getOsVersion
• [x] getPyKDVersionNr

Registers

• [x] getRegs

Commands

• [ ] nativeCommand

SEH

• [x] getSehChain

Memory

• [x] readMemory
• [x] readString
• [x] readWString
• [x] readUntil
• [x] readLong
• [x] writeMemory
• [x] writeLong
• [x] getMemoryPages
• [x] getMemoryPageByAddress
• [x] getMemoryPageByOwner
• [x] getPageContains
• [x] getHeapsAddress
• [x] getHeap
• [x] getPEBAddress
• [x] getAllThreads

Modules

• [ ] getModule
• [ ] getAllModules
• [ ] getImageNameForModule

Assembly & Disassembly related route

• [ ] disasm
• [ ] disasmSizeOnly
• [ ] disasmForward
• [ ] disasmForwardAddressOnly
• [ ] disasmBackward
• [ ] assemble
• [ ] getOpcode

strings

• [x] readString

Breakpoints

• [ ] setBreakpoint
• [ ] deleteBreakpoint
• [ ] setMemBreakpoint

Tables

• [x] createTable

Symbols

• [ ] resolveSymbol

wmodule

• [x] wmodule class
• [x] getIssystemdll
• [ ] getSymbols
• [ ] getIATList
• [ ] getEATList
• [ ] getSectionAddress

Other classes

• [x] wtable class
• [x] wsymbol
• [ ] wpage
• [ ] Function
• [ ] opcode
• [x] wthread
• [x] wheap
• [x] LogBpHook

[OJ]

I'd love to help with this. Problem is that I have zero time :/ If someone get started, I'll see if I can pitch in along the way.

[mrexodia]

This issue was provided as a way to get started, you can pick any function/class you like and see what's required to port it.

[mrexodia]

Features from pykd that have to be ported over:

• [ ] pykd.dbgCommand
• [ ] pykd.disasm
• [x] pykd.dprintln
• [x] pykd.findMemoryRegion
• [ ] pykd.findSymbol
• [x] pykd.getCurrentProcess
• [x] pykd.getCurrentProcessId
• [x] pykd.getImplicitThread
• [x] pykd.getProcessThreads
• [x] pykd.getVaProtect
• [x] pykd.is64bitSystem
• [x] pykd.isValid
• [x] pykd.loadBytes
• [x] pykd.loadChars
• [x] pykd.loadCStr
• [x] pykd.loadDWords
• [x] pykd.loadUnicodeString
• [x] pykd.loadWChars
• [x] pykd.loadWStr
• [x] pykd.MemoryException
• [x] pykd.module
• [x] pykd.ptrDWord
• [x] pykd.reg
• [x] pykd.typedVar
• [x] pykd.typedVarList
• [x] pykd.version
• [x] pykd.ptrPtr