Releases: therealdreg/ida_bochs_windows
Releases · therealdreg/ida_bochs_windows
v1
Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger
https://github.com/therealdreg/ida_bochs_windows
GNU General Public License v3.0
By Oleksiuk Dmytro (aka Cr4sh)
Twitter @d_olex
http://blog.cr4.sh
[email protected]
https://github.com/Cr4sh
Mod by David Reguera Garcia aka Dreg
Twitter @therealdreg
https://www.fr33project.org
[email protected]
https://github.com/therealdreg
2022/07/31 by Dreg
- project renamed to ida_bochs_windows.py
- ported to python3
- ported to idapython 7.4:
- send_dbg_command('sreg') to get IDT address
- added ida_kernwin.open_segments_window(0) and ida_kernwin.open_names_window(0)
- fixed bug in get_unistr with len
- code style fixed using black
- added changelog
- added some prints
- set all segments with +rwx
- lincense GNU General Public License v3.0
- comestic changes (new header...)
- ported to new pdb: netnode using $ pdb + altset 0 + supset 0
- black list, white list mode
- import new ida modules for inteli
- tested:
- hosts: windows 10.0.19044 Build 19044
- ida pro 7.7, idapython 7.4
- targets: windows xp sp3 x86
- bochs debugger 2.7
Features:
- Enumerating loaded kernel modules and segments creation for them.
- Loading debug symbols for kernel modules.
Based on original vmware_modules.py from Hex Blog article: http://www.hexblog.com/?p=94
Changes:
- Changed nt!PsLoadedModuleList finding algo, 'cause using FS segment base
for this -- is bad idea (FS not always points to the _KPCR). - Added complete support of Windows x64.
- Fixed bugs in .PDB loading for mdules with the 'non-canonical' image path.
for inteli: set ENV VAR PYTHONPATH=C:\Program Files\IDA Pro 7.7\python\3
Contributors
therealdreg