flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.
Switch branches/tags
Nothing to show
Clone or download
spresec Merge pull request #4 from drstrng/get_module_exports_bug
fall back to module image if memory read fails
Latest commit 1cdb4bd Oct 5, 2017

README.md

Introduction

flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.

Installation/setup

  1. Install the pykd windbg extension from: https://pykd.codeplex.com/releases
  2. Download the Bootstrapper dll.
  3. Add the Bootstrapper pykd.dll file into your winext directory. Something like %ProgramFiles%\Debugging Tools for Windows\winext.
  4. Install the latest 0.3.x version of pykd using pip install pykd.
  5. Ensure you can import pykd from within windbg: .load pykd.
  6. Install winappdbg
  7. pip install winappdbg
  8. Setup vivisect
  9. Install vivisect using one of the following options: 1. Install source using pip: pip install https://github.com/williballenthin/vivisect/zipball/master 2. Download and extract upstream vivisect and set PYTHONPATH to the extracted directory.
  10. Ensure you can import vivisect from a python shell: import vivisect.
  11. Setup flaredbg
  12. Install flaredbg using setup.py

Running scripts

There are two options for running scripts:

  1. Create a script directory and set PYTHONPATH to the newly created script directory and add your scripts here.
  2. Copy scripts to the root of your windbg directory. Something like: %ProgramFiles%\Debugging Tools for Windows\. Once your script path is setup, scripts are run from the windbg console as follows:
> .load pykd
> !py <script_name>

Installing and running plugins

The recommended way to install scripts is to add the plugins directory of this project to your PYTHONPATH. Another option is to follow the second option described above in the Running scripts section. Simply copy the plugin scripts to the root of your windbg directory.