Skip to content
Fetching contributors…
Cannot retrieve contributors at this time
executable file 75 lines (55 sloc) 2.64 KB
draft toc comments categories tags title wip snippet
Reverse engineering
WinAppDbg Notes


Main guide is here:

32-bit and 64-bit Python

Generally you want to debug 32-bit applications in 32-bit Python. You can have both of them together on one machine. When installing the 2nd Python, uncheck register extensions in the installer. On a VM it does not really matter because you can install/uninstall Python 32 and 64 bit versions at will.


Pip installed version 1.5.

To get 1.6, we use the github repo at Clone and run install.bat.

According to the installation documentation we may benefit from additional software.

Has installers for the rest.


This is what I want:

from winappdbg.win32 import *

# Create a snapshot of the process, only take the heap list.
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPHEAPLIST, pid )
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.