Skip to content

saaramar/nl_windbg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
basic_example.png
basic_example.png
 
 
basic_funcs.py
basic_funcs.py
 
 
chunk.py
chunk.py
 
 
constants.py
constants.py
 
 
memory.py
memory.py
 
 
nl_windbg.py
nl_windbg.py
 
 

Repository files navigation

nl_windbg

nl_windbg is a very basic library that implements some functionalities for Windows kerel debugging. It helps you look at the Nonpaged Pool memory managments stuctures (lookasides, freelists, bitmap), examine pool shapes, set convenient traces on functions, and execute shellcodes.

Usage

alt text

nl_windbg use pykd as base interface. For that, you'll have to setup pykd on your host. The usage is simple:

kd> .load pykd.pyd

kd> !pycmd

>>> from nl_windbg import *

NOTE

I implemented a little chunks, pte and pde parsering, although of course I personally use !pool, !pte, etc. It was just on the way.

About

Base library for Windows kernel debugging

Resources

Readme

License

GPL-3.0 license
Activity

Stars

6 stars

Watchers

4 watching

Forks

6 forks
Report repository

Releases

No releases published

Packages

 
 
 

Languages