porting windbglib #1

Open
mrexodia opened this Issue Dec 20, 2016 · 2 comments

Projects

None yet

2 participants

@mrexodia
Member
mrexodia commented Dec 20, 2016 edited

x64dbgpylib

Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.

This is a work in progress, see the issues or contact us to find out how you can help.

The original code of windbglib is around 1800 lines. This means that the effort of a full rewrite should be small, except in cases where the underlying functionality is not yet exposed by x64dbg. Contact me if you stumble across missing functionality. I will not work on the porting myself since I have no interest in doing so. I am however available if you need assistance.

Here follows an overview of the things that have to be ported (essentially a summary of the code):

Utility functions

  • getOSVersion
  • getArchitecture
  • getNtHeaders
  • clearvars
  • getPEBInfo
  • getPEBAddress
  • getTEBInfo
  • getTEBAddress
  • bin2hex
  • hexptr2bin
  • hexStrToInt
  • addrToInt
  • isAddress
  • intToHex
  • toHexByte
  • hex2bin
  • getPyKDVersion
  • isPyKDVersionCompatible
  • checkVersion
  • getModulesFromPEB
  • getModuleFromAddress

Debugger (class)

  • setKBDB
  • getKBDB
  • remoteVirtualAlloc
  • rVirtualAlloc
  • rVirtualProtect
  • getAddress
  • getCurrentTEBAddress

AsmCache

  • fillAsmCache

Knowledge

  • addKnowledge
  • getKnowledge
  • readKnowledgeDB
  • listKnowledge
  • cleanKnowledge
  • forgetKnowledge
  • cleanUp

Placeholders

  • analysecode
  • isAnalysed

LOGGING

  • toAsciiOnly
  • createLogWindow
  • log
  • logLines
  • updateLog
  • setStatusBar
  • error

Process stuff

  • getDebuggedName
  • getDebuggedPid

OS stuff

  • getOsRelease
  • getOsVersion
  • getPyKDVersionNr

Registers

  • getRegs

Commands

  • nativeCommand

SEH

  • getSehChain

Memory

  • readMemory
  • readString
  • readWString
  • readUntil
  • readLong
  • writeMemory
  • writeLong
  • getMemoryPages
  • getMemoryPageByAddress
  • getMemoryPageByOwner
  • getPageContains
  • getHeapsAddress
  • getHeap
  • getPEBAddress
  • getAllThreads

Modules

  • getModule
  • getAllModules
  • getImageNameForModule

Assembly & Disassembly related route

  • disasm
  • disasmSizeOnly
  • disasmForward
  • disasmForwardAddressOnly
  • disasmBackward
  • assemble
  • getOpcode

strings

  • readString

Breakpoints

  • setBreakpoint
  • deleteBreakpoint
  • setMemBreakpoint

Tables

  • createTable

Symbols

  • resolveSymbol

wmodule

  • wmodule class
  • getIssystemdll
  • getSymbols
  • getIATList
  • getEATList
  • getSectionAddress

Other classes

  • wtable class
  • wsymbol
  • wpage
  • Function
  • opcode
  • wthread
  • wheap
  • LogBpHook
@mrexodia mrexodia referenced this issue in x64dbg/x64dbgpy Dec 20, 2016
Open

Please support mona.py #6

@OJ
OJ commented Dec 23, 2016

I'd love to help with this. Problem is that I have zero time :/ If someone get started, I'll see if I can pitch in along the way.

@mrexodia
Member

This issue was provided as a way to get started, you can pick any function/class you like and see what's required to port it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment