x64dbgpylib
x64dbgpylib copied to clipboard
x64dbg
porting windbglib
x64dbgpylib
Port of windbglib to x64dbgpy, in an effort to support mona.py in x64dbg.
This is a work in progress, see the issues or contact us to find out how you can help.
The original code of windbglib is around 1800 lines. This means that the effort of a full rewrite should be small, except in cases where the underlying functionality is not yet exposed by x64dbg. Contact me if you stumble across missing functionality. I will not work on the porting myself since I have no interest in doing so. I am however available if you need assistance.
Here follows an overview of the things that have to be ported (essentially a summary of the code):
Utility functions
- [x] getOSVersion
- [x] getArchitecture
- [ ] getNtHeaders
- [x] clearvars
- [x] getPEBInfo
- [x] getPEBAddress
- [x] getTEBInfo
- [x] getTEBAddress
- [x] bin2hex
- [x] hexptr2bin
- [x] hexStrToInt
- [x] addrToInt
- [x] isAddress
- [x] intToHex
- [x] toHexByte
- [x] hex2bin
- [x] getPyKDVersion
- [x] isPyKDVersionCompatible
- [x] checkVersion
- [x] getModulesFromPEB
- [x] getModuleFromAddress
Debugger (class)
- [x] setKBDB
- [x] getKBDB
- [x] remoteVirtualAlloc
- [x] rVirtualAlloc
- [x] rVirtualProtect
- [ ] getAddress
- [x] getCurrentTEBAddress
AsmCache
- [x] fillAsmCache
Knowledge
- [x] addKnowledge
- [x] getKnowledge
- [x] readKnowledgeDB
- [x] listKnowledge
- [x] cleanKnowledge
- [x] forgetKnowledge
- [x] cleanUp
Placeholders
- [x] analysecode
- [x] isAnalysed
LOGGING
- [x] toAsciiOnly
- [x] createLogWindow
- [x] log
- [x] logLines
- [x] updateLog
- [x] setStatusBar
- [x] error
Process stuff
- [x] getDebuggedName
- [x] getDebuggedPid
OS stuff
- [x] getOsRelease
- [x] getOsVersion
- [x] getPyKDVersionNr
Registers
- [x] getRegs
Commands
- [ ] nativeCommand
SEH
- [x] getSehChain
Memory
- [x] readMemory
- [x] readString
- [x] readWString
- [x] readUntil
- [x] readLong
- [x] writeMemory
- [x] writeLong
- [x] getMemoryPages
- [x] getMemoryPageByAddress
- [x] getMemoryPageByOwner
- [x] getPageContains
- [x] getHeapsAddress
- [x] getHeap
- [x] getPEBAddress
- [x] getAllThreads
Modules
- [ ] getModule
- [ ] getAllModules
- [ ] getImageNameForModule
Assembly & Disassembly related route
- [ ] disasm
- [ ] disasmSizeOnly
- [ ] disasmForward
- [ ] disasmForwardAddressOnly
- [ ] disasmBackward
- [ ] assemble
- [ ] getOpcode
strings
- [x] readString
Breakpoints
- [ ] setBreakpoint
- [ ] deleteBreakpoint
- [ ] setMemBreakpoint
Tables
- [x] createTable
Symbols
- [ ] resolveSymbol
wmodule
- [x] wmodule class
- [x] getIssystemdll
- [ ] getSymbols
- [ ] getIATList
- [ ] getEATList
- [ ] getSectionAddress
Other classes
- [x] wtable class
- [x] wsymbol
- [ ] wpage
- [ ] Function
- [ ] opcode
- [x] wthread
- [x] wheap
- [x] LogBpHook
I'd love to help with this. Problem is that I have zero time :/ If someone get started, I'll see if I can pitch in along the way.
This issue was provided as a way to get started, you can pick any function/class you like and see what's required to port it.
Features from pykd that have to be ported over:
- [ ]
pykd.dbgCommand - [ ]
pykd.disasm - [x]
pykd.dprintln - [x]
pykd.findMemoryRegion - [ ]
pykd.findSymbol - [x]
pykd.getCurrentProcess - [x]
pykd.getCurrentProcessId - [x]
pykd.getImplicitThread - [x]
pykd.getProcessThreads - [x]
pykd.getVaProtect - [x]
pykd.is64bitSystem - [x]
pykd.isValid - [x]
pykd.loadBytes - [x]
pykd.loadChars - [x]
pykd.loadCStr - [x]
pykd.loadDWords - [x]
pykd.loadUnicodeString - [x]
pykd.loadWChars - [x]
pykd.loadWStr - [x]
pykd.MemoryException - [x]
pykd.module - [x]
pykd.ptrDWord - [x]
pykd.reg - [x]
pykd.typedVar - [x]
pykd.typedVarList - [x]
pykd.version - [x]
pykd.ptrPtr