ret-sync icon indicating copy to clipboard operation
ret-sync copied to clipboard
verified publisher icon bootleg

Focus WinDbg window when stepping in IDA for smoother experience?

Open awaqq520 opened this issue 3 years ago • 4 comments

The response of hook-key is very slow, so I want to use a method to activate the windbg window. For example, after setting the color of the current line, the windbg window is activated. The function I found that can be used is win32gui.ShowWindow, but It needs to introduce a third-party library: win32gui. I don't know how to import this library. Entering Import win32gui in IDAPython will report an error.

awaqq520 avatar Apr 01 '22 01:04 awaqq520

Hello @awaqq520

can I ask what do ytou mean by "response of hook-key"? Is it when using remote binding from a disassembler tool (IDA/Ghidra/BN) ? What would you want to achieve, giving the focus to the Windbg windbg ? Remote binding is actually meant to avoid to much switching betwwen the disassembler and debugger windows. I am trying to understand the situation.

As a rule of thumb I avoid messing with the OS/window manager default behavior regarding window's focus.

Best regards,

bootleg avatar Apr 04 '22 23:04 bootleg

When I use windbg and ida to debug the kernel synchronously, press F10 and F11 in IDA, its response speed is not as fast as in windbg, it can be said that the response speed of pressing F10/F11 in windbg is twice that of IDA I have now modified it, the following is my idea and implementation: There is such a line of code in the SyncPlugin.py file: idaapi.set_item_color(ea, rsconfig.COL_CURLINE) After calling this code, I do one thing: `
win32gui.SetForegroundWindow(hWindbg)

win32gui.ShowWindow(hWindbg, win32con.SW_SHOW) ` What I couldn't solve at that time was how to import win32gui Later, I checked a lot of information and said that the Python path used by IDAPython can be changed to the local python, for example: C:/python27, as long as you modify the IDAPython registry, you can do it, because I am using the IDAPython7.7 version and use python3 by default. .8.10 version, so in order to prevent other errors, I simply installed the same python version as IDAPython7.7: 3.8.10 The next step is to modify the registry path where IDAPython uses python by default: HKEY_CURRENT_USER\Software\Hex-Rays\IDA There is one item in it is Python3TargetDLL, which by default points to the python dll that comes with IDAPython, here is modified to the path of the local python3.8.10 (the paths used by different versions of IDAPython are different, here you have to find the one that corresponds to you version), after the modification is completed, you have to install win32gui locally, here I choose to install pywin32, this is the github path: https://github.com/mhammond/pywin32 After doing the above two steps, this is my modified SyncPlugin.py code Here is the download link: Click Download SyncPluginModify The above is my idea and implementation, I believe there is a better way to write it

awaqq520 avatar Apr 05 '22 02:04 awaqq520

Hi,

sorry for the delay.

I don't really get what is the purpose of the call to ShowWindow especially in the line color callback. If this callback is called, it means that the message has already arrived from the debugger to update the disassembler state and window. So basically the overhead of the message transmission is already consumed.

bootleg avatar Apr 20 '22 22:04 bootleg