rizin icon indicating copy to clipboard operation
rizin copied to clipboard
verified publisher icon rizinorg

Support remote connection to the WinDbg user mode

Open XVilka opened this issue 4 years ago • 5 comments

Currently Rizin supports remote connection to the KD interface through winkd://. There is also a support for DbgEng but only for Windows and locally.

The missing piece is the ability to connect to the remote WinDbg instance for the user mode, e.g. from Linux or MacOS machine into the Windows VM.

See https://book.rizin.re/debugger/windbg.html

XVilka avatar Feb 11 '21 12:02 XVilka

This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has probably changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of rizin. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 28 '21 09:08 stale[bot]

I have tested with last commit:

rizin 0.4.0-git @ linux-x86-64
commit: 52825a7a027c47e4da5335330c9755d77ab64ca8, build: 2022-02-11__12:37:08

On remote machine:

cdp -p 1234
.server tcp:port=5005

It is doesn't work:

/rizin -a x86 -b 32 -d winkd://10.0.0.64:5005:1.2.3.4
...
Opened kdnet 10.0.0.64:5005:1.2.3.4 with fd 0x5596607bd6b0

./rizin -D winkd winkd://10.0.0.64:5005:1.2.3.4 ... Opened kdnet 10.0.0.64:5005:1.2.3.4 with fd 0x56459548f080


Each time rizin hangs. After pressing "ctrl-c" it send to remote side:

U 10.0.0.1:5005 -> 10.0.0.64:5005 #13 MDBG...x..2.h....Hp.X'i.E.......f..x..


Why rizin use UDP instead of TCP?

s0i37 avatar Feb 11 '22 07:02 s0i37

Also I've checked winkd with pipe:

qemu ... -chardev socket,id=serial0,path=/tmp/serial0,nowait,server -serial chardev:serial0

cdb.exe -p PID
.server com:port=com1

chmod 777 /tmp/serial0
rizin -a x86 -b 32 -D winkd winkd:///tmp/serial0
r2 -a x86 -b 32 -D winkd winkd:///tmp/serial0

In each case rizin/r2 hangs

s0i37 avatar Feb 16 '22 07:02 s0i37

@GustavoLCR could you please take a look when you have time?

XVilka avatar Feb 16 '22 07:02 XVilka

This issue has been automatically marked as stale because it has not had recent activity. Considering a lot has probably changed since its creation, we kindly ask you to check again if the issue you reported is still relevant in the current version of rizin. If it is, update this issue with a comment, otherwise it will be automatically closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Aug 31 '22 05:08 stale[bot]