{"id":16714088,"url":"https://github.com/therealdreg/ida_bochs_windows","last_synced_at":"2025-03-21T20:33:38.031Z","repository":{"id":45675051,"uuid":"513783260","full_name":"therealdreg/ida_bochs_windows","owner":"therealdreg","description":"Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)","archived":false,"fork":false,"pushed_at":"2023-08-11T06:27:20.000Z","size":537,"stargazers_count":61,"open_issues_count":0,"forks_count":10,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-03-18T04:52:12.919Z","etag":null,"topics":["bochs","debugging","ida-pro","idapython","instrumentation","kernel-debugging","osdev","pdb","reverse-engineering","windows"],"latest_commit_sha":null,"homepage":"https://rootkit.es/","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/therealdreg.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"github":["therealdreg"],"patreon":"dreg","custom":["https://www.paypal.me/therealdreg","https://www.paypal.me/therealdreg"]}},"created_at":"2022-07-14T06:19:15.000Z","updated_at":"2024-08-19T21:25:49.000Z","dependencies_parsed_at":"2024-10-28T11:33:37.994Z","dependency_job_id":"af460dbf-5e0e-4304-b904-fa42d47acdfd","html_url":"https://github.com/therealdreg/ida_bochs_windows","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fida_bochs_windows","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fida_bochs_windows/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fida_bochs_windows/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/therealdreg%2Fida_bochs_windows/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/therealdreg","download_url":"https://codeload.github.com/therealdreg/ida_bochs_windows/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244866382,"owners_count":20523507,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bochs","debugging","ida-pro","idapython","instrumentation","kernel-debugging","osdev","pdb","reverse-engineering","windows"],"created_at":"2024-10-12T20:49:15.160Z","updated_at":"2025-03-21T20:33:37.642Z","avatar_url":"https://github.com/therealdreg.png","language":"Python","funding_links":["https://github.com/sponsors/therealdreg","https://patreon.com/dreg","https://www.paypal.me/therealdreg"],"categories":[],"sub_categories":[],"readme":"# ida_bochs_windows\nHelper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)\n\npython3 + idapython 7.4\n\n![bochimage](img/bochimage.png)\n\nBochs debugger:\n\n![names](img/names.png)\n\nBochs debugger GUI:\n\n![debugui](img/debugui.png)\n\n# Usage\n\n**WARNING**: BEFORE OPEN IDA your must set env var: _NT_SYMBOL_PATH to windows symbols, ex: \n```\nSRV*C:\\winsymbols*\n```` \n\nEdit \"C:\\Program Files\\IDA Pro 7.7\\cfg\\dbg_bochs.cfg\"\n\n```\nBOCHSDBG = \"C:\\\\Users\\\\leno\\\\Desktop\\\\Bochs-pruebas\\\\bochs\\\\bochs.exe\";\nBOCHSRC = \"C:\\\\Users\\\\leno\\\\Desktop\\\\Bochs-pruebas\\\\bochs\\\\.bochsrc\";\n```\n\nGo to IDA .....\n\nOpen IDA PRO, \n\nGo to Debugger -\u003e Run -\u003e Local Bochs Debugger\n\nApplication:\n```\nC:\\Users\\leno\\Desktop\\Bochs-pruebas\\bochs\\.bochsrc\n```\n\nCick Debug Options -\u003e Set specific options -\u003e Select Disk image\n\nstart a debug session and go to File -\u003e Script File -\u003e ida_bochs_windows.py\n\nThis idapython script ask you for bochs symbol file\n\nDone!\n\n## Export IDA Names to file for raw Bochs debug\n\n1. Open IDA PRO, start a debug session and go to File -\u003e Script File -\u003e ida_bochs_windows.py\n2. Execute ida_names_to_bochs_sym.py\n3. Select a file to save info\n\nUse the generated file in Bochs debugger (ldsym global + file path), example:\n\n```\nldsym global \"C:\\\\Users\\\\Dreg\\\\bochs\\\\bochs_syms.txt\"\n```\n\n## Export IDA Segments to file for raw Bochs debug\n\n1. Open IDA PRO, start a debug session and go to File -\u003e Script File -\u003e ida_bochs_windows.py\n2. Execute ida_segs_to_bochs_sym.py\n3. Select a file to save info\n\nUse the generated file in Bochs debugger (ldsym global + file path), example:\n\n```\nldsym global \"C:\\\\Users\\\\Dreg\\\\bochs\\\\bochs_segs.txt\"\n```\n\n## Join bochs_segs.txt and bochs_syms.txt\n\nIt can be useful have segments + symbols together:\n\n```\ntype bochs_segs.txt \u003e bochs_segs_and_syms.txt\ntype bochs_syms.txt \u003e\u003e bochs_segs_and_syms.txt\n```\n\nNow, when a instruction its out of a known segment its easy to view:\n\n![bochsend](img/bochsend.png)\n\n## Demo video\n\nhttps://youtu.be/X8bJ421iaVA\n\n## Related \n\nHelper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols):\n- https://github.com/therealdreg/ida_vmware_windows_gdb\n\nHelper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode \u003c--\u003e kernel mode:\n- https://github.com/therealdreg/symseghelper\n\nHelper script for Linux kernel debugging with IDA Pro on VMware + GDB stub (including some symbols helpers):\n- https://github.com/therealdreg/linux_kernel_debug_disassemble_ida_vmware\n\nDump PDB Symbols including support for Bochs Debugging Format (with wine support):\n- https://github.com/therealdreg/pdbdump_bochs\n\nTools for Linux kernel debugging on Bochs (including symbols, native Bochs debugger and IDA PRO):\n- https://github.com/therealdreg/bochs_linux_kernel_debugging\n\n## Credits\n\nBased on original IDA-VMware-GDB By Oleksiuk Dmytro (aka Cr4sh) https://github.com/Cr4sh/IDA-VMware-GDB\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fida_bochs_windows","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftherealdreg%2Fida_bochs_windows","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftherealdreg%2Fida_bochs_windows/lists"}