Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/cr4sh/ida-vmware-gdb

Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub
https://github.com/cr4sh/ida-vmware-gdb

debugging gdb ida kernel reversing vmware windows

Last synced: about 1 month ago
JSON representation

Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub

Host: GitHub
URL: https://github.com/cr4sh/ida-vmware-gdb
Owner: Cr4sh
Archived: true
Created: 2012-07-02T12:01:32.000Z (almost 12 years ago)
Default Branch: master
Last Pushed: 2012-07-02T12:06:41.000Z (almost 12 years ago)
Last Synced: 2024-02-12T15:55:16.480Z (5 months ago)
Topics: debugging, gdb, ida, kernel, reversing, vmware, windows
Language: Python
Homepage:
Size: 92.8 KB
Stars: 73
Watchers: 11
Forks: 40
Open Issues: 0
Metadata Files:
- Readme: README.TXT

Lists

awesome-ida - **56**星

README

******************************************************************************

Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub.

By Oleksiuk Dmytro (aka Cr4sh)
http://twitter.com/d_olex
http://blog.cr4.sh
mailto:[email protected]

******************************************************************************

Features:

- Enumerating loaded kernel modules and segments creation for them.
- Loading debug symbols for kernel modules.

Based on original vmware_modules.py from Hex Blog article (http://www.hexblog.com/?p=94).

Changes:

* Changed nt!PsLoadedModuleList finding algo, 'cause using FS segment base
for this -- is bad idea (FS not always points to the _KPCR).

* Added complete support of Windows x64.

* Fixed bugs in .PDB loading for mdules with the 'non-canonical' image path.

Tested on IDA 6.1 with IDAPython v1.5.2 on Windows XP, Vista, 7 (x32 and x64)
as debug targets.