Skip to content
/ bindbg Public

Binary Ninja plugin that syncs WinDbg to Binary Ninja

License

MIT license
47 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

kukfa/bindbg

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
binja_toolbar
binja_toolbar
 
 
icons
icons
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
windbg.py
windbg.py
 
 

Repository files navigation

BinDbg

Description:

BinDbg is a Binary Ninja plugin that syncs WinDbg to Binja to create a fusion of dynamic and static analyses. It was primarily written to improve the Windows experience for Binja debugger integrations.

Features include:

  • Start and stop WinDbg directly in Binja
  • Control debugger execution and IP
  • Set and delete breakpoints
  • Set process arguments
  • Branch decision highlighting
  • vtable resolution and (rough) type identification
  • ASLR support

Demo video: https://www.youtube.com/watch?v=6xrf4hgog5s

Likely full of bugs and oversights; issues and PR's welcomed :)

Installation

git clone https://github.com/kukfa/bindbg.git within your Binary Ninja plugins folder (%APPDATA%\Binary Ninja\plugins), and install WinDbg via the Windows SDK for your version of Windows.

The following pip dependencies are required:

I recommend installing these on the system's native Python installation, then adding the site-packages folder to the PYTHONPATH environment variable instead of trying to install everything in Binja's embedded Python.

In __init__.py, modify the pykd_path var to reflect the absolute path to pykd.dll, and the dbg_dir var to the Debuggers folder containing the x86 and x64 WinDbg folders.

Usage

  • Open target binary in Binja
  • Tools or right-click -> Initialize Toolbar for this view
  • Tools or right-click -> Set process arguments (if necessary)
  • Click Go on the toolbar to launch WinDbg
  • Open Memory/Registers windows in WinDbg as desired
  • Control execution (run, break, step out, step in, step over) using the buttons in the toolbar
  • Control IP (run to cursor, set IP) by right-clicking an instruction and selecting a command accordingly
  • Set or delete breakpoints by right-clicking an instruction and selecting a command accordingly
  • vtable calls and references will be automatically resolved as a Binja comment during execution
  • Click Stop on the toolbar to stop debugging

Acknowledgements

Many ideas (and code) were borrowed from the following projects:

License

This plugin is released under an MIT license.

About

Binary Ninja plugin that syncs WinDbg to Binary Ninja

Resources

Readme

License

MIT license
Activity

Stars

47 stars

Watchers

5 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages