Skip to content

Latest commit

 

History

History
109 lines (68 loc) · 2.89 KB

README.md

File metadata and controls

109 lines (68 loc) · 2.89 KB

ida_bochs_windows

Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)

python3 + idapython 7.4

bochimage

Bochs debugger:

names

Bochs debugger GUI:

debugui

Usage

WARNING: BEFORE OPEN IDA your must set env var: _NT_SYMBOL_PATH to windows symbols, ex:

SRV*C:\winsymbols*

Edit "C:\Program Files\IDA Pro 7.7\cfg\dbg_bochs.cfg"

BOCHSDBG = "C:\\Users\\leno\\Desktop\\Bochs-pruebas\\bochs\\bochs.exe";
BOCHSRC = "C:\\Users\\leno\\Desktop\\Bochs-pruebas\\bochs\\.bochsrc";

Go to IDA .....

Open IDA PRO,

Go to Debugger -> Run -> Local Bochs Debugger

Application:

C:\Users\leno\Desktop\Bochs-pruebas\bochs\.bochsrc

Cick Debug Options -> Set specific options -> Select Disk image

start a debug session and go to File -> Script File -> ida_bochs_windows.py

This idapython script ask you for bochs symbol file

Done!

Export IDA Names to file for raw Bochs debug

  1. Open IDA PRO, start a debug session and go to File -> Script File -> ida_bochs_windows.py
  2. Execute ida_names_to_bochs_sym.py
  3. Select a file to save info

Use the generated file in Bochs debugger (ldsym global + file path), example:

ldsym global "C:\\Users\\Dreg\\bochs\\bochs_syms.txt"

Export IDA Segments to file for raw Bochs debug

  1. Open IDA PRO, start a debug session and go to File -> Script File -> ida_bochs_windows.py
  2. Execute ida_segs_to_bochs_sym.py
  3. Select a file to save info

Use the generated file in Bochs debugger (ldsym global + file path), example:

ldsym global "C:\\Users\\Dreg\\bochs\\bochs_segs.txt"

Join bochs_segs.txt and bochs_syms.txt

It can be useful have segments + symbols together:

type bochs_segs.txt > bochs_segs_and_syms.txt
type bochs_syms.txt >> bochs_segs_and_syms.txt

Now, when a instruction its out of a known segment its easy to view:

bochsend

Demo video

https://youtu.be/X8bJ421iaVA

Related

Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols):

Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode:

Helper script for Linux kernel debugging with IDA Pro on VMware + GDB stub (including some symbols helpers):

Dump PDB Symbols including support for Bochs Debugging Format (with wine support):

Tools for Linux kernel debugging on Bochs (including symbols, native Bochs debugger and IDA PRO):

Credits

Based on original IDA-VMware-GDB By Oleksiuk Dmytro (aka Cr4sh) https://github.com/Cr4sh/IDA-VMware-GDB