Awesome
ida_bochs_windows
Helper script for Windows kernel debugging with IDA Pro on native Bochs debugger (including PDB symbols)
python3 + idapython 7.4
Bochs debugger:
Bochs debugger GUI:
Usage
WARNING: BEFORE OPEN IDA your must set env var: _NT_SYMBOL_PATH to windows symbols, ex:
SRV*C:\winsymbols*
Edit "C:\Program Files\IDA Pro 7.7\cfg\dbg_bochs.cfg"
BOCHSDBG = "C:\\Users\\leno\\Desktop\\Bochs-pruebas\\bochs\\bochs.exe";
BOCHSRC = "C:\\Users\\leno\\Desktop\\Bochs-pruebas\\bochs\\.bochsrc";
Go to IDA .....
Open IDA PRO,
Go to Debugger -> Run -> Local Bochs Debugger
Application:
C:\Users\leno\Desktop\Bochs-pruebas\bochs\.bochsrc
Cick Debug Options -> Set specific options -> Select Disk image
start a debug session and go to File -> Script File -> ida_bochs_windows.py
This idapython script ask you for bochs symbol file
Done!
Export IDA Names to file for raw Bochs debug
- Open IDA PRO, start a debug session and go to File -> Script File -> ida_bochs_windows.py
- Execute ida_names_to_bochs_sym.py
- Select a file to save info
Use the generated file in Bochs debugger (ldsym global + file path), example:
ldsym global "C:\\Users\\Dreg\\bochs\\bochs_syms.txt"
Export IDA Segments to file for raw Bochs debug
- Open IDA PRO, start a debug session and go to File -> Script File -> ida_bochs_windows.py
- Execute ida_segs_to_bochs_sym.py
- Select a file to save info
Use the generated file in Bochs debugger (ldsym global + file path), example:
ldsym global "C:\\Users\\Dreg\\bochs\\bochs_segs.txt"
Join bochs_segs.txt and bochs_syms.txt
It can be useful have segments + symbols together:
type bochs_segs.txt > bochs_segs_and_syms.txt
type bochs_syms.txt >> bochs_segs_and_syms.txt
Now, when a instruction its out of a known segment its easy to view:
Demo video
Related
Helper script for Windows kernel debugging with IDA Pro on VMware + GDB stub (including PDB symbols):
Helper scripts for windows debugging with symbols for Bochs and IDA Pro (PDB files). Very handy for user mode <--> kernel mode:
Helper script for Linux kernel debugging with IDA Pro on VMware + GDB stub (including some symbols helpers):
Dump PDB Symbols including support for Bochs Debugging Format (with wine support):
Tools for Linux kernel debugging on Bochs (including symbols, native Bochs debugger and IDA PRO):
Credits
Based on original IDA-VMware-GDB By Oleksiuk Dmytro (aka Cr4sh) https://github.com/Cr4sh/IDA-VMware-GDB