PEDA-like debugger UI for WinDbg
This is a windbg extension ( using pykd ) to let user having a PEDA-like debugger UI in WinDbg.
It will display the following context in each step/trace:
- Registers
- Disassembled code near PC
- Contents of the stack pointer ( with basic smart dereference )
For now it supports both x86 & x64 WinDbg.
- Python2.7 ( The extension has NOT been tested on Python3 )
- pykd
- Install Python2.7 & pykd
- Download the repository
- Install the matrix theme by double-clicking the matrix_theme.reg
- The matrix theme is required for letting the color theme work in TWindbg
- You can preview the theme by importing the matrix_theme.WEW workspace into WinDbg.
- Copy the TWindbg folder into
[WinDbg Directory]\x64\winext\&[WinDbg Directory]\x86\winext\
- Open an executable or attach to a process with WinDbg
- Use
.load pykd.pydto load thepykdextension - Use
!py -g winext\TWindbg\TWindbg.pyto launch TWindbg
[PATH_TO_WINDBG] -a pykd.pyd -c "!py -g winext\TWindbg\TWindbg.py"
Or you can write a simple batch file for the sake of convenience.
After that you can just use t or p to see if the extension is working.
Maybe ( just maybe ) I'll add some command to make WinDbg behave more like PEDA ( or other debugger like pwndbg, GEF... ) in the future.