Introduction to Windbg2ida
Windbg2ida lets you dump each step (instruction) in Windbg then give you a dump file and you can use it later in your IDA to put color on each line of the instructions that you've run to show code coverage.
You can use Windbg2ida to see differences between two or more code coverages in IDA.
How to use?
- Load Script
Download windbg2ida from here or use git to download files.
git clone https://github.com/SinaKarvandi/windbg2ida.git
Open Windbg and load windbg2ida.js script (replace path with your computer path to windbg2ida.js)
- Show Dump in IDA
Now in order to use your dump file(s), copy them into "w2i Files" folder next to IDAScript.py, goto IDA > File > Script file... > select IDAScript.py.
Each time you run IDAScript.py all the .w2i files in the "w2i Files" graphs are colorized in IDA. You can see "Output Window" for more details (e.g functions that changed their colors).
!windbg2ida_disable_registers_in_commentFor more information about other configs use the !windbg2ida to see the help.
- Unload Script
To unload the windbg2ida.js (replace path with your computer path to windbg2ida.js)
Current features :
- Comparing two or more code coverage files simultaneously
- Works on both x64 and x86 version of Windbg
- Show registers for each instruction
- Show memorry contents for each instruction
- Both User-mode and Kernel-mode Compatible
- Use dump files offline without need to re-run in Windbg
- Show other modules and invalid addresses
- Add comparing for two or more files
- Add read from folders
- Add registers + eflag read
- Add branch status show
- Add Pause when a special value detected for a register
- Add Pause when a special memory address used in program flow