Thursday, 31 December 2015

Flare-dbg To Aid Malware Reverse Engineers in Rapidly Developing Debugger By FireEye

flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.


1. Install the pykd windbg extension from:

  • Download the Bootstrapper dll.
  • Add the Bootstrapper pykd.dll file into your winext directory. Something like %ProgramFiles%\Debugging Tools for Windows\winext.
  • Install the latest 0.3.x version of pykd using pip install pykd.
  • Ensure you can import pykd from within windbg: .load pykd.

2. Install winappdbg

  • pip install winappdbg

3. Setup vivisect

  • Install vivisect using one of the following options:

Install package using pip: pip install vivisect-wb
Install source using pip: pip install
Download and extract upstream vivisect and set PYTHONPATH to the extracted directory.

  • Ensure you can import vivisect from a python shell: import vivisect.

4. Setup flaredbg

  • Install flaredbg using

Running scripts
There are two options for running scripts:

  1. Create a script directory and set PYTHONPATH to the newly created script directory and add your scripts here.
  2. Copy scripts to the root of your windbg directory. Something like: %ProgramFiles%\Debugging Tools for Windows\. Once your script path is setup, scripts are run from the windbg console as follows:

> .load pykd
> !py <script_name>



Post a Comment

Toggle Footer