Thursday 31 December 2015
0 comments

Flare-dbg To Aid Malware Reverse Engineers in Rapidly Developing Debugger By FireEye


flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.

Installation/setup


1. Install the pykd windbg extension from: https://pykd.codeplex.com/releases

  • Download the Bootstrapper dll.
  • Add the Bootstrapper pykd.dll file into your winext directory. Something like %ProgramFiles%\Debugging Tools for Windows\winext.
  • Install the latest 0.3.x version of pykd using pip install pykd.
  • Ensure you can import pykd from within windbg: .load pykd.

2. Install winappdbg

  • pip install winappdbg

3. Setup vivisect

  • Install vivisect using one of the following options:

Install package using pip: pip install vivisect-wb
Install source using pip: pip install https://github.com/williballenthin/vivisect/zipball/master
Download and extract upstream vivisect and set PYTHONPATH to the extracted directory.

  • Ensure you can import vivisect from a python shell: import vivisect.

4. Setup flaredbg

  • Install flaredbg using setup.py


Running scripts
There are two options for running scripts:


  1. Create a script directory and set PYTHONPATH to the newly created script directory and add your scripts here.
  2. Copy scripts to the root of your windbg directory. Something like: %ProgramFiles%\Debugging Tools for Windows\. Once your script path is setup, scripts are run from the windbg console as follows:

> .load pykd
> !py <script_name>

Download

0 comments:

Post a Comment

Note: only a member of this blog may post a comment.

 
Toggle Footer
Top