flare-dbg is a project meant to aid malware reverse engineers in rapidly developing debugger scripts.
1. Install the pykd windbg extension from: https://pykd.codeplex.com/releases
- Download the Bootstrapper dll.
- Add the Bootstrapper pykd.dll file into your winext directory. Something like %ProgramFiles%\Debugging Tools for Windows\winext.
- Install the latest 0.3.x version of pykd using pip install pykd.
- Ensure you can import pykd from within windbg: .load pykd.
2. Install winappdbg
- pip install winappdbg
3. Setup vivisect
- Install vivisect using one of the following options:
Install package using pip: pip install vivisect-wb
Install source using pip: pip install https://github.com/williballenthin/vivisect/zipball/master
Download and extract upstream vivisect and set PYTHONPATH to the extracted directory.
- Ensure you can import vivisect from a python shell: import vivisect.
4. Setup flaredbg
- Install flaredbg using setup.py
There are two options for running scripts:
- Create a script directory and set PYTHONPATH to the newly created script directory and add your scripts here.
- Copy scripts to the root of your windbg directory. Something like: %ProgramFiles%\Debugging Tools for Windows\. Once your script path is setup, scripts are run from the windbg console as follows:
> .load pykd
> !py <script_name>