# Pybag
> Python bindings for Microsoft DbgEng
Pybag provides helper functions on top of Python bindings for Microsoft Debug Engine to facilitate Windows native debugging.
[](https://github.com/dshikashio/Pybag/actions/workflows/python-package.yml)
## Installation
Install the Debugging Tools
* From the Windows SDK here: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
* From the App Store
* Directly: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/#install-windbg-directly
```sh
pip install pybag
```
## Usage example
Use Python's repl as a command shell if desired. Ctrl-c will break-in to the debugger if you are in a wait() call.
### Local user debugging
```python
from pybag import *
def handler(bp, dbg):
print("*********** BREAK")
return DbgEng.DEBUG_STATUS_GO
dbg = UserDbg()
dbg.create("notepad.exe")
dbg.bp("Kernel32!WriteFile", handler)
dbg.go()
```
### Remote user debugging
```python
from pybag import *
def handler(bp, dbg):
print("*********** BREAK")
return DbgEng.DEBUG_STATUS_GO
dbg = UserDbg()
d.connect("tcp:server=192.168.1.10,port=5555")
dbg.create("notepad.exe")
dbg.bp("Kernel32!WriteFile", handler)
dbg.go()
```
### Remote kernel debugging
```python
from pybag import *
k = KernelDbg()
k.attach("net:port=50000,key=1.2.3.4")
```
## Release History
* 2.2.14
* Bug fix for breakpoints
* Switched to py-win32more for thread CONTEXT
* 2.2.13
* Improved discovery of Windbg installation detection. Works with App store installations now.
* 2.2.12
* Fix #22 - comtypes issue
* 2.2.11
* Fix #18 - Fix SetImplicitProcessDataOffset
* Fix #19 - Implement CreateProcess2
* 2.2.10
* Better search for Windbg DLLs using registry and allowing user override
* 2.2.9
* Add implementations of GetCurrentThreadSystemId and GetProcessIdsByIndex
* 2.2.8
* Fixed missing files install issue
* 2.2.7
* Fixed access violation when using oneshot breakpoints
* Added 'count' option to breakpoints
* 2.2.6
* Added support for more dbgeng calls
* Symbol handling
* Set / get thread contexts
* Fixed ds command
* 2.2.5
* Fixed be command
* Better search for Windbg install (and DLLs)
* 2.2.4
* Fixed lint issues
* 2.2.3
* Bug fix in WriteVirtual
* 2.2.2
* Python bindings rewritten to use comtypes
* Moved to Python 3
* Support multiple debugging uses
* Local user debugging
* Remote kernel debugging
* Remote user debugging using dbgsrv
## Meta
Distributed under the MIT license. See ``LICENSE`` for more information.
[https://github.com/dshikashio](https://github.com/dshikashio/)
Raw data
{
"_id": null,
"home_page": "https://github.com/dshikashio/Pybag",
"name": "Pybag",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6.0",
"maintainer_email": null,
"keywords": "windows, debugging, dbgeng, windbg, reverseengineering",
"author": "Doug S",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/32/91/82af74c657b1ade7770cd357692f81c0d8820378467ccfa1be00d45b9f79/pybag-2.2.14.tar.gz",
"platform": null,
"description": "# Pybag\r\n> Python bindings for Microsoft DbgEng\r\n\r\nPybag provides helper functions on top of Python bindings for Microsoft Debug Engine to facilitate Windows native debugging.\r\n\r\n[](https://github.com/dshikashio/Pybag/actions/workflows/python-package.yml)\r\n\r\n## Installation\r\n\r\nInstall the Debugging Tools \r\n* From the Windows SDK here: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/\r\n* From the App Store\r\n* Directly: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/#install-windbg-directly\r\n\r\n```sh\r\npip install pybag\r\n```\r\n\r\n## Usage example\r\n\r\nUse Python's repl as a command shell if desired. Ctrl-c will break-in to the debugger if you are in a wait() call.\r\n\r\n### Local user debugging\r\n```python\r\nfrom pybag import *\r\n\r\ndef handler(bp, dbg):\r\n print(\"*********** BREAK\")\r\n return DbgEng.DEBUG_STATUS_GO\r\n\r\ndbg = UserDbg()\r\ndbg.create(\"notepad.exe\")\r\ndbg.bp(\"Kernel32!WriteFile\", handler)\r\ndbg.go()\r\n```\r\n### Remote user debugging\r\n```python\r\nfrom pybag import *\r\n\r\ndef handler(bp, dbg):\r\n print(\"*********** BREAK\")\r\n return DbgEng.DEBUG_STATUS_GO\r\n\r\ndbg = UserDbg()\r\nd.connect(\"tcp:server=192.168.1.10,port=5555\")\r\ndbg.create(\"notepad.exe\")\r\ndbg.bp(\"Kernel32!WriteFile\", handler)\r\ndbg.go()\r\n```\r\n\r\n### Remote kernel debugging\r\n```python\r\nfrom pybag import *\r\n\r\nk = KernelDbg()\r\nk.attach(\"net:port=50000,key=1.2.3.4\")\r\n```\r\n\r\n\r\n## Release History\r\n* 2.2.14\r\n * Bug fix for breakpoints\r\n * Switched to py-win32more for thread CONTEXT\r\n* 2.2.13\r\n * Improved discovery of Windbg installation detection. Works with App store installations now.\r\n* 2.2.12\r\n * Fix #22 - comtypes issue\r\n* 2.2.11\r\n * Fix #18 - Fix SetImplicitProcessDataOffset\r\n * Fix #19 - Implement CreateProcess2\r\n* 2.2.10\r\n * Better search for Windbg DLLs using registry and allowing user override\r\n* 2.2.9\r\n * Add implementations of GetCurrentThreadSystemId and GetProcessIdsByIndex\r\n* 2.2.8\r\n * Fixed missing files install issue\r\n* 2.2.7\r\n * Fixed access violation when using oneshot breakpoints\r\n * Added 'count' option to breakpoints\r\n* 2.2.6\r\n * Added support for more dbgeng calls\r\n * Symbol handling\r\n * Set / get thread contexts\r\n * Fixed ds command\r\n* 2.2.5\r\n * Fixed be command\r\n * Better search for Windbg install (and DLLs)\r\n* 2.2.4\r\n * Fixed lint issues\r\n* 2.2.3 \r\n * Bug fix in WriteVirtual \r\n* 2.2.2\r\n * Python bindings rewritten to use comtypes\r\n * Moved to Python 3\r\n * Support multiple debugging uses\r\n * Local user debugging\r\n * Remote kernel debugging\r\n * Remote user debugging using dbgsrv\r\n\r\n\r\n## Meta\r\n\r\nDistributed under the MIT license. See ``LICENSE`` for more information.\r\n\r\n[https://github.com/dshikashio](https://github.com/dshikashio/)\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python wrappers for DbgEng from Windbg",
"version": "2.2.14",
"project_urls": {
"Homepage": "https://github.com/dshikashio/Pybag"
},
"split_keywords": [
"windows",
" debugging",
" dbgeng",
" windbg",
" reverseengineering"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "39a770a990a4cdf55db81ac7ceda8bda61710680a31c1044f21db263702bcd4a",
"md5": "84c5c064f15af939a83103ac445c4bc0",
"sha256": "678820914f762c82adbe5ce7bbe0cec13258ee230a07787509ffbced48b6de1a"
},
"downloads": -1,
"filename": "Pybag-2.2.14-py3-none-any.whl",
"has_sig": false,
"md5_digest": "84c5c064f15af939a83103ac445c4bc0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6.0",
"size": 158586,
"upload_time": "2025-01-21T05:00:58",
"upload_time_iso_8601": "2025-01-21T05:00:58.138953Z",
"url": "https://files.pythonhosted.org/packages/39/a7/70a990a4cdf55db81ac7ceda8bda61710680a31c1044f21db263702bcd4a/Pybag-2.2.14-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "329182af74c657b1ade7770cd357692f81c0d8820378467ccfa1be00d45b9f79",
"md5": "a7926bf969545be24b38d82611c19cf3",
"sha256": "d2f94fb597b52e0bfe8c062ec49928deb5df076fac9e3ddbce881f383a55f195"
},
"downloads": -1,
"filename": "pybag-2.2.14.tar.gz",
"has_sig": false,
"md5_digest": "a7926bf969545be24b38d82611c19cf3",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6.0",
"size": 152654,
"upload_time": "2025-01-21T05:00:59",
"upload_time_iso_8601": "2025-01-21T05:00:59.459478Z",
"url": "https://files.pythonhosted.org/packages/32/91/82af74c657b1ade7770cd357692f81c0d8820378467ccfa1be00d45b9f79/pybag-2.2.14.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2025-01-21 05:00:59",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "dshikashio",
"github_project": "Pybag",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "capstone",
"specs": [
[
">=",
"4.0.2"
]
]
},
{
"name": "comtypes",
"specs": [
[
">=",
"1.1.14"
]
]
},
{
"name": "pywin32",
"specs": [
[
">=",
"301"
]
]
},
{
"name": "win32more",
"specs": [
[
">=",
"0.5.8"
]
]
}
],
"lcname": "pybag"
}
JSON
