# Pybag
> Python bindings for Microsoft DbgEng
Pybag provides helper functions on top of Python bindings for Microsoft Debug Engine to facilitate Windows native debugging.
[](https://github.com/dshikashio/Pybag/actions/workflows/python-package.yml)
## Installation
Install the Debugging Tools
* From the Windows SDK here: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/
* From the App Store
* Directly: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/#install-windbg-directly
```sh
pip install pybag
```
## Usage example
Use Python's repl as a command shell if desired. Ctrl-c will break-in to the debugger if you are in a wait() call.
### Local user debugging
```python
from pybag import *
def handler(bp, dbg):
print("*********** BREAK")
return DbgEng.DEBUG_STATUS_GO
dbg = UserDbg()
dbg.create("notepad.exe")
dbg.bp("Kernel32!WriteFile", handler)
dbg.go()
```
### Remote user debugging
```python
from pybag import *
def handler(bp, dbg):
print("*********** BREAK")
return DbgEng.DEBUG_STATUS_GO
dbg = UserDbg()
d.connect("tcp:server=192.168.1.10,port=5555")
dbg.create("notepad.exe")
dbg.bp("Kernel32!WriteFile", handler)
dbg.go()
```
### Remote kernel debugging
```python
from pybag import *
k = KernelDbg()
k.attach("net:port=50000,key=1.2.3.4")
```
## Release History
* 2.2.13
* Improved discovery of Windbg installation detection. Works with App store installations now.
* 2.2.12
* Fix #22 - comtypes issue
* 2.2.11
* Fix #18 - Fix SetImplicitProcessDataOffset
* Fix #19 - Implement CreateProcess2
* 2.2.10
* Better search for Windbg DLLs using registry and allowing user override
* 2.2.9
* Add implementations of GetCurrentThreadSystemId and GetProcessIdsByIndex
* 2.2.8
* Fixed missing files install issue
* 2.2.7
* Fixed access violation when using oneshot breakpoints
* Added 'count' option to breakpoints
* 2.2.6
* Added support for more dbgeng calls
* Symbol handling
* Set / get thread contexts
* Fixed ds command
* 2.2.5
* Fixed be command
* Better search for Windbg install (and DLLs)
* 2.2.4
* Fixed lint issues
* 2.2.3
* Bug fix in WriteVirtual
* 2.2.2
* Python bindings rewritten to use comtypes
* Moved to Python 3
* Support multiple debugging uses
* Local user debugging
* Remote kernel debugging
* Remote user debugging using dbgsrv
## Meta
Distributed under the MIT license. See ``LICENSE`` for more information.
[https://github.com/dshikashio](https://github.com/dshikashio/)
Raw data
{
"_id": null,
"home_page": "https://github.com/dshikashio/Pybag",
"name": "Pybag",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.6.0",
"maintainer_email": null,
"keywords": "windows, debugging, dbgeng, windbg, reverseengineering",
"author": "Doug S",
"author_email": null,
"download_url": "https://files.pythonhosted.org/packages/27/25/d76db6c69c4a1266c4d5f5e4b3dcc8cb3c5ebdc34c10d2d1ab72311358ec/pybag-2.2.13.tar.gz",
"platform": null,
"description": "# Pybag\r\n> Python bindings for Microsoft DbgEng\r\n\r\nPybag provides helper functions on top of Python bindings for Microsoft Debug Engine to facilitate Windows native debugging.\r\n\r\n[](https://github.com/dshikashio/Pybag/actions/workflows/python-package.yml)\r\n\r\n## Installation\r\n\r\nInstall the Debugging Tools \r\n* From the Windows SDK here: https://developer.microsoft.com/en-us/windows/downloads/windows-sdk/\r\n* From the App Store\r\n* Directly: https://learn.microsoft.com/en-us/windows-hardware/drivers/debugger/#install-windbg-directly\r\n\r\n```sh\r\npip install pybag\r\n```\r\n\r\n## Usage example\r\n\r\nUse Python's repl as a command shell if desired. Ctrl-c will break-in to the debugger if you are in a wait() call.\r\n\r\n### Local user debugging\r\n```python\r\nfrom pybag import *\r\n\r\ndef handler(bp, dbg):\r\n print(\"*********** BREAK\")\r\n return DbgEng.DEBUG_STATUS_GO\r\n\r\ndbg = UserDbg()\r\ndbg.create(\"notepad.exe\")\r\ndbg.bp(\"Kernel32!WriteFile\", handler)\r\ndbg.go()\r\n```\r\n### Remote user debugging\r\n```python\r\nfrom pybag import *\r\n\r\ndef handler(bp, dbg):\r\n print(\"*********** BREAK\")\r\n return DbgEng.DEBUG_STATUS_GO\r\n\r\ndbg = UserDbg()\r\nd.connect(\"tcp:server=192.168.1.10,port=5555\")\r\ndbg.create(\"notepad.exe\")\r\ndbg.bp(\"Kernel32!WriteFile\", handler)\r\ndbg.go()\r\n```\r\n\r\n### Remote kernel debugging\r\n```python\r\nfrom pybag import *\r\n\r\nk = KernelDbg()\r\nk.attach(\"net:port=50000,key=1.2.3.4\")\r\n```\r\n\r\n\r\n## Release History\r\n* 2.2.13\r\n * Improved discovery of Windbg installation detection. Works with App store installations now.\r\n* 2.2.12\r\n * Fix #22 - comtypes issue\r\n* 2.2.11\r\n * Fix #18 - Fix SetImplicitProcessDataOffset\r\n * Fix #19 - Implement CreateProcess2\r\n* 2.2.10\r\n * Better search for Windbg DLLs using registry and allowing user override\r\n* 2.2.9\r\n * Add implementations of GetCurrentThreadSystemId and GetProcessIdsByIndex\r\n* 2.2.8\r\n * Fixed missing files install issue\r\n* 2.2.7\r\n * Fixed access violation when using oneshot breakpoints\r\n * Added 'count' option to breakpoints\r\n* 2.2.6\r\n * Added support for more dbgeng calls\r\n * Symbol handling\r\n * Set / get thread contexts\r\n * Fixed ds command\r\n* 2.2.5\r\n * Fixed be command\r\n * Better search for Windbg install (and DLLs)\r\n* 2.2.4\r\n * Fixed lint issues\r\n* 2.2.3 \r\n * Bug fix in WriteVirtual \r\n* 2.2.2\r\n * Python bindings rewritten to use comtypes\r\n * Moved to Python 3\r\n * Support multiple debugging uses\r\n * Local user debugging\r\n * Remote kernel debugging\r\n * Remote user debugging using dbgsrv\r\n\r\n\r\n## Meta\r\n\r\nDistributed under the MIT license. See ``LICENSE`` for more information.\r\n\r\n[https://github.com/dshikashio](https://github.com/dshikashio/)\r\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python wrappers for DbgEng from Windbg",
"version": "2.2.13",
"project_urls": {
"Homepage": "https://github.com/dshikashio/Pybag"
},
"split_keywords": [
"windows",
" debugging",
" dbgeng",
" windbg",
" reverseengineering"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "358e30b303f9c97e627424a1964b77c8cdb16e165e59abf1c8e1cc1d35503114",
"md5": "f2e17801d5eb837407adb3669c08df51",
"sha256": "fbfa4cc17f2f1e45a2edfeaa9a7ca5ec8736bd10c1df2f1abd59ba5f9e776d52"
},
"downloads": -1,
"filename": "Pybag-2.2.13-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f2e17801d5eb837407adb3669c08df51",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6.0",
"size": 299256,
"upload_time": "2024-12-06T17:46:51",
"upload_time_iso_8601": "2024-12-06T17:46:51.246104Z",
"url": "https://files.pythonhosted.org/packages/35/8e/30b303f9c97e627424a1964b77c8cdb16e165e59abf1c8e1cc1d35503114/Pybag-2.2.13-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "2725d76db6c69c4a1266c4d5f5e4b3dcc8cb3c5ebdc34c10d2d1ab72311358ec",
"md5": "7f3ab205882c376f53056f38836074f9",
"sha256": "af8dbc6032038cee6825476e303dac526ce995d2baf565cd6a3f49dc28ef1927"
},
"downloads": -1,
"filename": "pybag-2.2.13.tar.gz",
"has_sig": false,
"md5_digest": "7f3ab205882c376f53056f38836074f9",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6.0",
"size": 277181,
"upload_time": "2024-12-06T17:46:53",
"upload_time_iso_8601": "2024-12-06T17:46:53.154611Z",
"url": "https://files.pythonhosted.org/packages/27/25/d76db6c69c4a1266c4d5f5e4b3dcc8cb3c5ebdc34c10d2d1ab72311358ec/pybag-2.2.13.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-12-06 17:46:53",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "dshikashio",
"github_project": "Pybag",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"requirements": [
{
"name": "capstone",
"specs": [
[
">=",
"4.0.2"
]
]
},
{
"name": "comtypes",
"specs": [
[
">=",
"1.1.14"
]
]
},
{
"name": "pywin32",
"specs": [
[
">=",
"301"
]
]
}
],
"lcname": "pybag"
}
JSON
