PyKd - Python extension to access Debug Engine

Storm Shadow

Administrator
Staff member
Developer
Ida Pro Expert
Elite Cracker
PyKd - Python extension to access Debug Engine

Purpose

This project can help to automate debugging and crash dump analysis using Python. It allows one to take the best from both worlds: the expressiveness and convenience of Python with the power of WinDbg!
Additionally, pykd can work in two ways:
  • It's a Python module and can be used in any Python script
  • Also it can be loaded as a WinDbg extension and provide service to control the debugger from a Python script
Why do I need this?

If you want to automate the debugger but dislike the WinDbg built-in script machine syntax it's time to try again using the handy and powerful Python language. Even if you don't want to create your own script, maybe some existing scripts will be of interest to you?
Quick start

  • Install WinDbg
  • Install pykd. The simple way is to download our automated installer. It will check for dependencies, download and install them if required
  • Load extension in WinDbg:
.load pykd.pyd​
  • Create file C:\test.py with the following content:
from pykd import *​
dprintln("Hello")​
  • Launch the script:
>!py C:\test.py​
>Hello​
Resources

FAQ

1. Full script path when using !py command

Q: Specifying script path is annoying. How can I avoid this?
A: Add script path to %PYTHONPATH%. Now, the script name is enough. If the script has standard .py extension, that can be also omitted.
2. Python version

Q: What Python version must be installed?
A: The Python version must be the same as mentioned in distribution. Currently, official supported versions are 2.6 and 2.7. If you want to use another version, you can rebuild the project.
3. Script debugging in WinDbg

Q: I created a small script, but it doesn't work as expected. How I can quickly find the mistakes?
A: You can use the Python text debugger pdb in WinDbg! For example:
>!py pdb C:\test.py​
4. Error when loading extension

Q: I see an error message when I try to load the extension in WinDbg.
A: Make sure:
  1. Architecture of WinDbg, Python, VCRedist and pykd are all the same (x86 or x64).
  2. VCRedist 2005 SP1 2.0.50727.4053 is installed.

https://pykd.codeplex.com/
 
Top