README.md
> [!Caution]
> This project is no longer maintained due to several reasons:
> * The official pykd is no longer updated.
> * Windbg has become an excellent tool. It has a nice UI, and if you need telescope there's also a [script](https://github.com/0vercl0k/windbg-scripts/tree/master/telescope) that'll do the work. IMO there's no need to use this tool anymore.
>
> I would like to thank anyone that has supported this project. I had a lot of fun writing this tool :)
---
[](https://github.com/bruce30262/TWindbg/)
[](https://codeclimate.com/github/bruce30262/TWindbg)
[](https://codeclimate.com/github/bruce30262/TWindbg)
[](http://choosealicense.com/licenses/mit/)
# TWindbg
PEDA-like debugger UI for WinDbg
# Introduction
This is a windbg extension ( using [pykd](https://githomelab.ru/pykd/pykd) ) to let user having a [PEDA-like](https://github.com/longld/peda) debugger UI in WinDbg.
It will display the following context in each step/trace:
- Registers
- Disassembled code near PC
- Contents of the stack pointer ( with basic smart dereference )
It also supports some peda-like commands ( see the [support commands](#support-commands) section )
For now it supports both x86 & x64 WinDbg.
# Dependencies
* Python 3
> I decided to drop the support of Python2.7 since it has [reached the EOL](https://www.python.org/doc/sunset-python-2/). I believe the project is Python2/3 compatible, however there might exist some issues in pykd and can cause different behavior in Python2/3. Since now the project will only be tested on Python3, I strongly suggest using TWindbg on Python3 instead of Python 2.7. If you still want to use it on Python 2.7, feel free to fork the project and do the development.
* [pykd](https://githomelab.ru/pykd/pykd)
# Installation
* Install Python3
* Install pykd
- Download [Pykd-Ext](https://githomelab.ru/pykd/pykd-ext/-/wikis/Downloads), unpack `pykd.dll` to the `[WinDbg Directory]\x86(or x64)\winext\` directory.
+ This will allow you to run python in Windbg.
- In the Windbg command line, enter command `.load pykd` to load the pykd module.
- Enter `!pip install pykd` to install the pykd python package.
+ Upgrade the pykd module with command `!pip install --upgrade pykd`.
+ If something went wrong during the installation with `pip install`, try installing the wheel package instead of the one on PyPI. You can download the wheel package [here](https://githomelab.ru/pykd/pykd/-/wikis/All%20Releases).
* Download the repository
* Install the matrix theme by double-clicking the [matrix_theme.reg](/matrix_theme.reg)
- The matrix theme is required for letting the [color theme](/TWindbg/color.py) work in TWindbg
- You can preview the theme by importing the [matrix_theme.WEW](/matrix_theme.WEW) workspace into WinDbg.
* Copy the [TWindbg](/TWindbg) folder into `[WinDbg Directory]\x64\winext\` & `[WinDbg Directory]\x86\winext\`
# Usage
## Launch TWindbg manually
* Open an executable or attach to a process with WinDbg
* Use `.load pykd` to load the `pykd` extension
* Use `!py -g winext\TWindbg\TWindbg.py` to launch TWindbg
## Launch TWindbg with command
```
[PATH_TO_WINDBG] -a pykd -c "!py -g winext\TWindbg\TWindbg.py"
```
Or you can write a [simple batch file](/batch/TWindbg_x64.bat) for the sake of convenience.
After that you can just use `t` or `p` to see if the extension is working.
# Support Commands
* `TWindbg`: List all the command in TWindbg
* `ctx`: Print out the current context
* `tel / telescope`: Display memory content at an address with smart dereferences
# Note
Maybe ( just maybe ) I'll add more command to make WinDbg behave more like PEDA ( or other debugger like pwndbg, GEF... ) in the future.