
Using Frida for Windows Reverse Engineering - todsacerdoti
https://darungrim.com/research/2020-06-17-using-frida-for-windows-reverse-engineering.html
======
xvilka
They mentioned WinDbg and OllyDbg but both are quirks of the past (except
WinDbg usage for kernel debugging), and there's a better tool for this -
x32dbg/x64dbg[1]. It's open-source, unlike WinDbg and actively developed,
unlike OllyDbg. Moreover, recently we worked a lot on improving Windows
support in radare2 [2] and Cutter[3]. Most of our fixes should land in the
upcoming 4.5.0[4] release. This summer one of our GSoC students works on
improving reversible debugging [5] feature as well. And of course, both
integrated with Frida as well - see r2frida plugin[6].

[1] [https://x64dbg.com/](https://x64dbg.com/)

[2]
[https://github.com/radareorg/radare2](https://github.com/radareorg/radare2)

[3] [https://github.com/radareorg/cutter](https://github.com/radareorg/cutter)

[4]
[https://github.com/radareorg/radare2/milestone/51](https://github.com/radareorg/radare2/milestone/51)

[5]
[https://www.radare.org/gsoc/2020/ideas.html#title_10](https://www.radare.org/gsoc/2020/ideas.html#title_10)

[6]
[https://github.com/nowsecure/r2frida](https://github.com/nowsecure/r2frida)

~~~
xeeeeeeeeeeenu
Microsoft has recently modernized WinDbg[1]. Sadly, it's available only via
the Microsoft Store[2].

[1] - [https://docs.microsoft.com/en-us/windows-
hardware/drivers/de...](https://docs.microsoft.com/en-us/windows-
hardware/drivers/debugger/debugging-using-windbg-preview)

[2] - [https://www.microsoft.com/en-us/p/windbg-
preview/9pgjgd53tn8...](https://www.microsoft.com/en-us/p/windbg-
preview/9pgjgd53tn86)

~~~
userbinator
My reaction upon seeing that can be summed up in two words: _WTF!?, yuck!_

Even the latest version of _Visual Studio_ , their flagship IDE, doesn't have
that stupid ribbon UI, because they know their developers absolutely abhor it.
To see it in WinDbg, whose userbase is even more traditional and "hardcore",
is extremely shocking. With that ridiculous full-screen File menu (or page?),
it looks like a part of Microsoft Office!

~~~
oldmanhorton
The vast majority of the interaction with the new windbg is using the same
commands in the same tiling inner windows as before. The ribbon is usually
hidden if you know the key commands to move around. It's only to help new and
infrequent users find their way around.

~~~
userbinator
_It 's only to help new and infrequent users find their way around._

Visual Studio is what most Windows developers use, including beginners, and it
doesn't need --- or want --- a ribbon. It also doesn't have a full-screen File
"menu", which is a repulsive visual assault and one of the other abominations
that came from recent versions of Office.

The UI isn't even the worse of it. Old WinDbg was a pretty portable thing that
you could just copy onto a machine wherever you wanted to debug something. New
WinDbg is...

[https://lifeinhex.com/running-windbgx-on-
windows-7/](https://lifeinhex.com/running-windbgx-on-windows-7/)

...no. Just... no.

(Yes, keep on downvoting me if you want, I don't care. I've had enough of this
idiotic 'modern' shit creeping into everything.)

