2

first things first:

It was working when I used it last time (which is about more than a month ago).

The Problem is, that no command which is from an extension is working, it seems like no extension is loaded.

Only the default commands do work (like version etc.)

The output of the command "Version" is:

Extension DLL chain:
dbghelp: image 6.2.9200.16384, API 6.1.6, built Sat Nov 20 12:57:48 2010
    [path: C:\Windows\system32\dbghelp.dll]
ext: (Not loaded)
wow64exts: (Not loaded)
exts: (Not loaded)
uext: (Not loaded)
ntsdexts: (Not loaded)

It says that no extensions were loaded, but the folder winext does exist in my system32 folder (C:\Windows\System32\winext), where the extensions are located in (as far as I know).

Commands like !gle do not work :/

I really have no Idea what I can do, please help me :)

user1447648
  • 49
  • 1
  • 2

3 Answers3

2

Does the DBGTOOLS definition in your IDA.CFG point to the x86 WinDBG installation directory?

snoone
  • 5,409
  • 18
  • 19
  • Yes, it does (I've already tried it with the x64 version and the x86 version, so yes.). Content: DBGTOOLS = "C:\Program Files (x86)\Windows Kits\8.0\Debuggers\x86"; – user1447648 Sep 17 '12 at 16:23
  • 1
    You need to escape the slashes: DBGTOOLS = "C:\\Program Files (x86)\\Windows Kits\\8.0\\Debuggers\\x86";. What errors are you seeing when you try to run the commands? – snoone Sep 17 '12 at 19:44
  • It still doesnt work :( Here is the Error I get from !gle: (pastebin because bad formatting at stackoverflow) http://pastebin.com/pDj0pD9E – user1447648 Sep 18 '12 at 19:06
  • Very strange. Works OK for me in IDA 6.3 with the latest WinDBG (6.2.9200). Maybe try Process Monitor to see where IDA is looking for the extension? If you still can't get it to work the IDA support folks are excellent. – snoone Sep 19 '12 at 13:50
  • I don't have much idea on this but seeing the error, you can try pasting the respective DLLs in the current working directory with the executable. Then, check if it can load the DLLs or not. – Abhineet Aug 07 '14 at 06:05
0

The following comes from IDA Pro's help:

Windbg debugger plugin has the following configuration options:
  - The Debugging Tools folder: This should be configured to point to the same
  folder where Microsoft Debugging Tools are installed. The plugin will try to
  guess where the tools are, but if it fails, a manual intervention will be
  required. If this option is not set, then the plugin will try to use dbgeng.dll
  from MS Windows system folder, while normal debug operations will work,
  extensions will not.

This information indicates that if IDA Pro is using dbgeng.dll from the Windows system folder, the extensions command (like !gle) will not work.

If you have already setup the DBGTOOLS to point to your WinDbg (x86 version) directory correctly in your /cfg/ida.cfg but IDA Pro is still using dbgeng.dll from your Windows system folder, then probably your IDA context is not configured to analyze the IBM PC processor. This may happen when you launch IDA Pro and click the 'Go' button directly to work on your own and start the WinDbg debugger.

Check the DBGTOOLS in the ida.cfg, you will find it is wrapped by #ifdef __PC__ #endif. The __PC__ will only gets defined by IDA Pro if you are analyzing a Windows EXE file for example. Give a try to launch the WinDbg from the IDA Pro menu after you have successfully disassembled a Windows EXE file and see what happens.

binelf
  • 26
  • 2
0

If this still hasn't been answered your problem is most likely that you didn't uncomment the DBG Tools line in the ida.cfg file.

I just fixed this myself. hope this helps.

Also the other guys are correct as well. make sure you are escaping with double back slashes "\\" and make sure you pointing to the (x86) directory.

hackn101
  • 29
  • 1
  • 8