Debugging IDAPython Scripts

While IDAPython is extremely useful, it can be a bit of a hassle to debug IDA Pro plugins.
This tutorial will give get you started on debugging IDAPython scripts and plugins
using Python Tools for Visual Studio.

And yes, it is completely free.

The Setup

For this tutorial, we will be using the following software:

  1. IDA Pro 6.8

  2. Visual Studio Community_

  3. Python Tools for Visual Studio, documentation can be found here <https://github.com/Microsoft/PTVS/wiki>.

  4. Python’s ptvsd module. Install using pip install ptvsd.

  5. The following plugin:

  1. .. code:: python
  3.     # filename: ptvsd_enable.py
  5.     import idaapi
  6.     import ptvsd
  8.     try:
  9.         # Enable the debugger. Raises exception if called more than once.
  10.         ptvsd.enable_attach(secret="IDA")
  11.     except:
  12.         pass
  15.     class DebugPlugin(idaapi.plugin_t):
  16.         flags = idaapi.PLUGIN_FIX
  17.         comment = "PTVSD Debug Enable"
  18.         help = "Enable debugging using PTVSD"
  19.         wanted_name = "PTVSD"
  20.         wanted_hotkey = ""
  22.         def init(self):
  23.             return idaapi.PLUGIN_KEEP
  25.         def term(self):
  26.             pass
  28.         def run(self, arg):
  29.             pass
  32.     def PLUGIN_ENTRY():
  33.         return DebugPlugin()

For the purposes of this tutorial, you can try and debug this plugin:

  1. # filename: sample_debuggee.py
  3. import idaapi
  6. def my_debugged_function():
  7.     # Set breakpoint here!
  8.     pass
  11. class SamplePlugin(idaapi.plugin_t):
  12.     flags = idaapi.PLUGIN_PROC
  13.     comment = "Sample Debuggee"
  14.     help = "Sample Debuggee"
  15.     wanted_name = "Sample Debuggee"
  16.     wanted_hotkey = "Shift+D"
  18.     def init(self):
  19.         return idaapi.PLUGIN_KEEP
  21.     def term(self):
  22.         pass
  24.     def run(self, arg):
  25.         my_debugged_function()
  28. def PLUGIN_ENTRY():
  29.     return SamplePlugin()

Debugging

  1. Put ptvsd_enable.py (provided above) in IDA’s plugins directory.
    If you want to use the sample debuggee, put it in the plugins directory as well.

  2. Start IDA and load an IDB (otherwise weird issues arise)

  3. Load the code you want to debug into Visual Studio and set breakpoints.

  4. In Visual Studio (with the plugin file open), use DEBUG->Attach to process

Debugging IDAPython Scripts - 图1

  1. In the dialog, select idaq.exe and click Attach

Debugging IDAPython Scripts - 图2

  1. We are now attached. Once a breakpoint is hit, Visual Studio will break and let you debug.
  1. Have fun debugging!

Important Notes

  1. When debugging (breaking and stepping), IDA will be frozen.

  2. Load your IDB prior to attaching the debugger.

  3. For easy debug-on-demand, keep ptvsd_enable.py in IDA’s plugins directory at all times.

  4. To set breakpoints, make sure you load into VS the files that are actually loaded by IDA.

If you find any issues with the tutorial, please submit them here <https://github.com/tmr232/Sark/issues>_.

.. IDA Pro 6.8: https://www.hex-rays.com/products/ida/index.shtml
.. Visual Studio Community: https://www.visualstudio.com/en-us/products/visual-studio-community-vs.aspx
.. _Python Tools for Visual Studio: https://pytools.codeplex.com/releases