Windows Debugger Hub

Since version 4.3, IDA offers a PE Windows debugger in addition to its Windows disassembler. The Windows debugger in IDA combines the power of static disassembly to dynamic debugging to allow its users to debug unknown binaries at a level close to source code. A Linux version of the debugger is also available, there is some more information about it here here

The Windows Debugger in IDA:

is able to debug any file supported by the Windows DBG interface, including true 64 bits files.
can benefit from all the features of the Windows Disassembler, including interactivity, scripting and plugins.
offer local debugging of Windows executables.
can connect to other Windows machines running our remote debugging server and debug Windows executables.
can connect to our Linux remote debugging server and allows you to debug Linux executables from a familiar Windows environment.

Below: the Windows Debugger working locally.

Below: the Windows Debugger about to debug a remote Linux binary.

A typical use of the remote Windows debugger would be the analysis of a hostile Linux binary or a hostile Windows binary on a safe and clean machine. The IDA Windows debugger brings unprecedented flexibility and security to the virus analyst. Another typical use of the remote Windows debugger would be Linux debugging in a comfortable, well-known GUI.

Here are a few links to the IDA Windows Debugger on our site:

multiple possible connections
the debugger
remote debugging
tracing with the IDA Windows debugger.
analysis of an obfuscated piece of hostile code

Last updated 18 minutes ago

Was this helpful?