PEDA-like debugger UI for WinDbg

This is a windbg extension ( using pykd ) to let user having a PEDA-like debugger UI in WinDbg.
It will display the following context in each step/trace:

• Registers
• Disassembled code near PC
• Contents of the stack pointer ( with basic smart dereference )

It also supports some peda-like commands ( see the support commands section )

For now it supports both x86 & x64 WinDbg.

• Python2.7 ( The extension has NOT been tested on Python3 )
• pykd

• Install Python2.7 & pykd
• Download the repository
• Install the matrix theme by double-clicking the matrix_theme.reg
  • The matrix theme is required for letting the color theme work in TWindbg
  • You can preview the theme by importing the matrix_theme.WEW workspace into WinDbg.
• Copy the TWindbg folder into [WinDbg Directory]\x64\winext\ & [WinDbg Directory]\x86\winext\

• Open an executable or attach to a process with WinDbg
• Use .load pykd.pyd to load the pykd extension
• Use !py -g winext\TWindbg\TWindbg.py to launch TWindbg

[PATH_TO_WINDBG] -a pykd.pyd -c "!py -g winext\TWindbg\TWindbg.py"

Or you can write a simple batch file for the sake of convenience.

After that you can just use t or p to see if the extension is working.

• TWindbg: List all the command in TWindbg
• ctx: Print out the current context
• tel / telescope: Display memory content at an address with smart dereferences

Maybe ( just maybe ) I'll add more command to make WinDbg behave more like PEDA ( or other debugger like pwndbg, GEF... ) in the future.