# Windbg workspace file to Windows registry file. # # Makes applying your configuration across different installations of Windbg Classic extremely easy. # # How to use: # 1. Make your configuration in Windbg Classic # 2. Save it as a (.wew) file -- File > Save workspace to File... # 3. Run this script # 4. Select the saved .wew file when prompted by the script # 5. Select the .reg save location when prompted by the script # 6. Done # # Whenever you want to use / reuse your configuration as your default workspace, all you have to do is # double-click the saved .reg file. This will configure your windows registry to make Windbg Classic start # with the configuration you worked on automatically instead of needing to re-apply it each time you start # Windbg Classic. # # https://mahemium.blog/ from tkinter import Tk from tkinter.filedialog import askopenfilename, asksaveasfilename import os # For finding the users Documents directory. Check `save_reg_file_path()`. bytes_per_line = 26 file_start = """Windows Registry Editor Version 5.00 ; Generated with wew2reg.py -- https://mahemium.blog/ [HKEY_CURRENT_USER\\Software\\Microsoft\\Windbg] """ registry_paths = [ "HKEY_CURRENT_USER\\Software\\Microsoft\\Windbg\\Workspaces", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windbg\\Workspaces\\Dump", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windbg\\Workspaces\\Explicit", "HKEY_CURRENT_USER\\Software\\Microsoft\\Windbg\\Workspaces\\Kernel" ] def get_wew_file_path(): Tk().withdraw() return askopenfilename(filetypes=[("Windbg workspace file", "*.wew"), ("All files", "*")], title="Select Windbg workspace file", initialdir="C:/Program Files (x86)/Windows Kits/10/Debuggers/x64/themes") def save_reg_file_path(): Tk().withdraw() documents_dir = os.path.join(os.path.expanduser("~"), "Documents") return asksaveasfilename(initialdir=documents_dir, initialfile="windbg_config.reg", defaultextension=".reg", filetypes=[("Windows Registry file", "*.reg"), ("All files", "*")], title="Save as") def main(): wew_path = get_wew_file_path() with open(wew_path, "rb") as f: wew_bytes = f.read() # Checks if it's a valid windbg workspace file if wew_bytes[0:4].decode() != "WDWS": print(wew_bytes[0:4]) print("[-] Invalid windbg workspace file") exit(-1) # This essentially just converts the raw bytes into a hex "array" registry value for the key "Default". fin = '"Default"=hex:' + ",".join(["{:02x}".format(x) for x in wew_bytes[0:bytes_per_line-4]]) + ",\\\n " wew_bytes = wew_bytes[bytes_per_line-4:] a = ["{:02x}".format(x) for x in wew_bytes] b = [a[i:i+bytes_per_line] for i in range(0, len(a), bytes_per_line)] for x in b: x.append("\\") fin += "\n ".join([",".join(x) for x in b])[0:-2] # This applies the converted bytes to each registry path global file_start for reg in registry_paths: file_start += "\n\n[" + reg + "]\n" + fin # This writes the whole thing in the specified file. View the saved file to understand how the formatting works. with open(save_reg_file_path(), "w") as f: f.write(file_start) print("[+] Done.") if __name__ == "__main__": main()