ret-sync icon indicating copy to clipboard operation
ret-sync copied to clipboard
verified publisher icon bootleg

IDA+windbg: mod request has no match for ntkrnlmp.exe

Open spokeex opened this issue 1 year ago • 1 comments

Connection between windbg extension and ida plugin is made successfully. Cannot set breakpoints, because "idb isn't enabled".

The only warning/error message I see in IDA, is "[sync] << broker << dispatcher msg: mod request has no match for ntkrnlmp.exe"

I'm attempting to debug a driver that has ntoskrnl imports, so maybe it has something to do with that.

Using IDA home 8.4.

EDIT: I'm able to start a session with ntoskrnl.exe idb loaded. Then retsync seems to work. I'm still wondering how I can also load the driver Im interested in, into IDA and have that work. I still have to try https://hex-rays.com/blog/several-files-in-one-idb/.

spokeex avatar May 28 '24 14:05 spokeex

Have a look at the readme: https://github.com/bootleg/ret-sync/blob/master/README.md?plain=1#L179

[ALIASES]
ntoskrnl_vuln.exe=ntkrnlmp.exe

luke0x90 avatar Aug 04 '24 12:08 luke0x90

I can confirm the aliases definition should fix your issue. So closing this issue and feel free to comment if you are still encountering issues

saidelike avatar Nov 03 '25 22:11 saidelike