SinaKarvandi · August 24, 2019 10:27
diff --git a/windbg2ida-help.txt b/windbg2ida-help.txt
 ------------------------------------------------------------------
 - Usage :
 	 These commands show how you can use Windbg2IDA.

 	-	!windbg2ida_run_until_ret [FileToSaveDump]

 		Description : Run the program until it reaches to the ret instruction of current function.
 			+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.

 		 e.g : !windbg2ida_run_until_ret "c:\\users\\sina\\desktop\\dump1.w2i"


 	-	!windbg2ida_run_with_limitation [LimitCount],[FileToSaveDump]

 		Description : Run a specific number of instructions.
 			+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.
 			+ [LimitCount]     : Count of instructions to be execute.

 		 e.g : !windbg2ida_run_with_limitation 100,"c:\\users\\sina\\desktop\\dump1.w2i"
 			 run 100 instructions and save the results into c:\users\sina\desktop\dump1.w2i

 	-	!windbg2ida_run_until_address [Address(es)],[FileToSaveDump]

 		Description : Run until the program reaches to the specific address(es).
 			+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.
 			+ [Address(es)]    : Address(es) to stop execution.

 		 e.g : !windbg2ida_run_until_address "fffff80617bc4622","c:\\users\\sina\\desktop\\dump1.w2i"
 			 run until the program reaches to fffff806`17bc4622 and then save the dump into c:\users\sina\desktop\dump1.w2i


 		 e.g : !windbg2ida_run_until_address "fffff80617bc4622,fffff80617bc4628,fffff80617bc462a","c:\\users\\sina\\desktop\\dump1.w2i"
 			 run until the program reaches to fffff80617bc4622 or fffff80617bc4628 or fffff80617bc462a
 			 then save the dump into c:\users\sina\desktop\dump1.w2i

 	-	!windbg2ida_run_until_address_or_return [Address(es)],[FileToSaveDump]

 		Description : Run until the program reaches to the specific address(es) or reaches to the return of the current function.
 			+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.
 			+ [Address(es)]    : Address(es) to stop execution.

 		 e.g : !windbg2ida_run_until_address_or_return "fffff80617bc4622","c:\\users\\sina\\desktop\\dump1.w2i"
 			 run until the program reaches to fffff806`17bc4622 or return of the current function
 			 and then save the dump into c:\users\sina\desktop\dump1.w2i


 		 e.g : !windbg2ida_run_until_address_or_return "fffff80617bc4622,fffff80617bc4628,fffff80617bc462a","c:\\users\\sina\\desktop\\dump1.w2i"
 			 run until the program reaches to fffff80617bc4622 or fffff80617bc4628 or fffff80617bc462a
 			 or return of the current function then save the dump into c:\users\sina\desktop\dump1.w2i


 ------------------------------------------------------------------
 - Load and Unload :
 	 If you need to load or unload the script, use the following commands.

 	-	.scriptload LocationOfWindbg2ida.js

 		Description : Loads the windbg2ida script (You've already loaded ;) .

 		 e.g : .scriptload c:\windbg2ida.js


 	-	.scriptunload  LocationOfWindbg2ida.js

 		Description : Unloads the windbg2ida script.

 		 e.g : .scriptunload  c:\windbg2ida.js

 ------------------------------------------------------------------
 - Configuration :
 	 If you need to enable or disable any of the features you can use
 	the following commands. (otherwise leave it alone with default configuration).


 	-	!windbg2ida_set_color [ColorHex]

 		Description : Set the color of current dump in IDA.
 			+ [ColorHex] : Color in hex.

 		 e.g : !windbg2ida_set_color 0xFF0004
 			 Turns coverage color to red.

 		 e.g : !windbg2ida_set_color 0x36AC29
 			 Turns coverage color to green.

 		 e.g : !windbg2ida_set_color 0x1628AC
 			 Turns coverage color to blue.

 		 e.g : !windbg2ida_set_color 0xFF0FE0
 			 Turns coverage color to pink.


 	-	!windbg2ida_enable_stepin

 		Description : Enables Step In in execution of each instruction.
 		If you need the current function and also need the other functions
 		that the current function calls then use this command (Enabled By Default).


 	-	!windbg2ida_disable_stepin

 		Description : Disable Step In in execution of each instruction.
 		If you only need the current function and don't need other functions
 		that the current function calls then use this command.


 	-	!windbg2ida_enable_registers_in_comment

 		Description : Enables showing of register(s) in IDA instructions comment.
 		Note that it might remove your comments (Enabled By Default).


 	-	!windbg2ida_disable_registers_in_comment

 		Description : Disables showing of register(s) in IDA instructions comment.


 	-	!windbg2ida_enable_branch_status

 		Description : Enables IDA comments with [Branch is taken] or [Branch is not taken].
 		If you want to see these statement then use this option (Enabled By Default).
 		Note : It won't work if you use !windbg2ida_disable_registers_in_comment


 	-	!windbg2ida_disable_branch_status

 		Description : Disables IDA comments with [Branch is taken] or [Branch is not taken].
 		If you don't want to see these statement then use this option.


 	-	!windbg2ida_enable_eflags_in_comment

 		Description : Enables showing of [EFLAGS] in IDA comments.


 	-	!windbg2ida_disable_eflags_in_comment

 		Description : Disables showing of [EFLAGS] in IDA comments. (Enabled By Default)


 	-	!windbg2ida_enable_memory_in_comment

 		Description : Enables showing of Memory addresses and Contents.
 		Works on mov instructions (Enabled By Default).


 	-	!windbg2ida_disable_memory_in_comment

 		Description : Disables showing of Memory addresses and Contents.


 ------------------------------------------------------------------
 - Help :

 	-	!windbg2ida 

 		Description : Shows this help.


 ------------------------------------------------------------------
	------------------------------------------------------------------
	- Usage :
	These commands show how you can use Windbg2IDA.

	- !windbg2ida_run_until_ret [FileToSaveDump]

	Description : Run the program until it reaches to the ret instruction of current function.
	+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.

	e.g : !windbg2ida_run_until_ret "c:\\users\\sina\\desktop\\dump1.w2i"


	- !windbg2ida_run_with_limitation [LimitCount],[FileToSaveDump]

	Description : Run a specific number of instructions.
	+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.
	+ [LimitCount] : Count of instructions to be execute.

	e.g : !windbg2ida_run_with_limitation 100,"c:\\users\\sina\\desktop\\dump1.w2i"
	run 100 instructions and save the results into c:\users\sina\desktop\dump1.w2i

	- !windbg2ida_run_until_address [Address(es)],[FileToSaveDump]

	Description : Run until the program reaches to the specific address(es).
	+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.
	+ [Address(es)] : Address(es) to stop execution.

	e.g : !windbg2ida_run_until_address "fffff80617bc4622","c:\\users\\sina\\desktop\\dump1.w2i"
	run until the program reaches to fffff806`17bc4622 and then save the dump into c:\users\sina\desktop\dump1.w2i


	e.g : !windbg2ida_run_until_address "fffff80617bc4622,fffff80617bc4628,fffff80617bc462a","c:\\users\\sina\\desktop\\dump1.w2i"
	run until the program reaches to fffff80617bc4622 or fffff80617bc4628 or fffff80617bc462a
	then save the dump into c:\users\sina\desktop\dump1.w2i

	- !windbg2ida_run_until_address_or_return [Address(es)],[FileToSaveDump]

	Description : Run until the program reaches to the specific address(es) or reaches to the return of the current function.
	+ [FileToSaveDump] : The path to save the dump which can be use later by IDA.
	+ [Address(es)] : Address(es) to stop execution.

	e.g : !windbg2ida_run_until_address_or_return "fffff80617bc4622","c:\\users\\sina\\desktop\\dump1.w2i"
	run until the program reaches to fffff806`17bc4622 or return of the current function
	and then save the dump into c:\users\sina\desktop\dump1.w2i


	e.g : !windbg2ida_run_until_address_or_return "fffff80617bc4622,fffff80617bc4628,fffff80617bc462a","c:\\users\\sina\\desktop\\dump1.w2i"
	run until the program reaches to fffff80617bc4622 or fffff80617bc4628 or fffff80617bc462a
	or return of the current function then save the dump into c:\users\sina\desktop\dump1.w2i


	------------------------------------------------------------------
	- Load and Unload :
	If you need to load or unload the script, use the following commands.

	- .scriptload LocationOfWindbg2ida.js

	Description : Loads the windbg2ida script (You've already loaded ;) .

	e.g : .scriptload c:\windbg2ida.js


	- .scriptunload LocationOfWindbg2ida.js

	Description : Unloads the windbg2ida script.

	e.g : .scriptunload c:\windbg2ida.js

	------------------------------------------------------------------
	- Configuration :
	If you need to enable or disable any of the features you can use
	the following commands. (otherwise leave it alone with default configuration).


	- !windbg2ida_set_color [ColorHex]

	Description : Set the color of current dump in IDA.
	+ [ColorHex] : Color in hex.

	e.g : !windbg2ida_set_color 0xFF0004
	Turns coverage color to red.

	e.g : !windbg2ida_set_color 0x36AC29
	Turns coverage color to green.

	e.g : !windbg2ida_set_color 0x1628AC
	Turns coverage color to blue.

	e.g : !windbg2ida_set_color 0xFF0FE0
	Turns coverage color to pink.


	- !windbg2ida_enable_stepin

	Description : Enables Step In in execution of each instruction.
	If you need the current function and also need the other functions
	that the current function calls then use this command (Enabled By Default).


	- !windbg2ida_disable_stepin

	Description : Disable Step In in execution of each instruction.
	If you only need the current function and don't need other functions
	that the current function calls then use this command.


	- !windbg2ida_enable_registers_in_comment

	Description : Enables showing of register(s) in IDA instructions comment.
	Note that it might remove your comments (Enabled By Default).


	- !windbg2ida_disable_registers_in_comment

	Description : Disables showing of register(s) in IDA instructions comment.


	- !windbg2ida_enable_branch_status

	Description : Enables IDA comments with [Branch is taken] or [Branch is not taken].
	If you want to see these statement then use this option (Enabled By Default).
	Note : It won't work if you use !windbg2ida_disable_registers_in_comment


	- !windbg2ida_disable_branch_status

	Description : Disables IDA comments with [Branch is taken] or [Branch is not taken].
	If you don't want to see these statement then use this option.


	- !windbg2ida_enable_eflags_in_comment

	Description : Enables showing of [EFLAGS] in IDA comments.


	- !windbg2ida_disable_eflags_in_comment

	Description : Disables showing of [EFLAGS] in IDA comments. (Enabled By Default)


	- !windbg2ida_enable_memory_in_comment

	Description : Enables showing of Memory addresses and Contents.
	Works on mov instructions (Enabled By Default).


	- !windbg2ida_disable_memory_in_comment

	Description : Disables showing of Memory addresses and Contents.


	------------------------------------------------------------------
	- Help :

	- !windbg2ida

	Description : Shows this help.


	------------------------------------------------------------------