EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-18-2013, 19:23
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 954
Rept. Given: 441
Rept. Rcvd 341 Times in 124 Posts
Thanks Given: 80
Thanks Rcvd at 34 Times in 19 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
[Nanomite] x64/x86 debugger - GUI and Class

Hey all,

Nanomite is a graphical debugger I wrote in Cpp and supports x64, x86 and WOW64 debugging and also offers different features ( shown in Pictures below). It uses the windows debugging api, beaengine and dbghelp. No GUI framework has been used! The x64 version of the debugger can debug x64 and WOW64 and the x86 only x86. If you are debugging multiple processes ( child processes of the main application) you can select the process for each action over a drop down menu which appears when you click a button in the main gui. In the most windows the data is sorted by the Process ID. Currently no data modification is possible (like memory, opcodes, regs or something else) but its something that will come!

Of course there is a lot of work to be done and the GUI is just ugly but maybe some of you want to help and commit code and YES its fully open source for all . Issues ( I already have a lot known ones) will be fixed as soon as I have time. Also I will write a manual for the GUI and the class ( see below ) to cover "how to use, how does it work and is it able to" questions.


You can download the binarys from the git repro (Nanomite.exe, dbghelp.dll and NanomiteConfig.ini are needed if you want to test the Debugger):
Quote:
https://github.com/zer0fl4g/Nanomite/
Class:

also I want to offer you a class I wrote in Cpp. This class offers different features for debugging and supports x64, x86 and WOW64 debugging and is the core of Nanomite. If you want me to add some features or find bugs than reply here or write me an email / pm. If you need a sample how to use it than you can take a look at :
Quote:
https://github.com/zer0fl4g/Nanomite/blob/master/clsDebugger_tester/clsDebugger_tester.cpp
Please keep in mind that this is a free time project and I only work on it when I have time. If you want to contribute I would be happy about emails, pm´s and posts to this topic. Ideas, Feature requests and bug reports are welcome .

Greetz Zer0Flag

The Author will be with us soon .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following 7 Users Gave Reputation+1 to ahmadmansoor For This Useful Post:
chessgod101 (02-19-2013), Git (02-18-2013), NoneForce (02-18-2013), Syoma (02-18-2013), uranus64 (03-14-2013), ZeNiX (02-26-2013), Zipdecode (02-19-2013)
  #2  
Old 02-26-2013, 04:18
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
Code:
beta 7

+ fixed some small handling bugs
+ fixed a bug in disassembler which did not replace old protection on memory after disassembling
+ fixed a bug which did not show terminated processes in DetailView
+ fixed a bug which did not show terminated threads in DetailView
+ fixed a bug which did not clean up memory on manual debugge stop
+ improved DB handler
+ added resolve of jump conditions to improve StepOver
+ added "Return" and "Backspace" Hotkey to navigate in Disassembler
+ added "Clear Log" context menu in LogBox
+ added "Show Source" context menu in Disassembler
+ added "Goto Function" context menu in Callstack
+ added a crash handler
+ added Source Viewer
+ added memory pool for performance improvement and memory leak reduction
+ added mouse scrolling in disassembler and stack
+ added direct run of target after using menu to select a file

####Notes:
	- CrashHandler
		- if Nanomite crashs a dumpfile will be written to the application folder. 
		  Please send me this file via zer0fl4g[at]gmail[dot]com
	- Hotkey "Return"
		- when you selected a jump / call / ... you can follow this instruction using the "Return" key
	- Hotkey "Backspace"
		- steps back when you used "Return" to follow a call
	- Source Viewer 
		- double click on source line in Callstack view. A new Window will open and show the source code (if found)
		- right click in disassembler context menu opens source view also
	- Memory Pool
		- redericted malloc / new / delete / free to the memory pool
		- heap fragmentation reduction
		- increasing performance
The latest update . If you have suggestions, bugs or anything else feel free to contact me! The more people test it, the faster I can fix bugs.

Greetz Zer0Flag
Reply With Quote
The Following 5 Users Gave Reputation+1 to Zer0Flag For This Useful Post:
ahmadmansoor (02-26-2013), chessgod101 (02-27-2013), MarcElBichon (02-26-2013), uranus64 (03-14-2013), ZeNiX (02-26-2013)
  #3  
Old 02-28-2013, 20:20
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 954
Rept. Given: 441
Rept. Rcvd 341 Times in 124 Posts
Thanks Given: 80
Thanks Rcvd at 34 Times in 19 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Hi Zer0Flag :
Did u try notepad !!! . it crash .
check the dumped files
Thanks for ur nice work .
Attached Files
File Type: zip Nanomite_28-2_15.16_crash.zip‎ (31.1 KB, 5 views)
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #4  
Old 03-01-2013, 02:43
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
Thanks, it was a bug in the import parser. Is fixed and will be pushed with beta8

~Zer0Flag
Reply With Quote
The Following User Gave Reputation+1 to Zer0Flag For This Useful Post:
ahmadmansoor (03-03-2013)
  #5  
Old 03-14-2013, 05:25
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
Code:
beta 8

   + fixed a crash in attaching to a process where we don´t have a file path
   + fixed a bug which ignored DbgBreakPoint on attaching
   + fixed a bug which caused double breaking in case we set a breakpoint while beeing on the entrypoint
   + fixed a crash in pe import reader
   + fixed a crash (see github issue #1)
   + fixed a bug in HexView which didn´t display data on x64 processes
   + fixed a possible crash when opening invalid non pe files
   + fixed a small bug in "Restart"
   + added display of current function in windowtitle
   + added support for drag and drop of files
   + added possibility to remove breakpoints with "F2" (needs to be a selected row in disassembler)
   + added "Step back to user code"

Notes:

- "Step back to user code"
    - If you use this the debugger will continue the execution until you get to the first function 
      which is located in the main module
~Zer0Flag
Reply With Quote
The Following 3 Users Gave Reputation+1 to Zer0Flag For This Useful Post:
chessgod101 (03-14-2013), copyleft (03-16-2013), mm10121991 (03-14-2013)
  #6  
Old 03-18-2013, 22:01
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 954
Rept. Given: 441
Rept. Rcvd 341 Times in 124 Posts
Thanks Given: 80
Thanks Rcvd at 34 Times in 19 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
pls check it
Attached Files
File Type: zip Nanomite_18-3_16.51_crash.zip‎ (29.8 KB, 1 views)
File Type: rar Nanomite_18-3_17.5_crash.rar‎ (25.8 KB, 2 views)
File Type: zip X64test.zip‎ (3.4 KB, 1 views)
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following 2 Users Gave Reputation+1 to ahmadmansoor For This Useful Post:
chessgod101 (03-19-2013), Zer0Flag (03-19-2013)
  #7  
Old 03-26-2013, 19:43
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Exetools Team Manager
 
Join Date: Feb 2006
Location: Syria
Posts: 954
Rept. Given: 441
Rept. Rcvd 341 Times in 124 Posts
Thanks Given: 80
Thanks Rcvd at 34 Times in 19 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
Hi Zer0Flag
see the attachment in this page
http://forum.exetools.com/showpost.php?p=83583&postcount=53

pls check F7 + F8 ,it not work in some steps
thanks
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
The Following User Gave Reputation+1 to ahmadmansoor For This Useful Post:
Zer0Flag (03-26-2013)
  #8  
Old 03-26-2013, 20:44
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
Thanks for your effort! I will take a look at it and try to fix it in the next beta

~0
Reply With Quote
  #9  
Old 04-01-2013, 06:48
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
Code:
 Version 0.1 beta 9

    fixed a bug in disassembler
    fixed a bug in wow64 StepIn
    fixed a crash when suspending a process and then StepIn
    fixed a bug which didn´t display all modules in callstack
    fixed a crash in loading imports of files without IAT
    fixed a crash in "Goto Offset" context menu
    small gui improvements
    added Single Step Tracer
    added memory dumper
    removed error message if you cancel the file selection

Notes:

- Single Step Tracer
    - only a part is displayed in the window. Use mouse scroll to navigate (will be improved)
- MemoryDumper
    - RightClick in MemoryView or HeapView shows you the option to dump the selected segment.
~0
Reply With Quote
The Following 5 Users Gave Reputation+1 to Zer0Flag For This Useful Post:
KuNgBiM (04-08-2013), mm10121991 (04-01-2013), typedef (04-11-2013), xtiaoshi (04-03-2013), |roe (04-03-2013)
  #10  
Old 04-11-2013, 13:20
iconstart iconstart is offline
Friend
 
Join Date: Mar 2013
Posts: 19
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 6
Thanks Rcvd at 3 Times in 2 Posts
iconstart Reputation: 1
wonderful
thanks
Reply With Quote
  #11  
Old 04-23-2013, 02:05
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
Code:
 Version 0.1 beta 10

    fixed a bug which displayed a wrong function offset in callstack
    fixed a bug which didn´t break on module ep if "break on system ep" was selected
    fixed a bug which lead to a crash if a wow64 file has ordinal imports
    fixed a bug in the disassembly view which caused ungentle down scrolling
    fixed a bug in PEManager which double loaded debugged files
    fixed a bug which may lead to an error in disassembler
    fixed a crash on context menus if not debugging something
    improved HeapView
    added Message in DebugLog if breaking on MemoryBP
    added PEViewer
    added native check for Admin rights
    added warnings if API import fails
    added display of current PID/TID in mainwindow title
    added function view
    added and cleaned context menus

Notes:

- I´m happy to announce "En0mis" as a new Developer in this project! :)
- function view
    - scans the memory of the loaded targets and scanns for functions.
\Zer0Flag
Reply With Quote
The Following 3 Users Gave Reputation+1 to Zer0Flag For This Useful Post:
chessgod101 (04-23-2013), copyleft (04-23-2013), mm10121991 (04-23-2013)
  #12  
Old 05-10-2013, 08:55
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
Code:
beta 11

    fixed a bug in options which didn´t save the correct settings
    fixed display of exceptions if no symbols have been found
    fixed a bug which made register editor not working in x64
    fixed a bug which displayed wrong modules in window view
    fixed a bug which didn´t display exceptions if a breakpoint was set on this offset
    fixed a bug in disassembler which may caused application crashes due to wrong memory protection
    fixed a possible crash in context menus
    fixed display of the offset in string view
    fixed unvalid breakpoint offsets caused by alsr
    improvements on AttachDlg
    added cleanup on debugge termination
    added process patching
    added more context menus to DetailView
    added display of mainthread in DetailView
    added F5 Hotkey to reload some views
    added possibility to save debug log to file
    added possibility to copy data to clipboard
    added possibility to break on new Processes, Threads or DLL loads
    added dockable widgets to the mainview
    added save of window sizes and positions on close

Notes:

- You have now the possibility to patch the memory of a process. Currently it is not possible to save the
  changes to disk but this will be integrated also.
- Some context menus offer the possibility to copy the data from the table to the clipboard
~Zer0Flag
Reply With Quote
  #13  
Old 05-10-2013, 09:58
cxj98
 
Posts: n/a
disassemble shows blank at all the time, rest thing are fine. string search shows useless string, ie. "This program must be run under Win32", also can't detect unicode strings, most pity is when double click on any srings can't follow in disassemble immediately.
Reply With Quote
  #14  
Old 05-10-2013, 17:37
Zer0Flag Zer0Flag is offline
Friend
 
Join Date: Oct 2010
Posts: 22
Rept. Given: 3
Rept. Rcvd 31 Times in 13 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Zer0Flag Reputation: 31
What Version did you try - debug,release,win32,x64? Which target did you try to debug when the disassemble window stays empty?

~Zer0Flag
Reply With Quote
  #15  
Old 05-11-2013, 09:44
cxj98
 
Posts: n/a
debug english software are OK ,only debug Chinese software shows blank, assume language not compatible, how to reproduce this behaviour?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Where are the Class methods? 5Alive General Discussion 0 07-28-2005 03:22
Calling function from a class AdamD General Discussion 0 02-17-2005 22:59


All times are GMT +8. The time now is 09:42.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX