Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   [Nanomite] x64/x86 debugger - GUI and Class (https://forum.exetools.com/showthread.php?t=14817)

Zer0Flag 09-16-2013 03:29

Code:

###Version 0.1 beta 15
+ fixed a bug which lead to a memory leak when a invalid file was loaded
+ fixed a bug which caused a break when continue was used after a trace
+ fixed a bug which caused problems when scrolling up in disassembler view
+ fixed a bug which returned wrong offset when adding a breakpoint to a wow64 process
+ fixed a bug which did not clean up properly if using the "recent file" menu to debug new process
+ fixed a bug which did not clean up properly if a process terminates in a multiprocess session
+ fixed a bug which did not replace memory breakpoints correctly
+ fixed a bug which did not display the correct source code under certain conditions
+ fixed a bug which did not reload the gui when deleting a patch from patchmanager using hotkey
+ fixed a bug which did not disable trace_stop button when the debuggee terminates while tracing
+ fixed a bug which did not allow breakpoints on int3 instructions
+ fixed a bug which may corrupted the memory breakpoints when a new thread starts
+ fixed a bug which may calculated wrong tls callback offsets
+ added save file dialog to memory dump and patch manager
+ added the correct offsets for loaded module imports in the peeditor
+ added double click handler in trace view, bp manager and patch manager to send a offset to disassembler window
+ added possibility to set nanomite also as wow64 jit debugger
+ added possibility to use Up/Down arrows and PageUp/Down to navigate in disassembler
+ added possibility to create a full process dump
+ added possibility to open function view for selected modules
+ added possibility to restart debugger with admin rights
+ added support for saving patches in dlls
+ added support of multiple tls callbacks
+ added "on execution" and "on write" memory breakpoint types
+ updated function view algorithm
+ updated winapi messagebox to qt

####Notes:
        - The full process dump can be done in detail view -> process tab -> context menu
        - The function view can now be showed also in detail view -> modules tab -> context menu

~Zer0Flag

cxj98 09-18-2013 00:29

some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF can¡¯t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I don¡¯t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or Bean Engine, can you consider use OllyDBG only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirs¡¯ booked mark there.

16. After more test, if I thought more furture need to be added, then I will suggest you again.

17. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.

cxj98 09-18-2013 00:57

some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF can¡¯t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I don¡¯t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or Bean Engine, can you consider use OllyDBG only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirs¡¯ booked mark there.

16. When you selete multi-line of MneMonics and copy it in disassemble window, it actually copied first line, not multi-line are copied, maybe a bug?

17. can you add support hex code search? Like shortcut key ¡°Ctrl + B¡± in OllyDBG, If I want to search blank place to add some disassemble code and jump back, good for inline patching.

18. After more test, if I thought more furture need to be added, then I will suggest you again.

19. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.

cxj98 09-18-2013 07:01

Hello, ZeroFlag. I just thought more, but due to can't edit old post, so I create with new suggestion here.

some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF can¡¯t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I don¡¯t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or beaengine, can you consider use OllyDBG engine only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirs¡¯ booked mark there.

16. When you selete multi-line of MneMonics and copy it in disassemble window, it actually copied first line, not multi-line are copied, maybe is a bug?

17. can you add support hex code search? Like shortcut key ¡°Ctrl + B¡± in OllyDBG, If I want to search blank place to add some disassemble code and jump back, good for inline patching.

18. in disassemble window, double click on comment must can edit and hit OK can save, for easy and quick debugging purpose.

19. Current version can¡¯t debugging *.dll file, only *.exe file, will you consider add for support debugging *.dll file in the next version.

20. Recent file will be deleted afer exit Nanomite, I don¡¯t know is a bug or not, maybe cause Win Vista / Win 7 UAC? can you consider add a option for it can save or delete all recent files choice by user?

21. After more test, if I thought more furture need to be added, then I will suggest to you again.

22. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.

23. For sometimes debugging some exe file comes blank disassemble code, I don¡¯t know is it possible because Delphi 7 Programs or due to some strong packer like VMProtect, here I just attach some software for you to test it out.

Download it: _http://pan.baidu.com/share/link?shareid=123269319&uk=386178158

illmaR 09-28-2013 13:16

thanks for nice stuff! Lets check if it is worth changing from windbg.

___da-brain___ 10-06-2013 07:27

What is the latest version of this?

chessgod101 10-06-2013 07:42

Quote:

Originally Posted by ___da-brain___ (Post 87236)
What is the latest version of this?

The latest version(Version 0.1 beta 15) is listed not only above, but clearly on the program's website as well.

___da-brain___ 10-06-2013 07:48

Quote:

Originally Posted by chessgod101 (Post 87237)
The latest version(Version 0.1 beta 15) is listed not only above, but clearly on the program's website as well.

Debugger keeps crashing so i thought mine is an old version.

deepzero 10-07-2013 01:14

Quote:

Debugger keeps crashing
same here, glad i am not the only one.
i'll sens over some crash dumps sometime the next week, i suggest you do the same.

Zer0Flag 10-31-2013 02:00

Code:

beta 16
+ fixed a bug which can lead to a crash of the debugge when using step over while debugge was running
+ fixed a bug which can lead to a crash while using step over
+ fixed a bug which can lead to a crash when using more than one memory breakpoint
+ fixed a bug which can lead to a missing display of disassembly when breaking on a onexecute memory bp
+ fixed a bug which lead to a lost commandline when restarting as admin
+ fixed a bug which did not clean up correctly if restarting the file over the recent debugged file menu
+ added space shortcut in disassembly view to edit instruction
+ added error message if x86 build wants to load x64 binarys
+ added entropy check to display a warning if a (may) packed or crypted file will be started
+ added support for different breakpoint sizes
+ added resolving of drag n dropped .lnk files
+ added bookmarks
+ added comments
+ added HLT and UD2 software breakpoint types
+ added project files
+ added different performance improvements
+ updated dbghelp to version 6.3.9600

####Notes:
        - Supported breakpoint sizes are 1,2 and 4 bytes for software and hardware breakpoints
        - In the breakpoint manager you can now choose between int3, hlt and ud2 software breakpoints
                - int3 = 0xCC
                - hlt  = 0xF4
                - ud2  = 0x0F0B
        - Project files allow to save and load bookmarks, comments, patches and breakpoints of the current project


=GXG= 11-16-2013 22:53

Nice project.Update it

MCKSys Argentina 11-24-2013 14:35

I have tested Nanomite in his x64 version (qtNanomite.exe) in a VM with Win 7 Pro (x64 of course).
In most of the programs it worked ok, but some programs have blank disasm window when opened using "Open new file" command.
For example, Cheat engine version 6.2 comes with 2 "sample" programs. The x64 version (Tutorial-x86_64.exe) shows a blank disasm window when loaded the previous way.
Then the program runs fine, so the only issue here is the first-load blank disasm window.

Another thing is that when loading some apps (for example Internet Explorer 8 x64), Nanomite shows a MessageBox saying that "It seems that this file is packe or encrypted!", but they aren't. A false positive?
ADDED: Despite the message, the programs work ok.

Anyway, I'll keep using this excellent dbg and reporting anything that comes up.

Thanks Zer0Flag for you effort!

Cheers!

anon_c 11-26-2013 02:07

Thanks for this great tool!

It helped me patch Im@ris, a great software for microscopy, by applying an update to the solution provided by Team Lz0 for a previous version

Here are some suggestions/thoughts:

-How to use the Goto function to go to Offset? It would also be nice to be able to goto RVA.

-Editing a jump with VA or RVA does not work (the function will be edited by jmp to ??? address)

-It would be nice to be able to set flags individually instead of editing the EFlags. Not a big deal, but it would be faster...

-Hotkey " Return = …" does not work with the Return key of a keypad

Keep your good work, it is really appreciated

AC

Zer0Flag 11-28-2013 01:30

Thanks for this valuable feedback!

I will take the suggested issues/features onto my todo list. But currently I lack somehow of time because of RL... but updates will keep comming ;).

About the black disassembly window I know that this is based on the worse algorithm which the disassembler in nanomite is using currently and often occurs on packed or crypted samples. I´m planing to update this one in the next steps to offer a better analysis of the code and also take the control flow into account.

If you find any bugs or have feature requests you are always welcome!

~Zer0Flag

Dinisoid 11-28-2013 17:47

It would be good if you add ability to generate control flow graph for function or module.


All times are GMT +8. The time now is 16:16.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX