Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   "Syser The Debugger, reversecode ed." (https://forum.exetools.com/showthread.php?t=18259)

sendersu 05-24-2017 05:03

"Syser The Debugger, reversecode ed."
 
1 Attachment(s)
Hi reversers! ;)
as per my friend's ping I"m posting here some great news.

A R.E. edition of the well-known tool "Syser Win32 debugger"
This is a long fun over happy weekends/nights of the reverser aka reversecode
He's very skilled and mature and releasing some great stuff from time to time (eg: skype/hidden IDA features/etc)

This time it's up to Syser back from hell (joke)
Some details if you are curious

Some words from himself:
------------------
This work is not for getting *thanks*,
I guess it still has tons of bugs, be it either mine or from the R.E process itself.
Lots of TODOs are waiting for a better time

As for today, you already could run/trace/breakpoing/add watches/even plugins are there!
I've kept the original look & feel as much as possible.
I'm very interested in comments/remarks/bugreports,
especially on debugger crashes/etc

To get it: https://www.sendspace.com/file/wc2cfs


history track record:
===
1607 210517
add handle int 3
fix mouse scroll
fix memory leak PEFile read import

0413 230517
fix crash on delete watch item
improve terminate debug
add FlushInstructionCache on WriteMemory
start debug from cmdline

2046 230517
improve reset(reload the input file) (WO hotkey)


API & plugin sample
https://pastebin.com/3cnTASFy
https://pastebin.com/b2GeZfa8

Note: menu handling routines are still under work, rest should be just fine.

Enjoy!
------------------

Dark Intentions 05-24-2017 14:36

Maybe it's just my ignorance but i don't really understand the point of this effort. And don't get me wrong, i respect the time and skill invested in this project. I used the original Syser sometimes in the past, and its main advantage was the kernel mode debugging (at least for me). For usermode, syser is not competitive against olly/x64dbg in my opinion. And as far as i remember Syser died with XP. So my question is: can you use this new reversecode version on new OSes for kernelmode debugging? Is it for 32bit as the original was, or can it handle 64 bit code as well?

Syoma 05-24-2017 14:58

It is ring3 x32, but ring3 x64 support planned.
ring0 will be most probable as commercial version (if any).

Loki 05-24-2017 15:35

So pretty pointless then? :S

chessgod101 05-26-2017 04:09

I am actually rather excited about this project. Syser, like softice before it, is an amazing ring 0 debugger. I've honestly missed not having an alternative on windows 7 and above that didn't require remote debugging. If this project continues fruitfully, and x64 support is implemented seamlessly, it will be an asset to the development and reverse engineering community.

sendersu 05-26-2017 11:31

Breaking update - reverscode added/implemented x64 support http://polariton.ad-l.ink/7qpvNZqYX/image.png
stay tuned
=======================
x32 https://www.sendspace.com/file/bzx86g
x64 https://www.sendspace.com/file/umua9d

1607 210517
add handle int 3
fix mouse scroll
fix memory leak PEFile read import
0413 230517
fix crash on delete watch item
improve terminate debug
add FlushInstructionCache on WriteMemory
start debug from cmdline
2046 230517
improve reset(reload the input file) (WO hotkey)
1528 240517
hide BP(CCh) bytes from HexView, show original value
colored BP(code,data) in HexView
done re PopupMenu on HexView (hotkey not tested), operation toolbar in TODO
done re command(edit,move,compare) memory
0203 250517
done re ModuleList window
done re ascii/unicode string context ref
fix env path by add manifest
2224 250517
fix crash without dbg plugin
first build x64

WRP 05-27-2017 16:00

I can donate for ring0 version.

mr.exodia 05-28-2017 08:20

What about making this open source? It might be an interesting read for the future.

sendersu 05-29-2017 13:26

Hello people!
how do you do!

more updates from reversecode:

1813 280517
fix mouse wheel scroll on x64
fix scroll by UPbtn bar
add ALT+ hotkey
fix fit hexview on x64
fix hexview change addr on edit addr area
fix align stackview on x64
fix str sym ref on \t
add resolve ctx ref on r8-r15 CPU reg x64
improve PE loader for x64, for resolve import/export sym
fix select bytes on hexview for x64
add show EB line jmp ref
chg addr/offs represent on codeview

and even more fixes -

0731 290517
fix PE Loader for x64, to read import/export for hibase > 32bit, as example kernelbase.dll
done re sym command, allow show/add symbol/use it for set breakpoint
fix readpe onload file, for correct read sizeof file for x64
fix search module range and module info status for x64

niculaita 05-29-2017 22:15

SyserHide_25.05.17.zip (22.68kb, 47 de descărcări)
29.05.2017_x86-x64.rar WISP (1.92MB, 3 descărcări)
please give us other free links for them

FoxB 05-29-2017 23:20

@niculaita: x32/x64 https://www.sendspace.com/file/pzl3ni

niculaita 05-30-2017 02:17

still remains to upload please SyserHide_25.05.17.zip (22.68kb)

sendersu 05-30-2017 04:32

Hider plugin for Syser

Get:
https://yadi.sk/d/L0UKb6QK3JYPRY
https://www.sendspace.com/file/hwp40a

Steps:
unpack (use same dir levels)
syser_hide.dll -> Plugins,
hide_generic.dll nearby main .exe

Who wants might use hide_generic.dll in their projects.
Steps:
as easy as LoadLibrary() and we are cool!
The dll sets up a hook over
ZwWaitForDebugEvent() in debugger process and installs the rest of hooks
and patches memory in a process under debug.

The config is embedded inside the file itself in the following way:
[\x00] - OFF
any other char - ON

Code:ZwQueryInformationProcess[x]
ZwSetInformationThread[x]
ZwClose[x]
NtGlobalFlag[x]
ProcessHeapFlag[x]
IsDebuggerPresent[x]

enjoy

(c) by Veliant from exelab.ru resource
You could reach him here
https://exelab.ru/f/index.php?action=userinfo&user=3136

sendersu 06-08-2017 05:29

Hot updates and fresh meat from reversecode!

-------------------------------------

1258 040617
fix disable load x86 on syser x64
fix fmt fit addr exception violation on syser x64
fix PID/TID status and expr var
fix fit addr tab in code/data view for x64
fix 'p ret' cmd, run to return
implement SDK menu api
done re process list window (attach work, detach from target at todo)
starting re peexplorer window

1559 040617
fix load SyserColor.cfg from old SyserOption.exe util https://www.sendspace.com/file/l7r3pw

2058 040617
improve highlight keyword


combined URL for both 32/64: https://www.sendspace.com/file/t4lpr5

sendersu 10-04-2017 00:08

Due to some issues author shut down the project
PS. He left a chance to recover it - initial bid is $ 10к
details in the link in 1st post.


All times are GMT +8. The time now is 15:04.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX