Exetools

Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   [Nanomite] x64/x86 debugger - GUI and Class (https://forum.exetools.com/showthread.php?t=14817)

ahmadmansoor 02-18-2013 19:23

[Nanomite] x64/x86 debugger - GUI and Class
 
Hey all,

Nanomite is a graphical debugger I wrote in Cpp and supports x64, x86 and WOW64 debugging and also offers different features ( shown in Pictures below). It uses the windows debugging api, beaengine and dbghelp. No GUI framework has been used! The x64 version of the debugger can debug x64 and WOW64 and the x86 only x86. If you are debugging multiple processes ( child processes of the main application) you can select the process for each action over a drop down menu which appears when you click a button in the main gui. In the most windows the data is sorted by the Process ID. Currently no data modification is possible (like memory, opcodes, regs or something else) but its something that will come!

Of course there is a lot of work to be done and the GUI is just ugly but maybe some of you want to help and commit code and YES its fully open source for all ;). Issues ( I already have a lot known ones) will be fixed as soon as I have time. Also I will write a manual for the GUI and the class ( see below ) to cover "how to use, how does it work and is it able to" questions.


You can download the binarys from the git repro (Nanomite.exe, dbghelp.dll and NanomiteConfig.ini are needed if you want to test the Debugger):
Quote:

https://github.com/zer0fl4g/Nanomite/
Class:

also I want to offer you a class I wrote in Cpp. This class offers different features for debugging and supports x64, x86 and WOW64 debugging and is the core of Nanomite. If you want me to add some features or find bugs than reply here or write me an email / pm. If you need a sample how to use it than you can take a look at :
Quote:

https://github.com/zer0fl4g/Nanomite/blob/master/clsDebugger_tester/clsDebugger_tester.cpp
Please keep in mind that this is a free time project and I only work on it when I have time. If you want to contribute I would be happy about emails, pm´s and posts to this topic. Ideas, Feature requests and bug reports are welcome :).

Greetz Zer0Flag

The Author will be with us soon .

Zer0Flag 02-26-2013 04:18

Code:

beta 7

+ fixed some small handling bugs
+ fixed a bug in disassembler which did not replace old protection on memory after disassembling
+ fixed a bug which did not show terminated processes in DetailView
+ fixed a bug which did not show terminated threads in DetailView
+ fixed a bug which did not clean up memory on manual debugge stop
+ improved DB handler
+ added resolve of jump conditions to improve StepOver
+ added "Return" and "Backspace" Hotkey to navigate in Disassembler
+ added "Clear Log" context menu in LogBox
+ added "Show Source" context menu in Disassembler
+ added "Goto Function" context menu in Callstack
+ added a crash handler
+ added Source Viewer
+ added memory pool for performance improvement and memory leak reduction
+ added mouse scrolling in disassembler and stack
+ added direct run of target after using menu to select a file

####Notes:
        - CrashHandler
                - if Nanomite crashs a dumpfile will be written to the application folder.
                  Please send me this file via zer0fl4g[at]gmail[dot]com
        - Hotkey "Return"
                - when you selected a jump / call / ... you can follow this instruction using the "Return" key
        - Hotkey "Backspace"
                - steps back when you used "Return" to follow a call
        - Source Viewer
                - double click on source line in Callstack view. A new Window will open and show the source code (if found)
                - right click in disassembler context menu opens source view also
        - Memory Pool
                - redericted malloc / new / delete / free to the memory pool
                - heap fragmentation reduction
                - increasing performance

The latest update :). If you have suggestions, bugs or anything else feel free to contact me! The more people test it, the faster I can fix bugs.

Greetz Zer0Flag

ahmadmansoor 02-28-2013 20:20

1 Attachment(s)
Hi Zer0Flag :
Did u try notepad !!! . it crash .
check the dumped files
Thanks for ur nice work .

Zer0Flag 03-01-2013 02:43

Thanks, it was a bug in the import parser. Is fixed and will be pushed with beta8 :)

~Zer0Flag

Zer0Flag 03-14-2013 05:25

Code:

beta 8

  + fixed a crash in attaching to a process where we don´t have a file path
  + fixed a bug which ignored DbgBreakPoint on attaching
  + fixed a bug which caused double breaking in case we set a breakpoint while beeing on the entrypoint
  + fixed a crash in pe import reader
  + fixed a crash (see github issue #1)
  + fixed a bug in HexView which didn´t display data on x64 processes
  + fixed a possible crash when opening invalid non pe files
  + fixed a small bug in "Restart"
  + added display of current function in windowtitle
  + added support for drag and drop of files
  + added possibility to remove breakpoints with "F2" (needs to be a selected row in disassembler)
  + added "Step back to user code"

Notes:

- "Step back to user code"
    - If you use this the debugger will continue the execution until you get to the first function
      which is located in the main module

~Zer0Flag

ahmadmansoor 03-18-2013 22:01

3 Attachment(s)
pls check it

ahmadmansoor 03-26-2013 19:43

Hi Zer0Flag
see the attachment in this page
http://forum.exetools.com/showpost.php?p=83583&postcount=53

pls check F7 + F8 ,it not work in some steps
thanks

Zer0Flag 03-26-2013 20:44

Thanks for your effort! I will take a look at it and try to fix it in the next beta :)

~0

Zer0Flag 04-01-2013 06:48

Code:

Version 0.1 beta 9

    fixed a bug in disassembler
    fixed a bug in wow64 StepIn
    fixed a crash when suspending a process and then StepIn
    fixed a bug which didn´t display all modules in callstack
    fixed a crash in loading imports of files without IAT
    fixed a crash in "Goto Offset" context menu
    small gui improvements
    added Single Step Tracer
    added memory dumper
    removed error message if you cancel the file selection

Notes:

- Single Step Tracer
    - only a part is displayed in the window. Use mouse scroll to navigate (will be improved)
- MemoryDumper
    - RightClick in MemoryView or HeapView shows you the option to dump the selected segment.

~0

iconstart 04-11-2013 13:20

wonderful
thanks

Zer0Flag 04-23-2013 02:05

Code:

Version 0.1 beta 10

    fixed a bug which displayed a wrong function offset in callstack
    fixed a bug which didn´t break on module ep if "break on system ep" was selected
    fixed a bug which lead to a crash if a wow64 file has ordinal imports
    fixed a bug in the disassembly view which caused ungentle down scrolling
    fixed a bug in PEManager which double loaded debugged files
    fixed a bug which may lead to an error in disassembler
    fixed a crash on context menus if not debugging something
    improved HeapView
    added Message in DebugLog if breaking on MemoryBP
    added PEViewer
    added native check for Admin rights
    added warnings if API import fails
    added display of current PID/TID in mainwindow title
    added function view
    added and cleaned context menus

Notes:

- I´m happy to announce "En0mis" as a new Developer in this project! :)
- function view
    - scans the memory of the loaded targets and scanns for functions.

\Zer0Flag

Zer0Flag 05-10-2013 08:55

Code:

beta 11

    fixed a bug in options which didn´t save the correct settings
    fixed display of exceptions if no symbols have been found
    fixed a bug which made register editor not working in x64
    fixed a bug which displayed wrong modules in window view
    fixed a bug which didn´t display exceptions if a breakpoint was set on this offset
    fixed a bug in disassembler which may caused application crashes due to wrong memory protection
    fixed a possible crash in context menus
    fixed display of the offset in string view
    fixed unvalid breakpoint offsets caused by alsr
    improvements on AttachDlg
    added cleanup on debugge termination
    added process patching
    added more context menus to DetailView
    added display of mainthread in DetailView
    added F5 Hotkey to reload some views
    added possibility to save debug log to file
    added possibility to copy data to clipboard
    added possibility to break on new Processes, Threads or DLL loads
    added dockable widgets to the mainview
    added save of window sizes and positions on close

Notes:

- You have now the possibility to patch the memory of a process. Currently it is not possible to save the
  changes to disk but this will be integrated also.
- Some context menus offer the possibility to copy the data from the table to the clipboard

~Zer0Flag

cxj98 05-10-2013 09:58

disassemble shows blank at all the time, rest thing are fine. string search shows useless string, ie. "This program must be run under Win32", also can't detect unicode strings, most pity is when double click on any srings can't follow in disassemble immediately.

Zer0Flag 05-10-2013 17:37

What Version did you try - debug,release,win32,x64? Which target did you try to debug when the disassemble window stays empty?

~Zer0Flag

cxj98 05-11-2013 09:44

debug english software are OK ,only debug Chinese software shows blank, assume language not compatible, how to reproduce this behaviour?

Zer0Flag 05-12-2013 02:10

Hmm, could you send me this (chinese) fila via PM so I can take a look at it myself ?

Zer0Flag 06-09-2013 07:29

Code:

Version 0.1 beta 12

    fixed scrollbar in trace view
    fixed a possible crash in disassembler
    fixed a memory leak in the window settings
    fixed a memory leak in dll and process name receiving
    fixed a memory leak in trace view
    fixed display of ascii strings in ascii view
    fixed a bug which could cause wrong run to user code if debugging more than one process
    fixed a bug which lead to incorrect restarts on slow systems
    fixed a bug which caused double calling of some functions in context menus
    fixed a bug in hex view which may showed wrong data
    fixed a bug in heap view which caused a crash when copying the whole line to clipboard
    added PatchManager
    added process privilege view
    added commandline options
    added possibility to set process priorities
    added possibility to set memory protection
    added display of current priority in detail view - context menu
    added display of segment registers in reg view
    added background worker to string view, hex view and functions view
    removed processes we canüt access from the attach dialog

Notes:

- Patches can be saved to file (only on the debugged one)
- In the memory view you can set the protection of a page using the context menu
- Commandline options
    - "-s": specifies a file
    - "-c": specifies the commandline for the target if not given you will be asked later
    - "-p": attachs to the given pid

If you find some bug, have some feature requests or something else please feel free to write me a pm!

Regards Zer0Flag

Archer 06-10-2013 02:42

Some guys from exelab https://ssl.exelab.ru/f/index.php?action=vthread&forum=3&topic=20678#9 suspect EDI register is missing.

Zer0Flag 06-10-2013 03:02

uch, Seems I forgot that one :-/ . Thanks for reporting! Will be fixed in the next version.

Regards
Zer0Flag

Zer0Flag 07-11-2013 03:27

Code:

Version 0.1 beta 13

    fixed some crashs related to the qt /MT build, see note for more details
    fixed some bugs in the patch manager
    fixed the symbol display in the trace view
    fixed a bug which showed wrong trace data
    added Exception Assistant
    added colors to the state bar
    added missing edi/rdi register
    added option to break on tls callback
    added possibility to show registers of a thread in detailview
    added possibility to show TEB/TBI of a thread in detailview
    added possibility to show PEB/PBI of a process in detailview
    added possibility to set Nanomite as default just in time debugger
    added possibility in PEEditor to show exports of a loaded module in disassembler
    added updater (thanks to inisider for this contribution)
    updated beaengine to rev. 174
    updated PE-Editor layout
    updated DetailView layout
    updated Options to include more options, easier config

Notes:

- Needed to compile Qt with /MD because of issues with the cruntime. If you want to use the
  debugger you have to install the visual c++ runtime 2010.
- You can save an exception to the list in the Options window. The debugger then knows how to handle it.
  Alternatively you can enable the Exception Assistant. This will show a dialog once a exception occures and
  offers different ways to handle it.


cxj98 07-11-2013 15:58

very good, now can debug chinese softwares.

bedrock 07-12-2013 04:46

Is there install available or have to download source from git and compile ourself?

deepzero 07-12-2013 12:41

there are binaries available in the debug\ and release\ folder on github.

Zer0Flag 07-12-2013 12:41

You can use the files from "build" or build it yourself if you like.

Regards Zer0Flag

shahril 08-07-2013 08:52

hi Zer0Flag, thanks for great release.
I test it with some binary, however, some of them are ok, and some of them have problem and nanomite window show blank, here is screenshot

http://i.imgur.com/u5t9WHc.png

and here is binary -> http://www.uploadmb.com/dw.php?id=1375836485

virus total -> https://www.virustotal.com/en/file/be051b6498077ee0fbeca54417b41a98493ebde86b4f33754dc1512817025ab3/analysis/1375836673/

this binary is from lina151 rce toturial

and why i can't upload file into attachment ? :confused:

nikkapedd 08-08-2013 00:18

Quote:

and why i can't upload file into attachment ?
shahril you are a new member and you can't download/upload anything until you reach 20/25 posts. Read the rules for the new members

Zer0Flag 08-08-2013 03:11

Thanks for the feed back!

@shahril
This is a known issue which is based on the disassembler. Sometimes it starts disassembling on the wrong offset ( neededoffset - 300 ) which is not always right. And then it doesn´t find the needed offset and stay empty.

The disassembler will probably be reworked on the beta15.

~Zer0Flag

mm10121991 08-08-2013 05:59

@sharil
all binairies in lena151 tuts are 32 bits
Work with ollydbg

Zer0Flag 08-09-2013 03:25

I did a little update of the disassembler engine and it fixed the problem which lead to the missing disassembly in this and some other cases.

Will be release with B14 on this Sunday (11.08.2013)

http://i.imagebanana.com/img/nu9h6ohd/08082013193602.png

~Zer0Flag

Zer0Flag 08-11-2013 09:27

Code:

beta 14
+ fixed a bug in the options not showing exception wich have been saved using the exception assistant
+ fixed a bug when stepping over a return
+ fixed a bug in breakpoint manager which deleted the wrong bp when removing a selected bp
+ fixed a bug in breakpoint manager which created unusable breakpoints
+ fixed a bug in breakpoint manager which may resolved ModuleName::APIName to wrong offset
+ fixed a bug in assembler which double loaded the gui
+ fixed a bug in hardware breakpoints which did not activate them in running processes
+ fixed a bug in hardware breakpoints which did not activate them on the current thread
+ fixed a bug where by detaching from a suspended process didn't resume the process
+ fixed a bug which did not handle hardware breakpoints for wow64 targets
+ fixed a bug which showed a wrong menu if child processes where present in the debugging session
+ fixed a bug which reloaded the disassembler to the wrong offset after adding a new patch
+ fixed a bug which caused wrong scrolling of disassembler and stack while the process is running
+ fixed paths in attach dialog with SystemRoot enviroment string
+ fixed handling of "call * ptr []" and "jmp * ptr []"
+ fixed some handle and memory leaks
+ added saving of input in goto dialog
+ added support of functions in goto dialog
+ added different hotkeys see hotkey list for all of them
+ added type column in attach dialog
+ added state update when doing a trace
+ added trace to selected disassembly line
+ added toggle breakpoint on selected disassembly line to context menu
+ added display of FPU, MMX and SSE register
+ updated to qt 4.8.5
+ updated nasm to 2.10.09
+ updated file open dialog to remove annoying messagebox for commandline
+ updated the internal pe handling
+ updated resize event of Disassembler and Stack
+ updated Stack scroll
+ updated PID dropdown to be only displayed if more then 1 process is running
+ updated disassembler logic

####Notes:
    - function in the goto dialog should look like this: "module::function"
      e.g KERNEL32::IsDebuggerPresent

~Zer0Flag

Zer0Flag 09-16-2013 03:29

Code:

###Version 0.1 beta 15
+ fixed a bug which lead to a memory leak when a invalid file was loaded
+ fixed a bug which caused a break when continue was used after a trace
+ fixed a bug which caused problems when scrolling up in disassembler view
+ fixed a bug which returned wrong offset when adding a breakpoint to a wow64 process
+ fixed a bug which did not clean up properly if using the "recent file" menu to debug new process
+ fixed a bug which did not clean up properly if a process terminates in a multiprocess session
+ fixed a bug which did not replace memory breakpoints correctly
+ fixed a bug which did not display the correct source code under certain conditions
+ fixed a bug which did not reload the gui when deleting a patch from patchmanager using hotkey
+ fixed a bug which did not disable trace_stop button when the debuggee terminates while tracing
+ fixed a bug which did not allow breakpoints on int3 instructions
+ fixed a bug which may corrupted the memory breakpoints when a new thread starts
+ fixed a bug which may calculated wrong tls callback offsets
+ added save file dialog to memory dump and patch manager
+ added the correct offsets for loaded module imports in the peeditor
+ added double click handler in trace view, bp manager and patch manager to send a offset to disassembler window
+ added possibility to set nanomite also as wow64 jit debugger
+ added possibility to use Up/Down arrows and PageUp/Down to navigate in disassembler
+ added possibility to create a full process dump
+ added possibility to open function view for selected modules
+ added possibility to restart debugger with admin rights
+ added support for saving patches in dlls
+ added support of multiple tls callbacks
+ added "on execution" and "on write" memory breakpoint types
+ updated function view algorithm
+ updated winapi messagebox to qt

####Notes:
        - The full process dump can be done in detail view -> process tab -> context menu
        - The function view can now be showed also in detail view -> modules tab -> context menu

~Zer0Flag

cxj98 09-18-2013 00:29

some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF caní»t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I doní»t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or Bean Engine, can you consider use OllyDBG only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirsí» booked mark there.

16. After more test, if I thought more furture need to be added, then I will suggest you again.

17. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.

cxj98 09-18-2013 00:57

some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF caní»t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I doní»t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or Bean Engine, can you consider use OllyDBG only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirsí» booked mark there.

16. When you selete multi-line of MneMonics and copy it in disassemble window, it actually copied first line, not multi-line are copied, maybe a bug?

17. can you add support hex code search? Like shortcut key í░Ctrl + Bí▒ in OllyDBG, If I want to search blank place to add some disassemble code and jump back, good for inline patching.

18. After more test, if I thought more furture need to be added, then I will suggest you again.

19. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.

cxj98 09-18-2013 07:01

Hello, ZeroFlag. I just thought more, but due to can't edit old post, so I create with new suggestion here.

some useful suggestion for next version.

1. Current icons group is too ugly, maybe ture color icon is better for consider.

2. Can you add support font, size can change in each window, after change can save the changing, current size is too smaller, not good for viewing.

3. In disassemble window and in stack view window, when you use mouse to click and drag the scroll bar start scrolling, the scroll bar is not really at scrolling, only code are scrolling there, maybe is a bug?

4. Can you consider add support edit disassemble code immediately with keyboard shortcut key spacebar button or double click in that disassemble code, not use mouse right click and select edit instruction, after edit and can have undo feature with multi-times. also, when right click and select "edit instruction" can you consider quotes origianl byte or disassemble code, not blank input there.

5. When will you support jump line with red arrow in disassemble code like jnz, jle, jge, jnc, jmp and so on, gray color for not inactive jump, red color for active jump. If you use OllyDBG, you will know what I mean.

6. in disassemble window, when you use F8 start step over, you will see only offset are pink hyperlight colour there, but include OpCodes, Mnemonics, comments are not hyperlight lolour, may full line of pink colour is preferred, like when you click in disassemble code that line, full and long blue colour in that line are seleted, maybe you understand what is my meaning?

7. in CPU Registers window, OF,DF, TF,SF, ZF, AF, PF, ZF caní»t change the 0 or 1 value for active jump or inactive jump immediately when use mouse double click in that value, consider for improvement for next version?

8. Can you consider add Information view window under disassemble window, and Data view window (hex dump), the same as OllyDBG, total five windows are list:
(1) Disassemble window
(2) CPU Register Window
(3) Information Window
(4) Data view window
(5) Stack view window

9. Can you consider add search all strings for Ansi code and Unicode, and double click in that string can send to disassemble code immediately.

10. Something like
push dword ptr fs:[00000000h],
cmp eax, FFFFFFFEh
test byte ptr [eax+04h], 66h
I doní»t know [00000000h] or FFFFFFFEh or eax+04h or 66h is IDA engine or OllyDBG engine or beaengine, can you consider use OllyDBG engine only?

11. load a exe most time are blank disassemble code there, but lillte time is fine, will you improve it for next version?

12. Can you consier add plugins API Socket? Maybe in the future, someone will develop some plugins to extend it feature more powerfully.

13. Can you consider add support theme, disassemble window background colour can edit and change, some like call, mov, test, xor, add and so on is already hyperlight colour, this is good, but support more will be better, or have a option to extend that people can add more by themselves.

14. breakpoint if possible can support like bp MessageBoxA/W in commandline box will be better.

15. Can you consider add bookmark feature, and consider add bookmark Window also, that user can save theirsí» booked mark there.

16. When you selete multi-line of MneMonics and copy it in disassemble window, it actually copied first line, not multi-line are copied, maybe is a bug?

17. can you add support hex code search? Like shortcut key í░Ctrl + Bí▒ in OllyDBG, If I want to search blank place to add some disassemble code and jump back, good for inline patching.

18. in disassemble window, double click on comment must can edit and hit OK can save, for easy and quick debugging purpose.

19. Current version caní»t debugging *.dll file, only *.exe file, will you consider add for support debugging *.dll file in the next version.

20. Recent file will be deleted afer exit Nanomite, I doní»t know is a bug or not, maybe cause Win Vista / Win 7 UAC? can you consider add a option for it can save or delete all recent files choice by user?

21. After more test, if I thought more furture need to be added, then I will suggest to you again.

22. Thanks for develop this good and nice tool, hope it will become popular for Win x86 and Win x64 debugging and disassembler tool in the future and instead of OllyDBG.

23. For sometimes debugging some exe file comes blank disassemble code, I doní»t know is it possible because Delphi 7 Programs or due to some strong packer like VMProtect, here I just attach some software for you to test it out.

Download it: _http://pan.baidu.com/share/link?shareid=123269319&uk=386178158

illmaR 09-28-2013 13:16

thanks for nice stuff! Lets check if it is worth changing from windbg.

___da-brain___ 10-06-2013 07:27

What is the latest version of this?

chessgod101 10-06-2013 07:42

Quote:

Originally Posted by ___da-brain___ (Post 87236)
What is the latest version of this?

The latest version(Version 0.1 beta 15) is listed not only above, but clearly on the program's website as well.

___da-brain___ 10-06-2013 07:48

Quote:

Originally Posted by chessgod101 (Post 87237)
The latest version(Version 0.1 beta 15) is listed not only above, but clearly on the program's website as well.

Debugger keeps crashing so i thought mine is an old version.

deepzero 10-07-2013 01:14

Quote:

Debugger keeps crashing
same here, glad i am not the only one.
i'll sens over some crash dumps sometime the next week, i suggest you do the same.

Zer0Flag 10-31-2013 02:00

Code:

beta 16
+ fixed a bug which can lead to a crash of the debugge when using step over while debugge was running
+ fixed a bug which can lead to a crash while using step over
+ fixed a bug which can lead to a crash when using more than one memory breakpoint
+ fixed a bug which can lead to a missing display of disassembly when breaking on a onexecute memory bp
+ fixed a bug which lead to a lost commandline when restarting as admin
+ fixed a bug which did not clean up correctly if restarting the file over the recent debugged file menu
+ added space shortcut in disassembly view to edit instruction
+ added error message if x86 build wants to load x64 binarys
+ added entropy check to display a warning if a (may) packed or crypted file will be started
+ added support for different breakpoint sizes
+ added resolving of drag n dropped .lnk files
+ added bookmarks
+ added comments
+ added HLT and UD2 software breakpoint types
+ added project files
+ added different performance improvements
+ updated dbghelp to version 6.3.9600

####Notes:
        - Supported breakpoint sizes are 1,2 and 4 bytes for software and hardware breakpoints
        - In the breakpoint manager you can now choose between int3, hlt and ud2 software breakpoints
                - int3 = 0xCC
                - hlt  = 0xF4
                - ud2  = 0x0F0B
        - Project files allow to save and load bookmarks, comments, patches and breakpoints of the current project



All times are GMT +8. The time now is 08:56.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX