v.1.1.0 released - www.arkdasm.com

+ added debugger memory snapshot feature
+ added debugger exception handling settings
+ added new command: bpdll
+ improvements, bug fixes

Hi.
I see that the debugger do a analysis like IDA do before starting to debug itself the target.
That analysis is done each time the executable is loaded even is the same and not modified. Can you do a file that keep the analysis and if the CRC change analyse again else is a waste of time to wait each time for the analysis to complete.
Or i am wrong?

Hi giv, you're wrong cause its not analysis its mostly rebasing hash maps (comments, labels, xref, etc.) to new imagebase, creating a new debugger database and stashing the current one cause it will be restored when debugger exits (assuming you don't use memory snapshot feature). Full analysis is done only at the beginning that is when you load a new file into disassembly.

Oh i see.
I have made a quick test.
Load a file twice.
But it seems that ASLR is the fault witch make the program rebase all times the hash maps.
The hash maps are stored relative to VA or RVA of the file or is another pointer?

VA but if your file is big and it takes too much time to rebase I'd suggest to use another debugger

VA is a bad option concerning ASLR.
I have made a simple test.
Load Total Commander 64 bit executable.
It have few MB as you may know.
The process take about one minute one a Core 2 Quad Q6666 at 2.4x4Mhz and 6 Gb RAM under Win 8.1.
The rebasing is done every time i load the file even is small.
The referencing to the RVA as pointer will avoid this issue IMHO.

well, it all depends on your hardware I just check totalcmd64.exe on my 4 year old laptop i7-2620M @ 2.70 Ghz, 8 GB RAM Win7 it takes about 3-4 seconds.

Ah.
I have a i7 3.3Ghz quad laptop with Win 8.1 X64, 12 GB DDR3 and 256GB SSD but i did not tested because is only for Tom&Jerry kids games.
I thougth is not suitable to reverse on a laptop.
And my 2.4 Ghz Q6660 Quad is suitable for reverse a 3 MB program....
I will test on the laptop when is free and i will tell you the result.
:)

Even if nothing changed, re-uploaded on 2018-08-04.
Never forget this tool!

@cyberbob
Did you stop developing ArkDasm. It was a nice project. Why no updates?

Yeah, its stopped I'm working on version2 (actually it's new project but some code is shared with ArkDasm). Advantages over ArkDasm:

• cross platform (Win/Linux/Mac)

• multi-arch (x86, x64, Arm32, Arm64, MIPS 32)

• supported file types: ELF32, ELF64, PE64, raw binary.

• RetDec decompiler support (press F5 on a function to get C code just like in IDA)

No release date but I'm leaning toward releasing Pre-Alpha sooner than later ;) (depends on my free time)