Exetools (https://forum.exetools.com/index.php)
-   Community Tools (https://forum.exetools.com/forumdisplay.php?f=47)
-   -   [Nanomite] x64/x86 debugger - GUI and Class (https://forum.exetools.com/showthread.php?t=14817)

ahmadmansoor 02-18-2013 19:23

[Nanomite] x64/x86 debugger - GUI and Class
Hey all,

Nanomite is a graphical debugger I wrote in Cpp and supports x64, x86 and WOW64 debugging and also offers different features ( shown in Pictures below). It uses the windows debugging api, beaengine and dbghelp. No GUI framework has been used! The x64 version of the debugger can debug x64 and WOW64 and the x86 only x86. If you are debugging multiple processes ( child processes of the main application) you can select the process for each action over a drop down menu which appears when you click a button in the main gui. In the most windows the data is sorted by the Process ID. Currently no data modification is possible (like memory, opcodes, regs or something else) but its something that will come!

Of course there is a lot of work to be done and the GUI is just ugly but maybe some of you want to help and commit code and YES its fully open source for all ;). Issues ( I already have a lot known ones) will be fixed as soon as I have time. Also I will write a manual for the GUI and the class ( see below ) to cover "how to use, how does it work and is it able to" questions.

You can download the binarys from the git repro (Nanomite.exe, dbghelp.dll and NanomiteConfig.ini are needed if you want to test the Debugger):


also I want to offer you a class I wrote in Cpp. This class offers different features for debugging and supports x64, x86 and WOW64 debugging and is the core of Nanomite. If you want me to add some features or find bugs than reply here or write me an email / pm. If you need a sample how to use it than you can take a look at :

Please keep in mind that this is a free time project and I only work on it when I have time. If you want to contribute I would be happy about emails, pm´s and posts to this topic. Ideas, Feature requests and bug reports are welcome :).

Greetz Zer0Flag

The Author will be with us soon .

Zer0Flag 02-26-2013 04:18


beta 7

+ fixed some small handling bugs
+ fixed a bug in disassembler which did not replace old protection on memory after disassembling
+ fixed a bug which did not show terminated processes in DetailView
+ fixed a bug which did not show terminated threads in DetailView
+ fixed a bug which did not clean up memory on manual debugge stop
+ improved DB handler
+ added resolve of jump conditions to improve StepOver
+ added "Return" and "Backspace" Hotkey to navigate in Disassembler
+ added "Clear Log" context menu in LogBox
+ added "Show Source" context menu in Disassembler
+ added "Goto Function" context menu in Callstack
+ added a crash handler
+ added Source Viewer
+ added memory pool for performance improvement and memory leak reduction
+ added mouse scrolling in disassembler and stack
+ added direct run of target after using menu to select a file

        - CrashHandler
                - if Nanomite crashs a dumpfile will be written to the application folder.
                  Please send me this file via zer0fl4g[at]gmail[dot]com
        - Hotkey "Return"
                - when you selected a jump / call / ... you can follow this instruction using the "Return" key
        - Hotkey "Backspace"
                - steps back when you used "Return" to follow a call
        - Source Viewer
                - double click on source line in Callstack view. A new Window will open and show the source code (if found)
                - right click in disassembler context menu opens source view also
        - Memory Pool
                - redericted malloc / new / delete / free to the memory pool
                - heap fragmentation reduction
                - increasing performance

The latest update :). If you have suggestions, bugs or anything else feel free to contact me! The more people test it, the faster I can fix bugs.

Greetz Zer0Flag

ahmadmansoor 02-28-2013 20:20

1 Attachment(s)
Hi Zer0Flag :
Did u try notepad !!! . it crash .
check the dumped files
Thanks for ur nice work .

Zer0Flag 03-01-2013 02:43

Thanks, it was a bug in the import parser. Is fixed and will be pushed with beta8 :)


Zer0Flag 03-14-2013 05:25


beta 8

  + fixed a crash in attaching to a process where we don´t have a file path
  + fixed a bug which ignored DbgBreakPoint on attaching
  + fixed a bug which caused double breaking in case we set a breakpoint while beeing on the entrypoint
  + fixed a crash in pe import reader
  + fixed a crash (see github issue #1)
  + fixed a bug in HexView which didn´t display data on x64 processes
  + fixed a possible crash when opening invalid non pe files
  + fixed a small bug in "Restart"
  + added display of current function in windowtitle
  + added support for drag and drop of files
  + added possibility to remove breakpoints with "F2" (needs to be a selected row in disassembler)
  + added "Step back to user code"


- "Step back to user code"
    - If you use this the debugger will continue the execution until you get to the first function
      which is located in the main module


ahmadmansoor 03-18-2013 22:01

3 Attachment(s)
pls check it

ahmadmansoor 03-26-2013 19:43

Hi Zer0Flag
see the attachment in this page

pls check F7 + F8 ,it not work in some steps

Zer0Flag 03-26-2013 20:44

Thanks for your effort! I will take a look at it and try to fix it in the next beta :)


Zer0Flag 04-01-2013 06:48


Version 0.1 beta 9

    fixed a bug in disassembler
    fixed a bug in wow64 StepIn
    fixed a crash when suspending a process and then StepIn
    fixed a bug which didn´t display all modules in callstack
    fixed a crash in loading imports of files without IAT
    fixed a crash in "Goto Offset" context menu
    small gui improvements
    added Single Step Tracer
    added memory dumper
    removed error message if you cancel the file selection


- Single Step Tracer
    - only a part is displayed in the window. Use mouse scroll to navigate (will be improved)
- MemoryDumper
    - RightClick in MemoryView or HeapView shows you the option to dump the selected segment.


iconstart 04-11-2013 13:20


Zer0Flag 04-23-2013 02:05


Version 0.1 beta 10

    fixed a bug which displayed a wrong function offset in callstack
    fixed a bug which didn´t break on module ep if "break on system ep" was selected
    fixed a bug which lead to a crash if a wow64 file has ordinal imports
    fixed a bug in the disassembly view which caused ungentle down scrolling
    fixed a bug in PEManager which double loaded debugged files
    fixed a bug which may lead to an error in disassembler
    fixed a crash on context menus if not debugging something
    improved HeapView
    added Message in DebugLog if breaking on MemoryBP
    added PEViewer
    added native check for Admin rights
    added warnings if API import fails
    added display of current PID/TID in mainwindow title
    added function view
    added and cleaned context menus


- I´m happy to announce "En0mis" as a new Developer in this project! :)
- function view
    - scans the memory of the loaded targets and scanns for functions.


Zer0Flag 05-10-2013 08:55


beta 11

    fixed a bug in options which didn´t save the correct settings
    fixed display of exceptions if no symbols have been found
    fixed a bug which made register editor not working in x64
    fixed a bug which displayed wrong modules in window view
    fixed a bug which didn´t display exceptions if a breakpoint was set on this offset
    fixed a bug in disassembler which may caused application crashes due to wrong memory protection
    fixed a possible crash in context menus
    fixed display of the offset in string view
    fixed unvalid breakpoint offsets caused by alsr
    improvements on AttachDlg
    added cleanup on debugge termination
    added process patching
    added more context menus to DetailView
    added display of mainthread in DetailView
    added F5 Hotkey to reload some views
    added possibility to save debug log to file
    added possibility to copy data to clipboard
    added possibility to break on new Processes, Threads or DLL loads
    added dockable widgets to the mainview
    added save of window sizes and positions on close


- You have now the possibility to patch the memory of a process. Currently it is not possible to save the
  changes to disk but this will be integrated also.
- Some context menus offer the possibility to copy the data from the table to the clipboard


cxj98 05-10-2013 09:58

disassemble shows blank at all the time, rest thing are fine. string search shows useless string, ie. "This program must be run under Win32", also can't detect unicode strings, most pity is when double click on any srings can't follow in disassemble immediately.

Zer0Flag 05-10-2013 17:37

What Version did you try - debug,release,win32,x64? Which target did you try to debug when the disassemble window stays empty?


cxj98 05-11-2013 09:44

debug english software are OK ,only debug Chinese software shows blank, assume language not compatible, how to reproduce this behaviour?

All times are GMT +8. The time now is 00:28.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2022, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX